semanage(8) - SELinux Policy Management tool
-
semanage(8) semanage(8) NAME semanage - SELinux Policy Management tool SYNOPSIS semanage {import,export,login,user,port,interface,module,node,fcon‐ text,boolean,permissive,dontaudit} ... positional arguments: import Import local customizations export Output local customizations login Manage login mappings between linux users and SELinux confined users user Manage SELinux confined users (Roles and levels for an SELinux user) port Manage network port type definitions interface Manage network interface type definitions module Manage SELinux policy modules node Manage network node type definitions fcontext Manage file context mapping definitions boolean Manage booleans to selectively enable functionality permissive Manage process type enforcement mode dontaudit Disable/Enable dontaudit rules in policy DESCRIPTION semanage is used to configure certain elements of SELinux policy with‐ out requiring modification to or recompilation from policy sources. This includes the mapping from Linux usernames to SELinux user identi‐ ties (which controls the initial security context assigned to Linux users when they login and bounds their authorized role set) as well as security context mappings for various kinds of objects, such as network ports, interfaces, and nodes (hosts) as well as the file context map‐ ping. Note that the semanage login command deals with the mapping from Linux usernames (logins) to SELinux user identities, while the semanage user command deals with the mapping from SELinux user identities to authorized role sets. In most cases, only the former mapping needs to be adjusted by the administrator; the latter is principally defined by the base policy and usually does not require modification. OPTIONS -h, --help List help information SEE ALSO selinux (8), semanage-boolean (8), semanage-dontaudit (8), semanage- export (8), semanage-fcontext (8), semanage-import (8), semanage-inter‐ face (8), semanage-login (8), semanage-module (8), semanage-node (8), semanage-permissive (8), semanage-port (8), semanage-user (8) AUTHOR This man page was written by Daniel Walsh <[email protected]> and Russell Coker <[email protected]>. Examples by Thomas Bleher <[email protected]>. usage: semanage [-h] 20100223 semanage(8)
-
$ semanage -h usage: semanage [-h] {import,export,login,user,port,interface,module,node,fcontext,boolean,permissive,dontaudit} ... semanage is used to configure certain elements of SELinux policy with-out requiring modification to or recompilation from policy source. positional arguments: {import,export,login,user,port,interface,module,node,fcontext,boolean,permissive,dontaudit} import Import local customizations export Output local customizations login Manage login mappings between linux users and SELinux confined users user Manage SELinux confined users (Roles and levels for an SELinux user) port Manage network port type definitions interface Manage network interface type definitions module Manage SELinux policy modules node Manage network node type definitions fcontext Manage file context mapping definitions boolean Manage booleans to selectively enable functionality permissive Manage process type enforcement mode dontaudit Disable/Enable dontaudit rules in policy optional arguments: -h, --help show this help message and exit
-
Help on individual commands:
$ semanage login -h usage: semanage login [-h] [-n] [-N] [-S STORE] [ --add -s SEUSER -r RANGE LOGIN | --delete LOGIN | --deleteall | --extract | --list -C | --modify -s SEUSER -r RANGE LOGIN ] positional arguments: login login_name | %groupname optional arguments: -h, --help show this help message and exit -C, --locallist List login local customizations -n, --noheading Do not print heading when listing login object types -N, --noreload Do not reload policy after commit -S STORE, --store STORE Select an alternate SELinux Policy Store to manage -r RANGE, --range RANGE MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range. -a, --add Add a record of the login object type -d, --delete Delete a record of the login object type -m, --modify Modify a record of the login object type -l, --list List records of the login object type -E, --extract Extract customizable commands, for use within a transaction -D, --deleteall Remove all login objects local customizations -s SEUSER, --seuser SEUSER SELinux user name
© Lightnetics 2024