LinuxGuruz
Toll Free Numbers
  • Last 5 Forum Topics
    Replies
    Views
    Last post


The Web Only This Site
  • BOOKMARK

  • ADD TO FAVORITES

  • REFERENCES


  • MARC

    Mailing list ARChives
    - Search by -
     Subjects
     Authors
     Bodies





    FOLDOC

    Computing Dictionary




  • Text Link Ads
  • LINUX man pages
  • Linux Man Page Viewer


    The following form allows you to view linux man pages.

    Command:

    semanage

    
    
    
    

    SYNOPSIS

           Output local customizations
           semanage [ -S store ] -o [ output_file | - ]
    
           Input local customizations
           semanage [ -S store ] -i [ input_file | - ]
    
           Manage  booleans.   Booleans allow the administrator to modify the con-
           finement of processes based on his configuration.
           semanage  boolean  [-S  store]  -{d|m|l|n|D}  [-N]  -[-on|-off|1|0]  -F
           boolean | boolean_file
    
           Manage SELinux confined users (Roles and levels for an SELinux user)
           semanage user [-S store] -{a|d|m|l|n|D} [-LrRPN] selinux_name
    
           Manage login mappings between linux users and SELinux confined users.
           semanage login [-S store] -{a|d|m|l|n|D} [-srN] login_name | %groupname
    
           Manage policy modules.
           semanage module [-S store] -{a|d|l} [-N] [-m [--enable |  --disable]  ]
           module_name
    
           Manage network port type definitions
           semanage  port  [-S  store]  -{a|d|m|l|n|D}  [-trN]  [-p  proto] port |
           port_range
    
           Manage network interface type definitions
           semanage interface [-S store] -{a|d|m|l|n|D} [-trN] interface_spec
    
           Manage network node type definitions
           semanage node [-S store] -{a|d|m|l|n|D} [-trN] [ -p protocol ] [-M net-
           mask] address
    
           Manage file context mapping definitions
           semanage fcontext [-S store] -{a|d|m|l|n|D} [-frstN] file_spec
           semanage fcontext [-S store] -{a|d|m|l|n|D} -e replacement target
    
           Manage processes type enforcement mode
           semanage permissive [-S store] [-N] -{a|d|l|n|D} type
    
           Disable/Enable dontaudit rules in policy
           semanage dontaudit [-S store] [-N] [ on | off ]
    
           Execute multiple commands within a single transaction.
           semanage [-S store] -i command-file
    
    
    

    DESCRIPTION

           semanage  is used to configure certain elements of SELinux policy with-
           out requiring modification to or  recompilation  from  policy  sources.
    
    
    

    OPTIONS

           -a, --add
                  Add a OBJECT record NAME
    
           -d, --delete
                  Delete a OBJECT record NAME
    
           -D, --deleteall
                  Remove all OBJECTS local customizations
    
           --disable
                  Disable a policy module, requires -m option
    
                  Currently modules only.
    
           --enable
                  Enable a disabled policy module, requires -m option
    
                  Currently modules only.
    
           -e, --equal
                  Substitute target path with sourcepath when  generating  default
                  label.   This  is used with fcontext. Requires source and target
                  path arguments.  The context labeling for the target subtree  is
                  made equivalent to that defined for the source.
    
           -f, --ftype
                  File  Type.    This is used with fcontext.  Requires a file type
                  as shown in the mode field by ls, e.g.  use  -d  to  match  only
                  directories or -- to match only regular files.
    
           -F, --file
                  Set multiple records from the input file.  When used with the -l
                  --list, it will output the current settings  to  stdout  in  the
                  proper format.
    
                  Currently booleans only.
    
           -h, --help
                  display this message
    
           -l, --list
                  List the OBJECTS
    
           -C, --locallist
                  List only locally defined settings, not base policy settings.
    
           -E, --extract
                  Extract customizable commands
    
           -L, --level
    
           -o, --output
                  Output current customizations as semanage commands
    
           -p, --proto
                  Protocol for the specified port (tcp|udp) or  internet  protocol
                  version for the specified node (ipv4|ipv6).
    
           -r, --range
                  MLS/MCS  Security Range (MLS/MCS Systems only) SELinux Range for
                  SELinux login mapping defaults to the SELinux user record range.
                  SELinux Range for SELinux user defaults to s0-s0:c0.c1023.
    
           -R, --roles
                  SELinux  Roles.   You must enclose multiple roles within quotes,
                  separate by spaces. Or specify -R multiple times.
    
           -P, --prefix
                  SELinux Prefix.  Prefix  added  to  home_dir_t  and  home_t  for
                  labeling users home directories.
    
           -s, --seuser
                  SELinux user name
    
           -S, --store
                  Select and alternate SELinux store to manage
    
           -t, --type
                  SELinux Type for the object
    
           -i, --input
                  Take  a set of commands from a specified file and load them in a
                  single transaction.
    
    
    

    EXAMPLE

           SELinux user
           List SELinux users
           # semanage user -l
    
           SELinux login
           Change joe to login as staff_u
           # semanage login -a -s staff_u joe
           Change the group clerks to login as user_u
           # semanage login -a -s user_u %clerks
    
           File contexts
           Add file-context for everything under /web
           # semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
           # restorecon -R -v /web
    
           Substitute /home1 with /home when setting file context
           # semanage permissive -a httpd_t
    
           Turn off dontaudit rules
           # semanage dontaudit off
    
           Managing multiple machines
           Multiple machines that need the same customizations.
           Extract customizations off first machine, copy them
           to second and import them.
    
           # semanage -o /tmp/local.selinux
           # scp /tmp/local.selinux secondmachine:/tmp
           # ssh secondmachine
           # semanage -i /tmp/local.selinux
    
           If these customizations include file context, you need to apply the
           context using restorecon.
    
    
    

    AUTHOR

           This man page was written by Daniel Walsh <dwalsh@redhat.com>
           and Russell Coker <rcoker@redhat.com>.
           Examples by Thomas Bleher <ThomasBleher@gmx.de>.
    
                                       20100223                        semanage(8)
    
  • MORE RESOURCE


  • Linux

    The Distributions





    Linux

    The Software





    Linux

    The News



  • MARKETING






  • Toll Free

Toll Free Numbers

webmaster@linuxguruz.com
Copyright © 1999 - 2016 by LinuxGuruz