Provides operations to set SELinux file contexts, booleans and port types.
Functions
selinux.boolean
Set the specified SELinux boolean to the desired state.
selinux.boolean(
bool_name,
value,
persistent=False,
)
This operation requires root privileges.
selinux.file_context
Set the SELinux type for the specified path to the specified value.
selinux.file_context(
path,
se_type,
)
selinux.file_context_mapping
Set the SELinux file context mapping for paths matching the target.
selinux.file_context_mapping(
target,
se_type=None,
present=True,
)
file_context_mapping does not change the SELinux file context for existing files so restorecon may need to be run manually if the file contexts cannot be created before the related files.
selinux.port
Set the SELinux type for the specified protocol and port.
selinux.port(
protocol,
port_num,
se_type=None,
present=True,
)
This operation requires root privileges.
Examples
from pyinfra.operations import selinux
from pyinfra.operations.selinux import Boolean, Protocol
# Allow Apache to connect to LDAP server
selinux.boolean(
name="Allow Apache to connect to LDAP server",
bool_name="httpd_can_network_connect",
value=Boolean.ON,
persistent=True,
)
# Allow /foo/bar to be served by the web server
selinux.file_context(
name="Allow /foo/bar to be served by the web server",
path="/foo/bar",
se_type="httpd_sys_content_t",
)
# Allow Apache to serve content from the /web directory
selinux.file_context_mapping(
name="Allow Apache to serve content from the /web directory",
target=r"/web(/.*)?",
se_type="httpd_sys_content_t",
)
# Allow Apache to provide service on port 2222
selinux.port(
name="Allow Apache to provide service on port 2222",
protocol=Protocol.TCP,
port_num=2222,
se_type="http_port_t",
)
