mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
4c52fdb9d9
Using `local: true` users can enforce to work only with local policy
modifications. i.e.
# Without `local`, no new modification is added when port already exists
$ sudo ansible -m seport -a 'ports=22 state=present setype=ssh_port_t proto=tcp' localhost
localhost | SUCCESS => {
"changed": false,
"ports": [
"22"
],
"proto": "tcp",
"setype": "ssh_port_t",
"state": "present"
}
$ sudo semanage port -l -C
# With `local`, a port is always added/changed in local modification list
$ sudo ansible -m seport -a 'ports=22 state=present setype=ssh_port_t proto=tcp local=true' localhost
localhost | CHANGED => {
"changed": true,
"ports": [
"22"
],
"proto": "tcp",
"setype": "ssh_port_t",
"state": "present"
}
$ sudo semanage port -l -C
SELinux Port Type Proto Port Number
ssh_port_t tcp 22
# With `local`, seport removes the port only from local modifications
$ sudo ansible -m seport -a 'ports=22 state=absent setype=ssh_port_t proto=tcp local=true' localhost
localhost | CHANGED => {
"changed": true,
"ports": [
"22"
],
"proto": "tcp",
"setype": "ssh_port_t",
"state": "absent"
}
$ sudo semanage port -l -C
# Even though the port is still defined in system policy, the module
# result is success as there's no port local modification
$ sudo ansible -m seport -a 'ports=22 state=absent setype=ssh_port_t proto=tcp local=true' localhost
localhost | SUCCESS => {
"changed": false,
"ports": [
"22"
],
"proto": "tcp",
"setype": "ssh_port_t",
"state": "absent"
}
# But it fails without `local` as it tries to remove port defined in
# system policy
$ sudo ansible -m seport -a 'ports=22 state=absent setype=ssh_port_t proto=tcp' localhost
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: Port tcp/22 is defined in policy, cannot be deleted
localhost | FAILED! => {
"changed": false,
"msg": "ValueError: Port tcp/22 is defined in policy, cannot be deleted\n"
}
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||
|---|---|---|
| .. | ||
| aix_devices.py | ||
| aix_filesystem.py | ||
| aix_inittab.py | ||
| aix_lvg.py | ||
| aix_lvol.py | ||
| alternatives.py | ||
| awall.py | ||
| beadm.py | ||
| capabilities.py | ||
| cronvar.py | ||
| crypttab.py | ||
| dconf.py | ||
| dpkg_divert.py | ||
| facter.py | ||
| filesystem.py | ||
| gconftool2.py | ||
| gconftool2_info.py | ||
| homectl.py | ||
| interfaces_file.py | ||
| iptables_state.py | ||
| java_cert.py | ||
| java_keystore.py | ||
| kernel_blacklist.py | ||
| keyring.py | ||
| keyring_info.py | ||
| launchd.py | ||
| lbu.py | ||
| listen_ports_facts.py | ||
| locale_gen.py | ||
| lvg.py | ||
| lvol.py | ||
| make.py | ||
| mksysb.py | ||
| modprobe.py | ||
| nosh.py | ||
| ohai.py | ||
| open_iscsi.py | ||
| openwrt_init.py | ||
| osx_defaults.py | ||
| pam_limits.py | ||
| pamd.py | ||
| parted.py | ||
| pids.py | ||
| puppet.py | ||
| python_requirements_info.py | ||
| runit.py | ||
| sap_task_list_execute.py | ||
| sefcontext.py | ||
| selinux_permissive.py | ||
| selogin.py | ||
| seport.py | ||
| shutdown.py | ||
| solaris_zone.py | ||
| ssh_config.py | ||
| sudoers.py | ||
| svc.py | ||
| syspatch.py | ||
| sysrc.py | ||
| sysupgrade.py | ||
| timezone.py | ||
| ufw.py | ||
| vdo.py | ||
| xfconf.py | ||
| xfconf_info.py | ||
| xfs_quota.py | ||