1semanage(8)                                                        semanage(8)
2
3
4

NAME

6       semanage - SELinux Policy Management tool
7
8

SYNOPSIS

10       semanage     {import,export,login,user,port,interface,module,node,fcon‐
11       text,boolean,permissive,dontaudit,ibpkey,ibendport}
12                       ...  positional arguments:
13
14       import Import local customizations
15
16       export Output local customizations
17
18       login Manage login mappings between linux users  and  SELinux  confined
19       users
20
21       user  Manage  SELinux  confined  users (Roles and levels for an SELinux
22       user)
23
24       port Manage network port type definitions
25
26       interface Manage network interface type definitions
27
28       module Manage SELinux policy modules
29
30       node Manage network node type definitions
31
32       fcontext Manage file context mapping definitions
33
34       boolean Manage booleans to selectively enable functionality
35
36       permissive Manage process type enforcement mode
37
38       dontaudit Disable/Enable dontaudit rules in policy
39
40       ibpkey Manage infiniband pkey type definitions
41
42       ibendport Manage infiniband end port type definitions
43
44

DESCRIPTION

46       semanage is used to configure certain elements of SELinux policy  with‐
47       out  requiring  modification  to  or recompilation from policy sources.
48       This includes the mapping from Linux usernames to SELinux user  identi‐
49       ties  (which  controls  the  initial security context assigned to Linux
50       users when they login and bounds their authorized role set) as well  as
51       security context mappings for various kinds of objects, such as network
52       ports, interfaces, infiniband pkeys and endports, and nodes (hosts)  as
53       well  as  the  file context mapping. See the EXAMPLES section below for
54       some examples of common usage.  Note that the  semanage  login  command
55       deals  with  the  mapping from Linux usernames (logins) to SELinux user
56       identities, while the semanage user command deals with the mapping from
57       SELinux  user  identities to authorized role sets.  In most cases, only
58       the former mapping needs to be adjusted by the administrator; the  lat‐
59       ter  is  principally  defined  by  the base policy and usually does not
60       require modification.
61
62

OPTIONS

64       -h, --help
65              List help information
66
67

SEE ALSO

69       selinux (8), semanage-boolean (8),  semanage-dontaudit  (8),  semanage-
70       export (8), semanage-fcontext (8), semanage-import (8), semanage-inter‐
71       face (8), semanage-login (8), semanage-module (8),  semanage-node  (8),
72       semanage-permissive (8), semanage-port (8), semanage-user (8) semanage-
73       ibkey (8), semanage-ibendport (8),
74
75

AUTHOR

77       This man page was written by Daniel Walsh <dwalsh@redhat.com>
78       and Russell Coker <rcoker@redhat.com>.
79       Examples by Thomas Bleher <ThomasBleher@gmx.de>.  usage: semanage [-h]
80
81
82
83                                   20100223                        semanage(8)
Impressum