Add new param "ignore_selinux_state" to seport, sefcontext, seboolean (#48945)

lib/ansible/modules/system/seport.py

@@ -42,6 +42,12 @@ options:
       - Reload SELinux policy after commit.
     type: bool
     default: 'yes'
+  ignore_selinux_state:
+    description:
+    - Run independent of selinux runtime state
+    type: bool
+    default: false
+    version_added: '2.8'
 notes:
    - The changes are persistent across reboots.
    - Not tested on any debian based system.
@@ -102,6 +108,10 @@ from ansible.module_utils.basic import AnsibleModule, HAVE_SELINUX
 from ansible.module_utils._text import to_native
 
 
+def get_runtime_status(ignore_selinux_state=False):
+    return True if ignore_selinux_state is True else selinux.is_selinux_enabled()
+
+
 def semanage_port_get_ports(seport, setype, proto):
     """ Get the list of ports that have the specified type definition.
 
@@ -240,6 +250,7 @@ def semanage_port_del(module, ports, proto, setype, do_reload, sestore=''):
 def main():
     module = AnsibleModule(
         argument_spec=dict(
+            ignore_selinux_state=dict(type='bool', default=False),
             ports=dict(type='list', required=True),
             proto=dict(type='str', required=True, choices=['tcp', 'udp']),
             setype=dict(type='str', required=True),
@@ -255,7 +266,9 @@ def main():
     if not HAVE_SEOBJECT:
         module.fail_json(msg="This module requires policycoreutils-python")
 
-    if not selinux.is_selinux_enabled():
+    ignore_selinux_state = module.params['ignore_selinux_state']
+
+    if not get_runtime_status(ignore_selinux_state):
         module.fail_json(msg="SELinux is disabled on this host.")
 
     ports = module.params['ports']