Closed
Description
Description of Issue
The selinux.port_policy_present state does not modify SELinux Manage Policy if needed, only adds (or deletes using when using selinux.port_policy_absent) the selinux port.
Setup
Two example states for selinux.port_policy_present:
'Add Port 8000 To SELinux Port Policy':
selinux.port_policy_present:
- name: example1
- protocol: tcp
- port: 8000
- sel_type: http_port_t
'Add Port 8007 To SELinux Port Policy':
selinux.port_policy_present:
- name: example2
- protocol: tcp
- port: 8007
- sel_type: http_port_t
Steps to Reproduce Issue
Applying the states results in:
ID: Add Port 8000 To SELinux Port Policy
Function: selinux.port_policy_present
Name: example1
Result: False
Comment: Error adding new policy: {u'pid': 36419, u'retcode': 1, u'stderr': u'ValueError: Port tcp/8000 already defined', u'stdout': u''}
Started: 14:31:03.330186
Duration: 522.656 ms
Changes:
ID: Add Port 8000 To SELinux Port Policy
Function: selinux.port_policy_present
Name: example2
Result: True
Comment:
Started: 14:31:38.357825
Duration: 2997.401 ms
Changes:
----------
new:
----------
port:
8007, 80, 81, 443, 488, 8008, 8009, 8443, 9000
protocol:
tcp
sel_type:
http_port_t
old:
None
Inspecting the system prior to applying the highstate:
# semanage port -l | grep 8000
soundd_port_t tcp 8000, 9433, 16001
# semanage port -l | grep 8007
<no output>
Running the system commands by hand:
# semanage port --add --proto tcp 8000 -t http_port_t
ValueError: Port tcp/8000 already defined
# semanage port --modify --proto tcp 8000 -t http_port_t
# semanage port -l | grep http_port_t
http_port_t tcp 8000, 80, 81, 443, 488, 8008, 8009, 8443, 9000
After running the semanage port command by hand with the --modify option, then the highstate for port 8000 is true.
Versions Report
Master:
Salt Version:
Salt: 2019.2.2
Dependency Versions:
cffi: Not Installed
cherrypy: Not Installed
dateutil: 1.5
docker-py: Not Installed
gitdb: Not Installed
gitpython: Not Installed
ioflo: Not Installed
Jinja2: 2.7.2
libgit2: Not Installed
libnacl: Not Installed
M2Crypto: 0.31.0
Mako: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.5.6
mysql-python: Not Installed
pycparser: Not Installed
pycrypto: 2.6.1
pycryptodome: Not Installed
pygit2: Not Installed
Python: 2.7.5 (default, Jun 11 2019, 14:33:56)
python-gnupg: Not Installed
PyYAML: 3.11
PyZMQ: 15.3.0
RAET: Not Installed
smmap: Not Installed
timelib: Not Installed
Tornado: 4.2.1
ZMQ: 4.1.4
System Versions:
dist: redhat 7.7 Maipo
locale: UTF-8
machine: x86_64
release: 3.10.0-1062.el7.x86_64
system: Linux
version: Red Hat Enterprise Linux Server 7.7 Maipo
Minion:
Salt Version:
Salt: 2019.2.2
Dependency Versions:
cffi: Not Installed
cherrypy: Not Installed
dateutil: 1.5
docker-py: Not Installed
gitdb: Not Installed
gitpython: Not Installed
ioflo: Not Installed
Jinja2: 2.7.2
libgit2: Not Installed
libnacl: Not Installed
M2Crypto: 0.31.0
Mako: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.5.6
mysql-python: Not Installed
pycparser: Not Installed
pycrypto: 2.6.1
pycryptodome: Not Installed
pygit2: Not Installed
Python: 2.7.5 (default, Sep 12 2018, 05:31:16)
python-gnupg: Not Installed
PyYAML: 3.11
PyZMQ: 15.3.0
RAET: Not Installed
smmap: Not Installed
timelib: Not Installed
Tornado: 4.2.1
ZMQ: 4.1.4
System Versions:
dist: redhat 7.6 Maipo
locale: UTF-8
machine: x86_64
release: 3.10.0-957.el7.x86_64
system: Linux
version: Red Hat Enterprise Linux Server 7.6 Maipo
(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)