Vh#(ddlmZmZmZeZdZdZddlZdZ ddl Z dZ dZ ddlZdZddlmZmZddlmZdd Zd Zd Zdd Zdd ZdZedk(reyy#e $rejZ dZ YTwxYw#e $rejZdZYiwxYw))absolute_importdivisionprint_functionaW module: seport short_description: Manages SELinux network port type definitions description: - Manages SELinux network port type definitions. extends_documentation_fragment: - community.general.attributes attributes: check_mode: support: full diff_mode: support: none options: ports: description: - Ports or port ranges. - Can be a list (since 2.6) or comma separated string. type: list elements: str required: true proto: description: - Protocol for the specified port. type: str required: true choices: [tcp, udp] setype: description: - SELinux type for the specified port. type: str required: true state: description: - Desired boolean value. type: str choices: [absent, present] default: present reload: description: - Reload SELinux policy after commit. type: bool default: true ignore_selinux_state: description: - Run independent of selinux runtime state. type: bool default: false local: description: - Work with local modifications only. type: bool default: false version_added: 5.6.0 notes: - The changes are persistent across reboots. - Not tested on any Debian based system. requirements: - libselinux-python - policycoreutils-python author: - Dan Keder (@dankeder) ac - name: Allow Apache to listen on tcp port 8888 community.general.seport: ports: 8888 proto: tcp setype: http_port_t state: present - name: Allow sshd to listen on tcp port 8991 community.general.seport: ports: 8991 proto: tcp setype: ssh_port_t state: present - name: Allow memcached to listen on tcp ports 10000-10100 and 10112 community.general.seport: ports: 10000-10100,10112 proto: tcp setype: memcache_port_t state: present - name: Allow memcached to listen on tcp ports 10000-10100 and 10112 community.general.seport: ports: - 10000-10100 - 10112 proto: tcp setype: memcache_port_t state: present - name: Remove tcp port 22 local modification if exists community.general.seport: ports: 22 protocol: tcp setype: ssh_port_t state: absent local: true NTF) AnsibleModulemissing_required_lib) to_nativec2|xstjS)N)selinuxis_selinux_enabled)ignore_selinux_states l/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/general/plugins/modules/seport.pyget_runtime_statusrs  ?7#=#=#??cD|j|}||f|vr|||fSgS)aX Get the list of ports that have the specified type definition. :param community.general.seport: Instance of seobject.portRecords :type setype: str :param setype: SELinux type. :type proto: str :param proto: Protocol ('tcp' or 'udp') :rtype: list :return: List of ports that have the specified SELinux type. ) locallist)get_all_by_type)seportsetypeprotolocalrecordss r semanage_port_get_portsrs7$$u$5G'!'' rc t|tr2|jdd}t|dk(r|j |n||f}t |dt |d|f}|j }|j|S)a} Get the SELinux type of the specified port. :param community.general.seport: Instance of seobject.portRecords :type port: str :param port: Port or port range (example: "8080", "8080-9090") :type proto: str :param proto: Protocol ('tcp' or 'udp') :rtype: tuple :return: Tuple containing the SELinux type and MLS/MCS level, or None if not found. -r) isinstancestrsplitlenextendintget_allget)rportrportskeyrs r semanage_port_get_typer'su$ 3" u:? LL t  uQx=#eAh- /CnnG ;;s rcd} tj|} | j|t| |||} |D]N} | | vrd}|jrt | | |} | | j | |||;| j| |||P |S#tttttf$rS} |j| jjdt!| dt#j$Yd} ~ |Sd} ~ wwxYw)a Add SELinux port type definition to the policy. :type module: AnsibleModule :param module: Ansible module :type ports: list :param ports: List of ports and port ranges to add (e.g. ["8080", "8080-9090"]) :type proto: str :param proto: Protocol ('tcp' or 'udp') :type setype: str :param setype: SELinux type :type do_reload: bool :param do_reload: Whether to reload SELinux policy after commit :type serange: str :param serange: SELinux MLS/MCS range (defaults to 's0') :type sestore: str :param sestore: SELinux store :rtype: bool :return: True if the policy was changed, otherwise False FTN:  msg exception)seobject portRecords set_reloadr check_moder'addmodify ValueErrorIOErrorKeyErrorOSError RuntimeError fail_json __class____name__r traceback format_exc)moduler%rr do_reloadserangesestorerchanger ports_by_typer$ port_typees r semanage_port_addrFs6Fr%%g.)$/uM  r%rrr?rArrBrrCr$rEs r semanage_port_delrIs0F r%%g.)$/uM  /D}$((MM$.  / M 7L Ar1;;+?+?1NZcZnZnZpqq Mrs$=A(A(A((CACCcftttddtdddtdddd g tdd tdd d d gtddtddd}ts |jt dt t s |jt dt|jd}t|s|jd|jd}|jd}|jd}|jd}|jd}|jd}||||d}|d k(rt|||||||d<n;|d k(rt|||||||d<n!|jd j||jd!i|y)"NboolF)typedefaultlistrT)rLelementsrequiredtcpudp)rLrPchoices)rLrPpresentabsent)rLrMrS)r r%rrstatereloadr) argument_specsupports_check_modezlibselinux-pythonr+zpolicycoreutils-pythonr z!SELinux is disabled on this host.)r,r%rrrVrWr)r%rrrV)rchangedz&Invalid value of argument "state": {0})rdict HAVE_SELINUXr9rSELINUX_IMP_ERR HAVE_SEOBJECTSEOBJECT_IMP_ERRparamsrrFrIformat exit_json) r>r r%rrrVr?rresults r mainres !%65!AFUTBED5%.IUT2E9x>STVT2FE2 ! F 12EFRab 12JKWgh!==)?@ 2 3@A MM' "E MM' "E ]]8 $F MM' "E h'I MM' "E F -feUFI]bcy ( -feUFI]bcyELLUSTFvr__main__)F)s0F)rhF) __future__rrrrL __metaclass__ DOCUMENTATIONEXAMPLESr<r^r r] ImportErrorr=r`r.r_ansible.module_utils.basicrr+ansible.module_utils.common.text.convertersrrrr'rFrIrer;r[rr rpsA@ = ~& PL M KA@*60f&R.b zFc*i**,OL+y++-Ms"AA6A32A36BB