Selinux port ensure => absent do not work with port_range #323
Comments
|
@myMarck are those port definitions local modifications using a previous Puppet manifest or in the system policy? The SELinux module can't remove system definitions, only local customizations. |
|
If you want to change the port definitions, you can add a definition that assigns the ports to some other SELinux type |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Affected Puppet, Ruby, OS and module versions/distributions
How to reproduce (e.g Puppet code you use)
This example is based on mongo
semanage port -l | grep mongo
mongod_port_t tcp 27017-27019, 28017-28019
selinux::port { 'mongo_port [27017,27019]':
ensure => 'absent',
seltype => 'mongod_port_t',
protocol => 'tcp',
port_range => [27017,27019],
}
What are you seeing
Nothing happens
What behaviour did you expect instead
semanage port -l | grep mongo
mongod_port_t tcp 28017-28019
Output log
This is from debug log
Debug: /Stage[main]/Selinux::Config/before: before to Selinux::Port[mongo_port [27017,27019]]
Debug: /Stage[main]/My_mongodb::Install/Selinux::Port[mongo_port [27017,27019]]/before: before to Anchor[selinux::module pre]
Any additional information you'd like to impart
The text was updated successfully, but these errors were encountered: