Defined Type: selinux::port
- Defined in:
- manifests/port.pp
Summary
Manage a SELinux local network port context settingOverview
This method will manage a local network port context setting, and will persist it across reboots.
20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
# File 'manifests/port.pp', line 20
define selinux::port (
String $seltype,
Enum['tcp', 'udp'] $protocol,
Optional[Integer[1,65535]] $port = undef,
Optional[Tuple[Integer[1,65535], 2, 2]] $port_range = undef,
Enum['present', 'absent'] $ensure = 'present',
) {
include selinux
if $ensure == 'present' {
Anchor['selinux::module post']
-> Selinux::Port[$title]
-> Anchor['selinux::end']
} elsif $ensure == 'absent' {
Class['selinux::config']
-> Selinux::Port[$title]
-> Anchor['selinux::module pre']
} else {
fail('Unexpected $ensure value')
}
if ($port == undef and $port_range == undef) {
fail("You must define either 'port' or 'port_range'")
}
if ($port != undef and $port_range != undef) {
fail("You can't define both 'port' and 'port_range'")
}
$range = $port_range ? {
undef => [$port, $port],
default => $port_range,
}
# this can only happen if port_range is used
if $range[0] > $range[1] {
fail("Malformed port range: ${port_range}")
}
# Do nothing unless SELinux is enabled
if $facts['os']['selinux']['enabled'] {
selinux_port { "${protocol}_${range[0]}-${range[1]}":
ensure => $ensure,
low_port => $range[0],
high_port => $range[1],
seltype => $seltype,
protocol => $protocol,
}
}
}
|