From Fedora Project Wiki

< SELinux

Revision as of 14:13, 24 May 2008 by ImportUser (talk) (Imported from MoinMoin)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

semanage(8)                                                        semanage(8)

semanage - SELinux Policy Management tool

semanage {login|user|port|interface|fcontext|translation} -l [-n] 
semanage login -{a|d|m} [-sr]  login_name
semanage user -{a|d|m} [-LrR]  selinux_name
semanage port -{a|d|m} [-tr]  [-p protocol]  port | port_range
semanage interface -{a|d|m} [-tr]  interface_spec
semanage fcontext -{a|d|m} [-frst]  file_spec
semanage translation -{a|d|m} [-T]  level

This tool is used to configure SELinux policy

This  tool  is  used  to  configure  SELinux Policy.  You can configure
SELinux User Mappings, SELinux Port Mappings, SELinux Users. File  Con-
text and Network Interfaces and MLS/MCS Translations.

-a, --add
Add a OBJECT record NAME

-d, --delete
Delete a OBJECT record NAME

-f, --ftype
File  Type.    This is used with fcontext.  Requires a file type
as shown in the mode field by ls, e.g.  use  -d  to  match  only
directories or -- to match only regular files.

-h, --help
display this message

-l, --list
List the OBJECTS

-L, --level
Default SELinux Level for SELinux use. (s0)

-m, --modify
Modify a OBJECT record NAME

-n, --noheading
Do not print heading when listing OBJECTS.

-p, --proto
Protocol for the specified port (tcp|udp).

-r, --range
MLS/MCS Security Range

-R, --role
SELinux  Roles.   You must enclose multiple roles within quotes,
separate by spaces. Or specify -R multiple times.

-s, --seuser
SELinux user name

-t, --type
SELinux Type for the object

-T, --trans
SELinux Translation

-v, --verbose
verbose output


View SELinux user mappings
$ semanage user -l

Allow joe to login as staff_u
$ semanage login -a -s staff_u joe

Add file-context for everything under /web (used by restorecon)
$ semanage fcontext -a -t httpd_sys_content_t '/web(/.*)?'

Allow Apache to listen on port 81
$ semanage port -a -t http_port_t -p tcp 81

This man page was written by Daniel Walsh <> and  Rus-
sell Coker <>.
Examples by Thomas Bleher <>.

2005111103                       semanage(8)