semanage (8) - Linux Manuals
semanage: SELinux Policy Management tool
NAME
semanage - SELinux Policy Management toolSYNOPSIS
semanage {import,export,login,user,port,interface,module,node,fcontext,boolean,permissive,dontaudit}import Import local customizations
export Output local customizations
login Manage login mappings between linux users and SELinux confined users
user Manage SELinux confined users (Roles and levels for an SELinux user)
port Manage network port type definitions
interface Manage network interface type definitions
module Manage SELinux policy modules
node Manage network node type definitions
fcontext Manage file context mapping definitions
boolean Manage booleans to selectively enable functionality
permissive Manage process type enforcement mode
dontaudit Disable/Enable dontaudit rules in policy
DESCRIPTION
semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. This includes the mapping from Linux usernames to SELinux user identities (which controls the initial security context assigned to Linux users when they login and bounds their authorized role set) as well as security context mappings for various kinds of objects, such as network ports, interfaces, and nodes (hosts) as well as the file context mapping. Note that the semanage login command deals with the mapping from Linux usernames (logins) to SELinux user identities, while the semanage user command deals with the mapping from SELinux user identities to authorized role sets. In most cases, only the former mapping needs to be adjusted by the administrator; the latter is principally defined by the base policy and usually does not require modification.OPTIONS
- -h, --help
-
List help information
AUTHOR
This man page was written by Daniel Walsh <dwalsh [at] redhat.com>and Russell Coker <rcoker [at] redhat.com>.
Examples by Thomas Bleher <ThomasBleher [at] gmx.de>. usage: semanage [-h]