community.general.seport module – Manages SELinux network port type definitions

Note

This module is part of the community.general collection (version 9.5.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: community.general.seport.

Synopsis
Requirements
Parameters
Attributes
Notes
Examples

Synopsis

Manages SELinux network port type definitions.

Requirements

The below requirements are needed on the host that executes this module.

libselinux-python
policycoreutils-python

Parameters

Parameter	Comments
ignore_selinux_state boolean	Run independent of selinux runtime state Choices: `false` ← (default) `true`
local boolean added in community.general 5.6.0	Work with local modifications only. Choices: `false` ← (default) `true`
ports list / elements=string / required	Ports or port ranges. Can be a list (since 2.6) or comma separated string.
proto string / required	Protocol for the specified port. Choices: `"tcp"` `"udp"`
reload boolean	Reload SELinux policy after commit. Choices: `false` `true` ← (default)
setype string / required	SELinux type for the specified port.
state string	Desired boolean value. Choices: `"absent"` `"present"` ← (default)

Attributes

Attribute	Support	Description
check_mode	Support: full	Can run in `check_mode` and return changed status prediction without modifying target.
diff_mode	Support: none	Will return details on what has changed (or possibly needs changing in `check_mode`), when in diff mode.

Notes

Note

The changes are persistent across reboots.
Not tested on any debian based system.

Examples

- name: Allow Apache to listen on tcp port 8888
  community.general.seport:
    ports: 8888
    proto: tcp
    setype: http_port_t
    state: present

- name: Allow sshd to listen on tcp port 8991
  community.general.seport:
    ports: 8991
    proto: tcp
    setype: ssh_port_t
    state: present

- name: Allow memcached to listen on tcp ports 10000-10100 and 10112
  community.general.seport:
    ports: 10000-10100,10112
    proto: tcp
    setype: memcache_port_t
    state: present

- name: Allow memcached to listen on tcp ports 10000-10100 and 10112
  community.general.seport:
    ports:
      - 10000-10100
      - 10112
    proto: tcp
    setype: memcache_port_t
    state: present

- name: Remove tcp port 22 local modification if exists
  community.general.seport:
    ports: 22
    protocol: tcp
    setype: ssh_port_t
    state: absent
    local: true

Authors

Dan Keder (@dankeder)

Collection links

© 2012–2018 Michael DeHaan
© 2018–2024 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/seport_module.html