1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/changelogs/fragments/5203-seport-add-local-argument.yaml

3 lines
126 B
YAML
Raw Normal View History

seport: add `local` argument (#5203) (#5218) Using `local: true` users can enforce to work only with local policy modifications. i.e. # Without `local`, no new modification is added when port already exists $ sudo ansible -m seport -a 'ports=22 state=present setype=ssh_port_t proto=tcp' localhost localhost | SUCCESS => { "changed": false, "ports": [ "22" ], "proto": "tcp", "setype": "ssh_port_t", "state": "present" } $ sudo semanage port -l -C # With `local`, a port is always added/changed in local modification list $ sudo ansible -m seport -a 'ports=22 state=present setype=ssh_port_t proto=tcp local=true' localhost localhost | CHANGED => { "changed": true, "ports": [ "22" ], "proto": "tcp", "setype": "ssh_port_t", "state": "present" } $ sudo semanage port -l -C SELinux Port Type Proto Port Number ssh_port_t tcp 22 # With `local`, seport removes the port only from local modifications $ sudo ansible -m seport -a 'ports=22 state=absent setype=ssh_port_t proto=tcp local=true' localhost localhost | CHANGED => { "changed": true, "ports": [ "22" ], "proto": "tcp", "setype": "ssh_port_t", "state": "absent" } $ sudo semanage port -l -C # Even though the port is still defined in system policy, the module # result is success as there's no port local modification $ sudo ansible -m seport -a 'ports=22 state=absent setype=ssh_port_t proto=tcp local=true' localhost localhost | SUCCESS => { "changed": false, "ports": [ "22" ], "proto": "tcp", "setype": "ssh_port_t", "state": "absent" } # But it fails without `local` as it tries to remove port defined in # system policy $ sudo ansible -m seport -a 'ports=22 state=absent setype=ssh_port_t proto=tcp' localhost An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: Port tcp/22 is defined in policy, cannot be deleted localhost | FAILED! => { "changed": false, "msg": "ValueError: Port tcp/22 is defined in policy, cannot be deleted\n" } Signed-off-by: Petr Lautrbach <plautrba@redhat.com> Signed-off-by: Petr Lautrbach <plautrba@redhat.com> (cherry picked from commit 4c52fdb9d91bc4b6293fcf6273d38f24e3b886aa) Co-authored-by: Petr Lautrbach <plautrba@redhat.com>
2022-09-03 11:58:47 +02:00
minor_changes:
- seport - added new argument ``local`` (https://github.com/ansible-collections/community.general/pull/5203)