1SEMODULE(8)                           NSA                          SEMODULE(8)
2
3
4

NAME

6       semodule - Manage SELinux policy modules.
7
8

SYNOPSIS

10       semodule [options]... MODE [MODES]...
11

DESCRIPTION

13       semodule  is  the tool used to manage SELinux policy modules, including
14       installing, upgrading, listing and removing modules.  semodule may also
15       be  used  to  force a rebuild of policy from the module store and/or to
16       force a reload of policy  without  performing  any  other  transaction.
17       semodule  acts on module packages created by semodule_package.  Convenā€
18       tionally, these files have a .pp suffix (policy package), although this
19       is not mandated in any way.
20
21

OPTIONS

23       -R, --reload
24              force a reload of policy
25
26       -B, --build
27              force a rebuild of policy (also reloads unless -n is used)
28
29       -D, --disable_dontaudit
30              Temporarily  remove  dontaudits  from  policy.  Reverts whenever
31              policy is rebuilt
32
33       -i,--install=MODULE_PKG
34              install/replace a module package
35
36       -u,--upgrade=MODULE_PKG
37              upgrade an existing module package, or  install  if  the  module
38              does not exist
39
40       -b,--base=MODULE_PKG
41              install/replace base module package
42
43       -d,--disable=MODULE_NAME
44              disable existing module
45
46       -e,--enable=MODULE_NAME
47              enable existing module
48
49       -r,--remove=MODULE_NAME
50              remove existing module
51
52       -l,--list-modules
53              display list of installed modules (other than base)
54
55       -s,--store
56              name of the store to operate on
57
58       -n,--noreload
59              do not reload policy after commit
60
61       -h,--help
62              prints help message and quit
63
64       -v,--verbose
65              be verbose
66
67

EXAMPLE

69       # Install or replace a base policy package.
70       $ semodule -b base.pp
71       # Install or replace a non-base policy package.
72       $ semodule -i httpd.pp
73       # List non-base modules.
74       $ semodule -l
75       # Turn on all AVC Messages for which SELinux currently is "dontaudit"ing.
76       $ semodule -DB
77       # Turn "dontaudit" rules back on.
78       $ semodule -B
79       # Install or replace all non-base modules in the current directory.
80       $ semodule -i *.pp
81       # Install or replace all modules in the current directory.
82       $ ls *.pp | grep -Ev "base.pp|enableaudit.pp" | xargs /usr/sbin/semodule -b base.pp -i
83
84

SEE ALSO

86       checkmodule(8), semodule_package(8)
87

AUTHORS

89       This manual page was written by Dan Walsh <dwalsh@redhat.com>.
90       The program was written by Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>, Jason Tang <jtang@tresys.com>
91
92
93
94Security Enhanced Linux            Nov 2005                        SEMODULE(8)
Impressum