1SEMODULE(8) NSA SEMODULE(8)
2
3
4
6 semodule - Manage SELinux policy modules.
7
8
10 semodule [options]... MODE [MODES]...
11
13 semodule is the tool used to manage SELinux policy modules, including
14 installing, upgrading, listing and removing modules. semodule may also
15 be used to force a rebuild of policy from the module store and/or to
16 force a reload of policy without performing any other transaction.
17 semodule acts on module packages created by semodule_package. Convenā
18 tionally, these files have a .pp suffix (policy package), although this
19 is not mandated in any way.
20
21
23 -R, --reload
24 force a reload of policy
25
26 -B, --build
27 force a rebuild of policy (also reloads unless -n is used)
28
29 -D, --disable_dontaudit
30 Temporarily remove dontaudits from policy. Reverts whenever
31 policy is rebuilt
32
33 -i,--install=MODULE_PKG
34 install/replace a module package
35
36 -u,--upgrade=MODULE_PKG
37 upgrade an existing module package, or install if the module
38 does not exist
39
40 -b,--base=MODULE_PKG
41 install/replace base module package
42
43 -d,--disable=MODULE_NAME
44 disable existing module
45
46 -e,--enable=MODULE_NAME
47 enable existing module
48
49 -r,--remove=MODULE_NAME
50 remove existing module
51
52 -l,--list-modules
53 display list of installed modules (other than base)
54
55 -s,--store
56 name of the store to operate on
57
58 -n,--noreload
59 do not reload policy after commit
60
61 -h,--help
62 prints help message and quit
63
64 -v,--verbose
65 be verbose
66
67
69 # Install or replace a base policy package.
70 $ semodule -b base.pp
71 # Install or replace a non-base policy package.
72 $ semodule -i httpd.pp
73 # List non-base modules.
74 $ semodule -l
75 # Turn on all AVC Messages for which SELinux currently is "dontaudit"ing.
76 $ semodule -DB
77 # Turn "dontaudit" rules back on.
78 $ semodule -B
79 # Install or replace all non-base modules in the current directory.
80 $ semodule -i *.pp
81 # Install or replace all modules in the current directory.
82 $ ls *.pp | grep -Ev "base.pp|enableaudit.pp" | xargs /usr/sbin/semodule -b base.pp -i
83
84
86 checkmodule(8), semodule_package(8)
87
89 This manual page was written by Dan Walsh <dwalsh@redhat.com>.
90 The program was written by Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>, Jason Tang <jtang@tresys.com>
91
92
93
94Security Enhanced Linux Nov 2005 SEMODULE(8)