added configurability of port definitions

FlatKey · May 6, 2016 · 50cf5bc · 50cf5bc
1 parent bd9879f
commit 50cf5bc
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -7,6 +7,7 @@ Config options:
 * policy
 * state
 * booleans
+* ports
 
 Requirements
 ------------
@@ -37,6 +38,18 @@ The following variables are used to toggle SELinux booleans:
         persistent: (optional, only values: yes|no, default: yes)
 ```
 
+---
+
+The following variables are used to configure SELinux ports: 
+
+```
+    selinux_ports: 
+      name_of_selinux_type:
+        ports: (required, port or port range)
+        protocol: (optional, only values: tcp|udp default: tcp)
+        state: (optional, only values: present|absent, default: present)
+```
+
 Example Playbook
 ----------------
 
@@ -57,6 +70,15 @@ Example Playbook
           httpd_can_sendmail:
             state: yes
             persistent: yes
+        selinux_ports:
+          ssh_port_t:
+            ports: 2222
+            protocol: tcp
+            state: present
+          http_port_t:
+            ports: 9000-9004
+            protocol: tcp
+            state: present
 ```
 
 License

diff --git a/meta/main.yml b/meta/main.yml
@@ -1,7 +1,7 @@
 ---
 galaxy_info:
   author: FlatKey
-  description: Advanced Base role to configure SELinux through variables. You can configure SELinux policy, state and booleans.
+  description: Advanced Base role to configure SELinux through variables. You can configure SELinux policy, state, booleans and ports.
   license: MIT
   min_ansible_version: 2.0
   platforms:

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -2,9 +2,16 @@
 - name: ensure libselinux-python is installed
   yum: name=libselinux-python state=present
 
+- name: ensure policycoreutils-python is installed
+  yum: name=policycoreutils-python state=present
+
 - name: configure selinux policy and state
   selinux: conf={{selinux_config|default('/etc/selinux/config')}} policy={{selinux_policy|default('targeted')}} state={{selinux_state|default('enforcing')}}
 
 - name: toggle selinux booleans
   seboolean: name={{item.key}} state={{item.value.state|default('yes')}} persistent={{item.value.persistent|default('yes')}}
   with_dict: "{{selinux_boolean|default({})}}"
+
+- name: configure selinux network port definition
+  seport: setype={{item.key}} ports={{item.value.ports}} proto={{item.value.protocol|default('tcp')}} state={{item.value.state|default('present')}}
+  with_dict: "{{selinux_ports|default({})}}"