1SEMODULE(8) NSA SEMODULE(8)
2
3
4
6 semodule - Manage SELinux policy modules.
7
8
10 semodule [options]... MODE [MODES]...
11
13 semodule is the tool used to manage SELinux policy modules, including
14 installing, upgrading, listing and removing modules. semodule may also
15 be used to force a rebuild of policy from the module store and/or to
16 force a reload of policy without performing any other transaction.
17 semodule acts on module packages created by semodule_package. Convenā
18 tionally, these files have a .pp suffix (policy package), although this
19 is not mandated in any way.
20
21
23 -R, --reload
24 force a reload of policy
25
26 -B, --build
27 force a rebuild of policy (also reloads unless -n is used)
28
29 -i,--install=MODULE_PKG
30 install/replace a module package
31
32 -u,--upgrade=MODULE_PKG
33 upgrade an existing module package
34
35 -b,--base=MODULE_PKG
36 install/replace base module package
37
38 -r,--remove=MODULE_NAME
39 remove existing module
40
41 -l,--list-modules
42 display list of installed modules (other than base)
43
44 -s,--store
45 name of the store to operate on
46
47 -n,--noreload
48 do not reload policy after commit
49
50 -h,--help
51 prints help message and quit
52
53 -v,--verbose
54 be verbose
55
56
58 # Install or replace a base policy package.
59 $ semodule -b base.pp
60 # Install or replace a non-base policy package.
61 $ semodule -i httpd.pp
62 # List non-base modules.
63 $ semodule -l
64 # Install or replace all non-base modules in the current directory.
65 $ semodule -i *.pp
66 # Install or replace all modules in the current directory.
67 $ ls *.pp | grep -Ev "base.pp|enableaudit.pp" | xargs /usr/sbin/semodule -b base.pp -i
68
69
71 checkmodule(8), semodule_package(8)
72
74 This manual page was written by Dan Walsh <dwalsh@redhat.com>.
75 The program was written by Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>, Jason Tang <jtang@tresys.com>
76
77
78
79Security Enhanced Linux Nov 2005 SEMODULE(8)