class firewalld::lockdown_whitelist

Class: firewalld::lockdown_whitelist¶ ↑

Defines a lockdown whitelist, which contains selinux contexts, commands, users and user ids that are white-listed when firewalld lockdown feature is enabled. See class firewalld::configuration and firewalld.lockdown-whitelist (5) man page. Also fedoraproject.org/wiki/Features/FirewalldLockdown Result is a /etc/firewalld/lockdown-whitelist.xml file.

Parameters¶ ↑

selinux_contexts

list of strings - security (SELinux) contexts of a running application or service.

commands

list of commands. Command is a string - complete command line including path and also attributes.

users

list of users

users => [{
        username => string, mandatory to specify either username or userid
        userid   => string, mandatory to specify either username or userid
        },...]

Examples¶ ↑

class {'firewalld::lockdown_whitelist':
      selinux_contexts  => ['system_u:system_r:NetworkManager_t:s0',
                          'system_u:system_r:virtd_t:s0-s0:c0.c1023'],
      commands          => ['/usr/bin/python -Es /usr/bin/firewall-config'],
      users             => [{username => 'me'},],}