Comrite Unix Man page/Perldoc/Info page, English-Chinese Dictionary, Chinese-English Dictionary

semanage

Command: man perldoc info search(apropos)  

  
semanage(8)                                                        semanage(8)



NAME
       semanage - SELinux Policy Management tool


SYNOPSIS
       semanage {login|user|port|interface|fcontext|translation} -l [-n]
       semanage login -{a|d|m} [-sr] login_name
       semanage user -{a|d|m} [-LrRP] selinux_name
       semanage port -{a|d|m} [-tr] [-p protocol] port | port_range
       semanage interface -{a|d|m} [-tr] interface_spec
       semanage fcontext -{a|d|m} [-frst] file_spec
       semanage translation -{a|d|m} [-T] level



DESCRIPTION
       semanage  is used to configure certain elements of SELinux policy with-
       out requiring modification to or  recompilation  from  policy  sources.
       This  includes the mapping from Linux usernames to SELinux user identi-
       ties (which controls the initial security  context  assigned  to  Linux
       users  when they login and bounds their authorized role set) as well as
       security context mappings for various kinds of objects, such as network
       ports,  interfaces,  and nodes (hosts) as well as the file context map-
       ping. See the EXAMPLES section below for some examples of common usage.
       Note  that the semanage login command deals with the mapping from Linux
       usernames (logins) to SELinux user identities, while the semanage  user
       command  deals  with the mapping from SELinux user identities to autho-
       rized role sets.  In most cases, only the former mapping  needs  to  be
       adjusted by the administrator; the latter is principally defined by the
       base policy and usually does not require modification.


OPTIONS
       -a, --add
              Add a OBJECT record NAME

       -d, --delete
              Delete a OBJECT record NAME

       -f, --ftype
              File Type.   This is used with fcontext.  Requires a  file  type
              as  shown in the mode field by ls, use -d to match only directo-
              ries -- for regular files, -c  for  character  devices,  -b  for
              block devices, -s for sockets, -l for symbolic links, and -p for
              pipes.

       -h, --help
              display this message

       -l, --list
              List the OBJECTS

       -L, --level
              Default SELinux Level for SELinux use, s0 Default. (MLS/MCS Sys-
              tems only)

       -m, --modify
              Modify a OBJECT record NAME

       -n, --noheading
              Do not print heading when listing OBJECTS.

       -p, --proto
              Protocol for the specified port (tcp|udp).

       -r, --range
              MLS/MCS Security Range (MLS/MCS Systems only)

       -R, --role
              SELinux  Roles.   You must enclose multiple roles within quotes,
              separate by spaces. Or specify -R multiple times.

       -s, --seuser
              SELinux user name

       -t, --type
              SELinux Type for the object

       -T, --trans
              SELinux level Translation

       -P, --prefix
              Labelling prefix for the user (sysadm, staff, or user)

       -v, --verbose
              verbose output


EXAMPLE
       # View SELinux user mappings
       $ semanage user -l
       # Allow joe to login as staff_u
       $ semanage login -a -s staff_u joe
       # Add file-context for everything under /web (used by restorecon)
       $ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
       # Allow Apache to listen on port 81
       $ semanage port -a -t http_port_t -p tcp 81


AUTHOR
       This man page was written by Daniel Walsh <dwalsh AT redhat.com> and  Rus-
       sell  Coker <rcoker AT redhat.com>.  Examples by Thomas Bleher <ThomasBle-
       her AT gmx.de>.




                                  2005111103                       semanage(8)
 

©2005 Comrite