Gitiles
Code Review Sign In
review.blissroms.org / platform_external_selinux / refs/heads/r / . / python / semanage / semanage.8
blob: 0cdcfccd8d8f3f2de083eb09976b3bc063efcf75 [file] [log] [blame]
Eric Paris1654b962011-07-19 16:05:23 -0400[diff] [blame]1.TH "semanage" "8" "20100223" "" ""
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]2.SH "NAME"
3semanage \- SELinux Policy Management tool
4
5.SH "SYNOPSIS"
Daniel Jurgensb217ffd2017-05-22 16:08:31 +0300[diff] [blame]6.B semanage {import,export,login,user,port,interface,module,node,fcontext,boolean,permissive,dontaudit,ibpkey,ibendport}
Dan Walsh1925e1e2013-10-11 08:34:44 -0400[diff] [blame]7 ...
8.B positional arguments:
9
10.B import
AJf8185ee2016-08-18 19:29:10 +0100[diff] [blame]11Import local customizations
Eric Parise25ea712011-07-19 11:38:57 -0400[diff] [blame]12
Dan Walsh1925e1e2013-10-11 08:34:44 -0400[diff] [blame]13.B export
14Output local customizations
Eric Parise25ea712011-07-19 11:38:57 -0400[diff] [blame]15
Dan Walsh1925e1e2013-10-11 08:34:44 -0400[diff] [blame]16.B login
17Manage login mappings between linux users and SELinux confined users
Eric Paris1654b962011-07-19 16:05:23 -0400[diff] [blame]18
Dan Walsh1925e1e2013-10-11 08:34:44 -0400[diff] [blame]19.B user
Eric Paris1654b962011-07-19 16:05:23 -0400[diff] [blame]20Manage SELinux confined users (Roles and levels for an SELinux user)
Eric Paris1654b962011-07-19 16:05:23 -0400[diff] [blame]21
Dan Walsh1925e1e2013-10-11 08:34:44 -0400[diff] [blame]22.B port
Eric Paris1654b962011-07-19 16:05:23 -0400[diff] [blame]23Manage network port type definitions
Eric Paris1654b962011-07-19 16:05:23 -0400[diff] [blame]24
Dan Walsh1925e1e2013-10-11 08:34:44 -0400[diff] [blame]25.B interface
Eric Paris1654b962011-07-19 16:05:23 -0400[diff] [blame]26Manage network interface type definitions
Eric Paris1654b962011-07-19 16:05:23 -0400[diff] [blame]27
Dan Walsh1925e1e2013-10-11 08:34:44 -0400[diff] [blame]28.B module
29Manage SELinux policy modules
30
31.B node
Eric Paris1654b962011-07-19 16:05:23 -0400[diff] [blame]32Manage network node type definitions
Eric Parisd01c33c2011-07-19 14:21:08 -0400[diff] [blame]33
Dan Walsh1925e1e2013-10-11 08:34:44 -0400[diff] [blame]34.B fcontext
Eric Parisd01c33c2011-07-19 14:21:08 -0400[diff] [blame]35Manage file context mapping definitions
Eric Paris1654b962011-07-19 16:05:23 -0400[diff] [blame]36
Dan Walsh1925e1e2013-10-11 08:34:44 -0400[diff] [blame]37.B boolean
38Manage booleans to selectively enable functionality
Eric Paris1654b962011-07-19 16:05:23 -0400[diff] [blame]39
Dan Walsh1925e1e2013-10-11 08:34:44 -0400[diff] [blame]40.B permissive
41Manage process type enforcement mode
42
43.B dontaudit
Eric Paris1654b962011-07-19 16:05:23 -0400[diff] [blame]44Disable/Enable dontaudit rules in policy
Eric Paris1654b962011-07-19 16:05:23 -0400[diff] [blame]45
Daniel Jurgensb217ffd2017-05-22 16:08:31 +0300[diff] [blame]46.B ibpkey
47Manage infiniband pkey type definitions
48
49.B ibendport
50Manage infiniband end port type definitions
51
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]52.SH "DESCRIPTION"
53semanage is used to configure certain elements of
54SELinux policy without requiring modification to or recompilation
55from policy sources. This includes the mapping from Linux usernames
56to SELinux user identities (which controls the initial security context
57assigned to Linux users when they login and bounds their authorized role set)
58as well as security context mappings for various kinds of objects, such
Daniel Jurgensb217ffd2017-05-22 16:08:31 +0300[diff] [blame]59as network ports, interfaces, infiniband pkeys and endports, and nodes (hosts)
Dan Walsh6ded76a2019-01-31 20:41:40 +0100[diff] [blame]60as well as the file context mapping. Note that the semanage login command deals
61with the mapping from Linux usernames (logins) to SELinux user identities,
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]62while the semanage user command deals with the mapping from SELinux
63user identities to authorized role sets. In most cases, only the
64former mapping needs to be adjusted by the administrator; the latter
65is principally defined by the base policy and usually does not require
66modification.
67
68.SH "OPTIONS"
69.TP
Dan Walsh1925e1e2013-10-11 08:34:44 -0400[diff] [blame]70.I \-h, \-\-help
71List help information
Eric Parisf78aa2f2011-07-19 12:15:41 -0400[diff] [blame]72
Dan Walsh1925e1e2013-10-11 08:34:44 -0400[diff] [blame]73.SH "SEE ALSO"
Alan Jenkins62f05892017-01-11 12:41:09 +0000[diff] [blame]74.BR selinux (8),
75.BR semanage-boolean (8),
76.BR semanage-dontaudit (8),
77.BR semanage-export (8),
78.BR semanage-fcontext (8),
79.BR semanage-import (8),
80.BR semanage-interface (8),
81.BR semanage-login (8),
82.BR semanage-module (8),
83.BR semanage-node (8),
84.BR semanage-permissive (8),
85.BR semanage-port (8),
86.BR semanage-user (8)
Daniel Jurgensb217ffd2017-05-22 16:08:31 +0300[diff] [blame]87.BR semanage-ibkey (8),
88.BR semanage-ibendport (8),
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]89
90.SH "AUTHOR"
Eric Paris1654b962011-07-19 16:05:23 -0400[diff] [blame]91This man page was written by Daniel Walsh <dwalsh@redhat.com>
92.br
93and Russell Coker <rcoker@redhat.com>.
94.br
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]95Examples by Thomas Bleher <ThomasBleher@gmx.de>.
Laurent Bigonville2e938332013-11-06 13:24:01 +0100[diff] [blame]96usage: semanage [\-h]