semanage(8) - SELinux Policy Management tool



  • semanage(8)							   semanage(8)
    
    
    
    NAME
           semanage - SELinux Policy Management tool
    
    
    SYNOPSIS
           semanage	    {import,export,login,user,port,interface,module,node,fcon‐
           text,boolean,permissive,dontaudit}
    		       ...  positional arguments:
    
           import Import local customizations
    
           export Output local customizations
    
           login Manage login mappings between linux users	and  SELinux  confined
           users
    
           user  Manage  SELinux  confined	users (Roles and levels for an SELinux
           user)
    
           port Manage network port type definitions
    
           interface Manage network interface type definitions
    
           module Manage SELinux policy modules
    
           node Manage network node type definitions
    
           fcontext Manage file context mapping definitions
    
           boolean Manage booleans to selectively enable functionality
    
           permissive Manage process type enforcement mode
    
           dontaudit Disable/Enable dontaudit rules in policy
    
    
    DESCRIPTION
           semanage is used to configure certain elements of SELinux policy	 with‐
           out  requiring  modification  to	 or recompilation from policy sources.
           This includes the mapping from Linux usernames to SELinux user  identi‐
           ties  (which  controls  the  initial security context assigned to Linux
           users when they login and bounds their authorized role set) as well  as
           security context mappings for various kinds of objects, such as network
           ports, interfaces, and nodes (hosts) as well as the file	 context  map‐
           ping.  Note that the semanage login command deals with the mapping from
           Linux usernames (logins) to SELinux user identities, while the semanage
           user  command  deals  with  the mapping from SELinux user identities to
           authorized role sets.  In most cases, only the former mapping needs  to
           be  adjusted by the administrator; the latter is principally defined by
           the base policy and usually does not require modification.
    
    
    OPTIONS
           -h, --help
    	      List help information
    
    
    SEE ALSO
           selinux (8), semanage-boolean (8),  semanage-dontaudit  (8),  semanage-
           export (8), semanage-fcontext (8), semanage-import (8), semanage-inter‐
           face (8), semanage-login (8), semanage-module (8),  semanage-node  (8),
           semanage-permissive (8), semanage-port (8), semanage-user (8)
    
    
    AUTHOR
           This man page was written by Daniel Walsh <[email protected]>
           and Russell Coker <[email protected]>.
           Examples by Thomas Bleher <[email protected]>.	 usage: semanage [-h]
    
    
    
    				   20100223			   semanage(8)
    


  • @hawksbill

    $ semanage -h
    usage: semanage [-h]
                    
                    {import,export,login,user,port,interface,module,node,fcontext,boolean,permissive,dontaudit}
                    ...
    
    semanage is used to configure certain elements of SELinux policy with-out
    requiring modification to or recompilation from policy source.
    
    positional arguments:
      {import,export,login,user,port,interface,module,node,fcontext,boolean,permissive,dontaudit}
        import              Import local customizations
        export              Output local customizations
        login               Manage login mappings between linux users and SELinux
                            confined users
        user                Manage SELinux confined users (Roles and levels for an
                            SELinux user)
        port                Manage network port type definitions
        interface           Manage network interface type definitions
        module              Manage SELinux policy modules
        node                Manage network node type definitions
        fcontext            Manage file context mapping definitions
        boolean             Manage booleans to selectively enable functionality
        permissive          Manage process type enforcement mode
        dontaudit           Disable/Enable dontaudit rules in policy
    
    optional arguments:
      -h, --help            show this help message and exit
    


  • @hawksbill

    Help on individual commands:

    $ semanage login -h
    usage: semanage login [-h] [-n] [-N] [-S STORE] [ --add -s SEUSER -r RANGE LOGIN | --delete LOGIN | --deleteall  | --extract  | --list -C | --modify -s SEUSER -r RANGE LOGIN ]
    
    positional arguments:
      login                 login_name | %groupname
    
    optional arguments:
      -h, --help            show this help message and exit
      -C, --locallist       List login local customizations
      -n, --noheading       Do not print heading when listing login object types
      -N, --noreload        Do not reload policy after commit
      -S STORE, --store STORE
                            Select an alternate SELinux Policy Store to manage
      -r RANGE, --range RANGE
                            MLS/MCS Security Range (MLS/MCS Systems only) SELinux
                            Range for SELinux login mapping defaults to the
                            SELinux user record range.
      -a, --add             Add a record of the login object type
      -d, --delete          Delete a record of the login object type
      -m, --modify          Modify a record of the login object type
      -l, --list            List records of the login object type
      -E, --extract         Extract customizable commands, for use within a
                            transaction
      -D, --deleteall       Remove all login objects local customizations
      -s SEUSER, --seuser SEUSER
                            SELinux user name
    

Log in to reply
 

© Lightnetics 2024