community.general.seport – Manages SELinux network port type definitions

Note

This plugin is part of the community.general collection (version 3.8.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.seport.

Synopsis

  • Manages SELinux network port type definitions.

Requirements

The below requirements are needed on the host that executes this module.

  • libselinux-python
  • policycoreutils-python

Parameters

Parameter Choices/Defaults Comments
ignore_selinux_state
boolean
    Choices:
  • no
  • yes
Run independent of selinux runtime state
ports
list / elements=string / required
Ports or port ranges.
Can be a list (since 2.6) or comma separated string.
proto
string / required
    Choices:
  • tcp
  • udp
Protocol for the specified port.
reload
boolean
    Choices:
  • no
  • yes
Reload SELinux policy after commit.
setype
string / required
SELinux type for the specified port.
state
string
    Choices:
  • absent
  • present
Desired boolean value.

Notes

Note

  • The changes are persistent across reboots.
  • Not tested on any debian based system.

Examples

- name: Allow Apache to listen on tcp port 8888
  community.general.seport:
    ports: 8888
    proto: tcp
    setype: http_port_t
    state: present

- name: Allow sshd to listen on tcp port 8991
  community.general.seport:
    ports: 8991
    proto: tcp
    setype: ssh_port_t
    state: present

- name: Allow memcached to listen on tcp ports 10000-10100 and 10112
  community.general.seport:
    ports: 10000-10100,10112
    proto: tcp
    setype: memcache_port_t
    state: present

- name: Allow memcached to listen on tcp ports 10000-10100 and 10112
  community.general.seport:
    ports:
      - 10000-10100
      - 10112
    proto: tcp
    setype: memcache_port_t
    state: present

Authors

  • Dan Keder (@dankeder)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/seport_module.html