Menu :

TL;DR

semanage

SELinux persistent policy management tool. Some subcommands such as boolean, fcontext, port, etc. have their own usage documentation. More information: https://manned.org/semanage.

Set or unset a SELinux boolean. Booleans allow the administrator to customize how policy rules affect confined process types (a.k.a domains):

sudo semanage boolean -m|--modify -1|--on|-0|--off haproxy_connect_any

Add a user-defined file context labeling rule. File contexts define what files confined domains are allowed to access:

sudo semanage fcontext -a|--add -t|--type samba_share_t '/mnt/share(/.*)?'

Add a user-defined port labeling rule. Port labels define what ports confined domains are allowed to listen on:

sudo semanage port -a|--add -t|--type ssh_port_t -p|--proto tcp 22000

Set or unset permissive mode for a confined domain. Per-domain permissive mode allows more granular control compared to setenforce:

sudo semanage permissive -a|--add|-d|--delete httpd_t

Output local customizations in the default store:

sudo semanage export -f|--output_file path/to/file

Import a file generated by semanage export into local customizations (CAREFUL: may remove current customizations!):

sudo semanage import -f|--input_file path/to/file

This document was created using the contents of the tldr project.

a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
others