Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   33470 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

SEMODULE(8)			      NSA			   SEMODULE(8)

NAME
       semodule - Manage SELinux policy modules.

SYNOPSIS
       semodule [options]... MODE [MODES]...

DESCRIPTION
       semodule	 is  the tool used to manage SELinux policy modules, including
       installing, upgrading, listing and removing modules.  semodule may also
       be  used	 to  force a rebuild of policy from the module store and/or to
       force a reload of policy	 without  performing  any  other  transaction.
       semodule	 acts on module packages created by semodule_package.  Conven‐
       tionally, these files have a .pp suffix (policy package), although this
       is not mandated in any way.

OPTIONS
       -R, --reload
	      force a reload of policy

       -B, --build
	      force a rebuild of policy (also reloads unless -n is used)

       -D, --disable_dontaudit
	      Temporarily  remove  dontaudits  from  policy.  Reverts whenever
	      policy is rebuilt

       -i,--install=MODULE_PKG
	      install/replace a module package

       -u,--upgrade=MODULE_PKG
	      upgrade an existing module package, or  install  if  the	module
	      does not exist

       -b,--base=MODULE_PKG
	      install/replace base module package

       -d,--disable=MODULE_NAME
	      disable existing module

       -e,--enable=MODULE_NAME
	      enable existing module

       -p,--path=ROOTPATH
	      use an alternate root path

       -r,--remove=MODULE_NAME
	      remove existing module

       -l,--list-modules
	      display list of installed modules (other than base)

       -s,--store
	      name of the store to operate on

       -n,--noreload,-N
	      do not reload policy after commit

       -h,--help
	      prints help message and quit

       -P,--preserve_tunables
	      Preserve tunables in policy

       -v,--verbose
	      be verbose

EXAMPLE
       # Install or replace a base policy package.
       $ semodule -b base.pp
       # Install or replace a non-base policy package.
       $ semodule -i httpd.pp
       # List non-base modules.
       $ semodule -l
       # Turn on all AVC Messages for which SELinux currently is "dontaudit"ing.
       $ semodule -DB
       # Turn "dontaudit" rules back on.
       $ semodule -B
       # Install or replace all non-base modules in the current directory.
       $ semodule -i *.pp
       # Install or replace all modules in the current directory.
       $ ls *.pp | grep -Ev "base.pp|enableaudit.pp" | xargs /usr/sbin/semodule -b base.pp -i


SEE ALSO
       checkmodule(8), semodule_package(8)

AUTHORS
       This manual page was written by Dan Walsh <dwalsh@redhat.com>.
       The program was written by Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>, Jason Tang <jtang@tresys.com>

Security Enhanced Linux		   Nov 2005			   SEMODULE(8)

Vote for polarhome