fix(system/sshd): notify SELinux about the port change

Signed-off-by: Matej Focko <me@mfocko.xyz>
2024-07-10 15:00:56 +02:00 · 2024-07-10 15:00:56 +02:00 · 3e261ce668
commit 3e261ce668
parent 2c9fc903f4
1 changed files with 8 additions and 0 deletions
--- a/roles/system/sshd/tasks/main.yml
+++ b/roles/system/sshd/tasks/main.yml
@ -27,6 +27,14 @@
    group: root
  notify: "Restart SSH server"

+- name: Notify SELinux about new port
+  community.general.seport:
+    ports: "{{ system_sshd_port }}"
+    proto: "tcp"
+    setype: "ssh_port_t"
+    state: "present"
+  when: ansible_facts.selinux.status == 'enabled'
+
 - name: Set trusted CA
  ansible.builtin.include_tasks: trusted_ca.yml
  when: system_sshd_auth_trusted_ca