OP#561 add semanage

manifests/main/service.pp

@@ -6,6 +6,7 @@
 class confdroid_ssh::main::service (
 ) inherits confdroid_ssh::params {
   require confdroid_ssh::main::files
+  require confdroid_ssh::selinux::semanage
   if $ssh_use_firewall {
     require confdroid_ssh::firewall::iptables
   }

manifests/selinux/semanage.pp

@@ -0,0 +1,13 @@
+## confdroid_ssh::selinux::semanage.pp
+# Module name: confdroid_ssh
+# Author: 12ww1160 (12ww1160@confdroid.com)
+# @summary Class manages SELinux semanage settings
+##############################################################################
+class confdroid_ssh::selinux::semanage (
+) inherits confdroid_ssh::params {
+  exec { 'semanage_port_ssh':
+    command => "semanage port -a -t ssh_port_t -p tcp ${ssh_fw_port}",
+    unless  => "semanage port -l | grep '^ssh_port_t' | grep 'tcp' | grep '${ssh_fw_port}'",
+    path    => ['/usr/bin', '/usr/sbin'],
+  }
+}