This commit is contained in:
parent
a4427d55c3
commit
2bfbfbb3ff
1 changed files with 51 additions and 18 deletions
|
@ -83,9 +83,30 @@ except ImportError:
|
||||||
from ansible.module_utils.basic import *
|
from ansible.module_utils.basic import *
|
||||||
from ansible.module_utils.pycompat24 import get_exception
|
from ansible.module_utils.pycompat24 import get_exception
|
||||||
|
|
||||||
def semanage_port_exists(seport, port, proto):
|
|
||||||
""" Get the SELinux port type definition from policy. Return None if it does
|
def semanage_port_get_ports(seport, setype, proto):
|
||||||
not exist.
|
""" Get the list of ports that have the specified type definition.
|
||||||
|
|
||||||
|
:param seport: Instance of seobject.portRecords
|
||||||
|
|
||||||
|
:type setype: str
|
||||||
|
:param setype: SELinux type.
|
||||||
|
|
||||||
|
:type proto: str
|
||||||
|
:param proto: Protocol ('tcp' or 'udp')
|
||||||
|
|
||||||
|
:rtype: list
|
||||||
|
:return: List of ports that have the specified SELinux type.
|
||||||
|
"""
|
||||||
|
records = seport.get_all_by_type()
|
||||||
|
if (setype, proto) in records:
|
||||||
|
return records[(setype, proto)]
|
||||||
|
else:
|
||||||
|
return []
|
||||||
|
|
||||||
|
|
||||||
|
def semanage_port_get_type(seport, port, proto):
|
||||||
|
""" Get the SELinux type of the specified port.
|
||||||
|
|
||||||
:param seport: Instance of seobject.portRecords
|
:param seport: Instance of seobject.portRecords
|
||||||
|
|
||||||
|
@ -95,15 +116,19 @@ def semanage_port_exists(seport, port, proto):
|
||||||
:type proto: str
|
:type proto: str
|
||||||
:param proto: Protocol ('tcp' or 'udp')
|
:param proto: Protocol ('tcp' or 'udp')
|
||||||
|
|
||||||
:rtype: bool
|
:rtype: tuple
|
||||||
:return: True if the SELinux port type definition exists, False otherwise
|
:return: Tuple containing the SELinux type and MLS/MCS level, or None if not found.
|
||||||
"""
|
"""
|
||||||
ports = port.split('-', 1)
|
ports = port.split('-', 1)
|
||||||
if len(ports) == 1:
|
if len(ports) == 1:
|
||||||
ports.extend(ports)
|
ports.extend(ports)
|
||||||
ports = map(int, ports)
|
key = (int(ports[0]), int(ports[1]), proto)
|
||||||
record = (ports[0], ports[1], proto)
|
|
||||||
return record in seport.get_all()
|
records = seport.get_all()
|
||||||
|
if key in records:
|
||||||
|
return records[key]
|
||||||
|
else:
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
def semanage_port_add(module, ports, proto, setype, do_reload, serange='s0', sestore=''):
|
def semanage_port_add(module, ports, proto, setype, do_reload, serange='s0', sestore=''):
|
||||||
|
@ -137,11 +162,15 @@ def semanage_port_add(module, ports, proto, setype, do_reload, serange='s0', ses
|
||||||
seport = seobject.portRecords(sestore)
|
seport = seobject.portRecords(sestore)
|
||||||
seport.set_reload(do_reload)
|
seport.set_reload(do_reload)
|
||||||
change = False
|
change = False
|
||||||
|
ports_by_type = semanage_port_get_ports(seport, setype, proto)
|
||||||
for port in ports:
|
for port in ports:
|
||||||
exists = semanage_port_exists(seport, port, proto)
|
if port not in ports_by_type:
|
||||||
if not exists and not module.check_mode:
|
change = True
|
||||||
seport.add(port, proto, serange, setype)
|
port_type = semanage_port_get_type(seport, port, proto)
|
||||||
change = change or not exists
|
if port_type is None and not module.check_mode:
|
||||||
|
seport.add(port, proto, serange, setype)
|
||||||
|
elif port_type is not None and not module.check_mode:
|
||||||
|
seport.modify(port, proto, serange, setype)
|
||||||
|
|
||||||
except ValueError:
|
except ValueError:
|
||||||
e = get_exception()
|
e = get_exception()
|
||||||
|
@ -162,7 +191,7 @@ def semanage_port_add(module, ports, proto, setype, do_reload, serange='s0', ses
|
||||||
return change
|
return change
|
||||||
|
|
||||||
|
|
||||||
def semanage_port_del(module, ports, proto, do_reload, sestore=''):
|
def semanage_port_del(module, ports, proto, setype, do_reload, sestore=''):
|
||||||
""" Delete SELinux port type definition from the policy.
|
""" Delete SELinux port type definition from the policy.
|
||||||
|
|
||||||
:type module: AnsibleModule
|
:type module: AnsibleModule
|
||||||
|
@ -174,6 +203,9 @@ def semanage_port_del(module, ports, proto, do_reload, sestore=''):
|
||||||
:type proto: str
|
:type proto: str
|
||||||
:param proto: Protocol ('tcp' or 'udp')
|
:param proto: Protocol ('tcp' or 'udp')
|
||||||
|
|
||||||
|
:type setype: str
|
||||||
|
:param setype: SELinux type.
|
||||||
|
|
||||||
:type do_reload: bool
|
:type do_reload: bool
|
||||||
:param do_reload: Whether to reload SELinux policy after commit
|
:param do_reload: Whether to reload SELinux policy after commit
|
||||||
|
|
||||||
|
@ -187,11 +219,12 @@ def semanage_port_del(module, ports, proto, do_reload, sestore=''):
|
||||||
seport = seobject.portRecords(sestore)
|
seport = seobject.portRecords(sestore)
|
||||||
seport.set_reload(do_reload)
|
seport.set_reload(do_reload)
|
||||||
change = False
|
change = False
|
||||||
|
ports_by_type = semanage_port_get_ports(seport, setype, proto)
|
||||||
for port in ports:
|
for port in ports:
|
||||||
exists = semanage_port_exists(seport, port, proto)
|
if port in ports_by_type:
|
||||||
if not exists and not module.check_mode:
|
change = True
|
||||||
seport.delete(port, proto)
|
if not module.check_mode:
|
||||||
change = change or not exists
|
seport.delete(port, proto)
|
||||||
|
|
||||||
except ValueError:
|
except ValueError:
|
||||||
e = get_exception()
|
e = get_exception()
|
||||||
|
@ -262,7 +295,7 @@ def main():
|
||||||
if state == 'present':
|
if state == 'present':
|
||||||
result['changed'] = semanage_port_add(module, ports, proto, setype, do_reload)
|
result['changed'] = semanage_port_add(module, ports, proto, setype, do_reload)
|
||||||
elif state == 'absent':
|
elif state == 'absent':
|
||||||
result['changed'] = semanage_port_del(module, ports, proto, do_reload)
|
result['changed'] = semanage_port_del(module, ports, proto, setype, do_reload)
|
||||||
else:
|
else:
|
||||||
module.fail_json(msg='Invalid value of argument "state": {0}'.format(state))
|
module.fail_json(msg='Invalid value of argument "state": {0}'.format(state))
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue