semanage man page on CentOS

Man page or keyword search:  
man Server   8420 pages
apropos Keyword Search (all sections)
Output format
CentOS logo
[printable version]

semanage(8)							   semanage(8)

       semanage - SELinux Policy Management tool

       semanage {login|user|port|interface|fcontext} -l [-n]
       semanage login -{a|d|m} [-sr] login_name
       semanage user -{a|d|m} [-LrRP] selinux_name
       semanage port -{a|d|m} [-tr] [-p protocol] port | port_range
       semanage interface -{a|d|m} [-tr] interface_spec
       semanage fcontext -{a|d|m} [-frst] file_spec

       semanage	 is used to configure certain elements of SELinux policy with‐
       out requiring modification to or	 recompilation	from  policy  sources.
       This  includes the mapping from Linux usernames to SELinux user identi‐
       ties (which controls the initial security  context  assigned  to	 Linux
       users  when they login and bounds their authorized role set) as well as
       security context mappings for various kinds of objects, such as network
       ports,  interfaces,  and nodes (hosts) as well as the file context map‐
       ping. See the EXAMPLES section below for some examples of common usage.
       Note  that the semanage login command deals with the mapping from Linux
       usernames (logins) to SELinux user identities, while the semanage  user
       command	deals  with the mapping from SELinux user identities to autho‐
       rized role sets.	 In most cases, only the former mapping	 needs	to  be
       adjusted by the administrator; the latter is principally defined by the
       base policy and usually does not require modification.

       -a, --add
	      Add a OBJECT record NAME

       -d, --delete
	      Delete a OBJECT record NAME

       -f, --ftype
	      File Type.   This is used with fcontext.	Requires a  file  type
	      as  shown	 in  the  mode	field by ls, e.g. use -d to match only
	      directories or -- to match only regular files.

       -h, --help
	      display this message

       -l, --list
	      List the OBJECTS

       -L, --level
	      Default SELinux Level for SELinux use, s0 Default. (MLS/MCS Sys‐
	      tems only)

       -m, --modify
	      Modify a OBJECT record NAME

       -n, --noheading
	      Do not print heading when listing OBJECTS.

       -p, --proto
	      Protocol for the specified port (tcp|udp).

       -r, --range
	      MLS/MCS Security Range (MLS/MCS Systems only)

       -R, --role
	      SELinux  Roles.	You must enclose multiple roles within quotes,
	      separate by spaces. Or specify -R multiple times.

       -P, --prefix
	      SELinux Prefix.  Prefix  added  to  home_dir_t  and  home_t  for
	      labeling users home directories.

       -s, --seuser
	      SELinux user name

       -t, --type
	      SELinux Type for the object

       # View SELinux user mappings
       $ semanage user -l
       # Allow joe to login as staff_u
       $ semanage login -a -s staff_u joe
       # Add file-context for everything under /web (used by restorecon)
       $ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
       # Allow Apache to listen on port 81
       $ semanage port -a -t http_port_t -p tcp 81

       This  man page was written by Daniel Walsh <> and Rus‐
       sell Coker <>.	Examples by Thomas Bleher  <ThomasBle‐>.

				  2005111103			   semanage(8)

List of man pages available for CentOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net