Selinux Operations¶
Provides operations to set SELinux file contexts, booleans and port types.
Facts used in these operations: selinux.FileContext, selinux.FileContextMapping, selinux.SEBoolean, selinux.SEPort, selinux.SEPorts, server.Which.
selinux.boolean
¶
Set the specified SELinux boolean to the desired state.
selinux.boolean(bool_name: str, value: Boolean, persistent=False, **kwargs)
boolean**: name of an SELinux boolean value**: desired state of the boolean persistent**: whether to write updated policy or not
: This operation requires root privileges.
ample:**
ode:: python
- selinux.boolean(
name=’Allow Apache to connect to LDAP server’, ‘httpd_can_network_connect’, Boolean.ON, persistent=True
) Note:
This operation also inherits all global arguments.
selinux.file_context
¶
Set the SELinux type for the specified path to the specified value.
selinux.file_context(path: str, se_type: str, **kwargs)
path**: the target path (expression) for the context se_type**: the SELinux type for the given target
ample:**
ode:: python
- selinux.file_context(
name=’Allow /foo/bar to be served by the web server’, ‘/foo/bar’, ‘httpd_sys_content_t’
) Note:
This operation also inherits all global arguments.
selinux.file_context_mapping
¶
Set the SELinux file context mapping for paths matching the target.
selinux.file_context_mapping(target: str, se_type: str | None=None, present=True, **kwargs)
target**: the target path (expression) for the context se_type**: the SELinux type for the given target present**: whether to add or remove the target -> context mapping
: file_context does not change the SELinux file context for existing files restorecon` may need to be run manually if the file contexts cannot be created re the related files.
ample:**
ode:: python
- selinux.file_context_mapping(
name=’Allow Apache to serve content from the /web directory’, r’/web(/.*)?’, se_type=’httpd_sys_content_t’
) Note:
This operation also inherits all global arguments.
selinux.port
¶
Set the SELinux type for the specified protocol and port.
selinux.port(protocol: Protocol | str, port_num: int, se_type: str | None=None, present=True, **kwargs)
protocol**: the protocol: (udp|tcp|sctp|dccp) port**: the port se_type**: the SELinux type for the given port present**: whether to add or remove the SELinux type for the port
: This operation requires root privileges.
ample:**
ode:: python
- selinux.port(
name=’Allow Apache to provide service on port 2222’, Protocol.TCP, 2222, ‘http_port_t’,
) Note:
This operation also inherits all global arguments.