From 5fa264e63e86c44eac038355233caab5f6dcc08f Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 18 Sep 2025 16:29:17 -0700
Subject: [PATCH] anubis: allow httpd to bind to port 8345

Tell selinux that httpd can use port 8345 in enforcing mode.
It needs to do this to listen for post anubis requests coming in on
localhost.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/anubis/tasks/main.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/roles/anubis/tasks/main.yml b/roles/anubis/tasks/main.yml
index dcc162e385..c25c50f212 100644
--- a/roles/anubis/tasks/main.yml
+++ b/roles/anubis/tasks/main.yml
@@ -33,6 +33,20 @@
   tags:
     - anubis
 
+- name: Check semanage ports
+  ansible.builtin.command: semanage port -l
+  register: semanageoutput
+  check_mode: no
+  changed_when: "1 != 1"
+  tags:
+  - anubis
+
+- name: Set ports so httpd can bind to 8345
+  ansible.builtin.command: semanage port -a -t http_port_t -p tcp 8345
+  when: semanageoutput.stdout.find("8345") == -1
+  tags:
+  - anubis
+
 - name: Allow Apache to make network connections for proxy
   ansible.posix.seboolean:
     name: httpd_can_network_connect