community.general.seport – Manages SELinux network port type definitions

Note

This plugin is part of the community.general collection (version 2.5.1).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.seport.

Synopsis

  • Manages SELinux network port type definitions.

Requirements

The below requirements are needed on the host that executes this module.

  • libselinux-python

  • policycoreutils-python

Parameters

Parameter Choices/Defaults Comments
ignore_selinux_state
boolean
    Choices:
  • no ←
  • yes
Run independent of selinux runtime state
ports
list / elements=string / required
Ports or port ranges.
Can be a list (since 2.6) or comma separated string.
proto
string / required
    Choices:
  • tcp
  • udp
Protocol for the specified port.
reload
boolean
    Choices:
  • no
  • yes ←
Reload SELinux policy after commit.
setype
string / required
SELinux type for the specified port.
state
string
    Choices:
  • absent
  • present ←
Desired boolean value.

Notes

Note

  • The changes are persistent across reboots.

  • Not tested on any debian based system.

Examples

- name: Allow Apache to listen on tcp port 8888
  community.general.seport:
    ports: 8888
    proto: tcp
    setype: http_port_t
    state: present

- name: Allow sshd to listen on tcp port 8991
  community.general.seport:
    ports: 8991
    proto: tcp
    setype: ssh_port_t
    state: present

- name: Allow memcached to listen on tcp ports 10000-10100 and 10112
  community.general.seport:
    ports: 10000-10100,10112
    proto: tcp
    setype: memcache_port_t
    state: present

- name: Allow memcached to listen on tcp ports 10000-10100 and 10112
  community.general.seport:
    ports:
      - 10000-10100
      - 10112
    proto: tcp
    setype: memcache_port_t
    state: present

Authors

  • Dan Keder (@dankeder)