Quick ?s
Cheat Sheets
Man Pages
The Lynx
semanage(8)							   semanage(8)

       semanage - SELinux Policy Management tool

       semanage {login|user|port|interface|fcontext|translation} -l [-n]
       semanage login -{a|d|m} [-sr] login_name
       semanage user -{a|d|m} [-LrRP] selinux_name
       semanage port -{a|d|m} [-tr] [-p protocol] port | port_range
       semanage interface -{a|d|m} [-tr] interface_spec
       semanage fcontext -{a|d|m} [-frst] file_spec
       semanage translation -{a|d|m} [-T] level

       semanage  is used to configure certain elements of SELinux policy with
       out requiring modification to or  recompilation	from  policy  sources.
       This  includes the mapping from Linux usernames to SELinux user identi
       ties (which controls the initial security  context  assigned  to  Linux
       users  when they login and bounds their authorized role set) as well as
       security context mappings for various kinds of objects, such as network
       ports,  interfaces,  and nodes (hosts) as well as the file context map
       ping. See the EXAMPLES section below for some examples of common usage.
       Note  that the semanage login command deals with the mapping from Linux
       usernames (logins) to SELinux user identities, while the semanage  user
       command	deals  with the mapping from SELinux user identities to autho
       rized role sets.  In most cases, only the former mapping  needs	to  be
       adjusted by the administrator; the latter is principally defined by the
       base policy and usually does not require modification.

       -a, --add
	      Add a OBJECT record NAME

       -d, --delete
	      Delete a OBJECT record NAME

       -f, --ftype
	      File Type.   This is used with fcontext.	Requires a  file  type
	      as  shown in the mode field by ls, use -d to match only directo
	      ries -- for regular files, -c  for  character  devices,  -b  for
	      block devices, -s for sockets, -l for symbolic links, and -p for

       -h, --help
	      display this message

       -l, --list
	      List the OBJECTS

       -L, --level
	      Default SELinux Level for SELinux use, s0 Default. (MLS/MCS Sys
	      tems only)

       -m, --modify
	      Modify a OBJECT record NAME

       -n, --noheading
	      Do not print heading when listing OBJECTS.

       -p, --proto
	      Protocol for the specified port (tcp|udp).

       -r, --range
	      MLS/MCS Security Range (MLS/MCS Systems only)

       -R, --role
	      SELinux  Roles.	You must enclose multiple roles within quotes,
	      separate by spaces. Or specify -R multiple times.

       -s, --seuser
	      SELinux user name

       -t, --type
	      SELinux Type for the object

       -T, --trans
	      SELinux level Translation

       -P, --prefix
	      Labelling prefix for the user (sysadm, staff, or user)

       -v, --verbose
	      verbose output

       # View SELinux user mappings
       $ semanage user -l
       # Allow joe to login as staff_u
       $ semanage login -a -s staff_u joe
       # Add file-context for everything under /web (used by restorecon)
       $ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
       # Allow Apache to listen on port 81
       $ semanage port -a -t http_port_t -p tcp 81

       This man page was written by Daniel Walsh  and  Rus
       sell  Coker .  Examples by Thomas Bleher .

				  2005111103			   semanage(8)

Yals.net is © 1999-2009 Crescendo Communications
Sharing tech info on the web for more than a decade!
This page was generated Thu Apr 30 17:05:32 2009