Selinux Operations

Provides operations to set SELinux file contexts, booleans and port types.

Facts used in these operations: selinux.FileContext, selinux.FileContextMapping, selinux.SEBoolean, selinux.SEPort, selinux.SEPorts, server.Which.

selinux.boolean

Set the specified SELinux boolean to the desired state.

selinux.boolean(bool_name: str, value: Boolean, persistent=False, **kwargs)

boolean**: name of an SELinux boolean value**: desired state of the boolean persistent**: whether to write updated policy or not

: This operation requires root privileges.

ample:**

ode:: python

selinux.boolean(

name=’Allow Apache to connect to LDAP server’, ‘httpd_can_network_connect’, Boolean.ON, persistent=True

) Note:

This operation also inherits all global arguments.

selinux.file_context

Set the SELinux type for the specified path to the specified value.

selinux.file_context(path: str, se_type: str, **kwargs)

path**: the target path (expression) for the context se_type**: the SELinux type for the given target

ample:**

ode:: python

selinux.file_context(

name=’Allow /foo/bar to be served by the web server’, ‘/foo/bar’, ‘httpd_sys_content_t’

) Note:

This operation also inherits all global arguments.

selinux.file_context_mapping

Set the SELinux file context mapping for paths matching the target.

selinux.file_context_mapping(target: str, se_type: str | None=None, present=True, **kwargs)

target**: the target path (expression) for the context se_type**: the SELinux type for the given target present**: whether to add or remove the target -> context mapping

: file_context does not change the SELinux file context for existing files restorecon` may need to be run manually if the file contexts cannot be created re the related files.

ample:**

ode:: python

selinux.file_context_mapping(

name=’Allow Apache to serve content from the /web directory’, r’/web(/.*)?’, se_type=’httpd_sys_content_t’

) Note:

This operation also inherits all global arguments.

selinux.port

Set the SELinux type for the specified protocol and port.

selinux.port(protocol: Protocol | str, port_num: int, se_type: str | None=None, present=True, **kwargs)

protocol**: the protocol: (udp|tcp|sctp|dccp) port**: the port se_type**: the SELinux type for the given port present**: whether to add or remove the SELinux type for the port

: This operation requires root privileges.

ample:**

ode:: python

selinux.port(

name=’Allow Apache to provide service on port 2222’, Protocol.TCP, 2222, ‘http_port_t’,

) Note:

This operation also inherits all global arguments.