Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   18644 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

semanage(8)							   semanage(8)

NAME
       semanage - SELinux Policy Management tool

SYNOPSIS
       semanage	      {boolean|login|user|port|interface|fcontext|translation}
       -{l|D} [-n]
       semanage boolean -{d|m} [-T] boolean
       semanage login -{a|d|m} [-sr] login_name
       semanage user -{a|d|m} [-LrRP] selinux_name
       semanage port -{a|d|m} [-tr] [-p proto] port | port_range
       semanage interface -{a|d|m} [-tr] interface_spec
       semanage fcontext -{a|d|m} [-frst] file_spec
       semanage translation -{a|d|m} [-T] level

DESCRIPTION
       semanage is used to configure certain elements of SELinux policy	 with‐
       out  requiring  modification  to	 or recompilation from policy sources.
       This includes the mapping from Linux usernames to SELinux user  identi‐
       ties  (which  controls  the  initial security context assigned to Linux
       users when they login and bounds their authorized role set) as well  as
       security context mappings for various kinds of objects, such as network
       ports, interfaces, and nodes (hosts) as well as the file	 context  map‐
       ping. See the EXAMPLES section below for some examples of common usage.
       Note that the semanage login command deals with the mapping from	 Linux
       usernames  (logins) to SELinux user identities, while the semanage user
       command deals with the mapping from SELinux user identities  to	autho‐
       rized  role  sets.   In most cases, only the former mapping needs to be
       adjusted by the administrator; the latter is principally defined by the
       base policy and usually does not require modification.

OPTIONS
       -a, --add
	      Add a OBJECT record NAME

       -d, --delete
	      Delete a OBJECT record NAME

       -D, --deleteall
	      Remove all OBJECTS local customizations

       -f, --ftype
	      File  Type.    This is used with fcontext.  Requires a file type
	      as shown in the mode field by ls, e.g.  use  -d  to  match  only
	      directories or -- to match only regular files.

       -h, --help
	      display this message

       -l, --list
	      List the OBJECTS

       -L, --level
	      Default SELinux Level for SELinux use, s0 Default. (MLS/MCS Sys‐
	      tems only)

       -m, --modify
	      Modify a OBJECT record NAME

       -n, --noheading
	      Do not print heading when listing OBJECTS.

       -p, --proto
	      Protocol for the specified port (tcp|udp).

       -r, --range
	      MLS/MCS Security Range (MLS/MCS Systems only)

       -R, --role
	      SELinux Roles.  You must enclose multiple roles  within  quotes,
	      separate by spaces. Or specify -R multiple times.

       -P, --prefix
	      SELinux  Prefix.	 Prefix	 added	to  home_dir_t	and home_t for
	      labeling users home directories.

       -s, --seuser
	      SELinux user name

       -t, --type
	      SELinux Type for the object

       -T, --trans
	      SELinux Translation

EXAMPLE
       # View SELinux user mappings
       $ semanage user -l
       # Allow joe to login as staff_u
       $ semanage login -a -s staff_u joe
       # Add file-context for everything under /web (used by restorecon)
       $ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
       # Allow Apache to listen on port 81
       $ semanage port -a -t http_port_t -p tcp 81

AUTHOR
       This man page was written by Daniel Walsh <dwalsh@redhat.com> and  Rus‐
       sell  Coker <rcoker@redhat.com>.	 Examples by Thomas Bleher <ThomasBle‐
       her@gmx.de>.

				  2005111103			   semanage(8)

Vote for polarhome