1semanage-port(8)                                              semanage-port(8)
2
3
4

NAME

6       semanage-port - SELinux Policy Management port mapping tool
7

SYNOPSIS

9       semanage  port [-h] [-n] [-N] [-S STORE] [ --add -t TYPE -p PROTOCOL -r
10       RANGE port_name  |  port_range  |  --delete  -p  PROTOCOL  port_name  |
11       port_range  |  --deleteall | --extract | --list [-C] | --modify -t TYPE
12       -p PROTOCOL -r RANGE port_name | port_range ]
13
14

DESCRIPTION

16       semanage is used to configure certain elements of SELinux policy  with‐
17       out  requiring  modification  to  or recompilation from policy sources.
18       semanage port controls the port number to port type definitions.
19
20       Default port definitions are contained in policy modules and  can't  be
21       removed  without removing corresponding module. Therefore semanage port
22       uses so called local definitions, which are  assigned  higher  priority
23       and override default definitions for the same port.
24
25       semanage  port  -l  lists all port definitions (both default and local)
26       which can result in seemingly conflicting  or  duplicate  entries.  Use
27       semanage port -l -C to only list local definitions.
28

OPTIONS

30       -h, --help
31              show this help message and exit
32
33       -n, --noheading
34              Do not print heading when listing the specified object type
35
36       -N, --noreload
37              Do not reload policy after commit
38
39       -S STORE, --store STORE
40              Select an alternate SELinux Policy Store to manage
41
42       -C, --locallist
43              List local customizations
44
45       -a, --add
46              Add a record of the specified object type
47
48       -d, --delete
49              Delete a record of the specified object type
50
51       -m, --modify
52              Modify a record of the specified object type
53
54       -l, --list
55              List records of the specified object type
56
57       -E, --extract
58              Extract customizable commands, for use within a transaction
59
60       -D, --deleteall
61              Remove all local customizations
62
63       -t TYPE, --type TYPE
64              SELinux type for the object
65
66       -r RANGE, --range RANGE
67              MLS/MCS  Security Range (MLS/MCS Systems only) SELinux Range for
68              SELinux login mapping defaults to the SELinux user record range.
69              SELinux Range for SELinux user defaults to s0.
70
71       -p PROTO, --proto PROTO
72              Protocol  for  the specified port (tcp|udp) or internet protocol
73              version for the specified node (ipv4|ipv6).
74
75

EXAMPLE

77       List all port definitions
78       # semanage port -l
79       Allow Apache to listen on tcp port 81
80       # semanage port -a -t http_port_t -p tcp 81
81       Allow sshd to listen on tcp port 8991
82       # semanage port -a -t ssh_port_t -p tcp 8991
83
84

SEE ALSO

86       selinux (8), semanage (8)
87
88

AUTHOR

90       This man page was written by Daniel Walsh <dwalsh@redhat.com>
91
92
93
94                                   20130617                   semanage-port(8)