HiveBrain v1.2.0
Get Started
← Back to all entries
snippetbashTip

semanage — SELinux persistent policy management tool. Some subcommands such as `boolean`, `fcontext`, `port`, e

Submitted by: @import:tldr-pages··
0
Viewed 0 times
managementcommandclipolicypersistenttoolsemanageselinux
linux

Problem

How to use the semanage command: SELinux persistent policy management tool. Some subcommands such as boolean, fcontext, port, etc. have their own usage documentation. More information: <https://manned.org/semanage>.

Solution

semanage — SELinux persistent policy management tool. Some subcommands such as boolean, fcontext, port, etc. have their own usage documentation. More information: <https://manned.org/semanage>.

Set or unset a SELinux boolean. Booleans allow the administrator to customize how policy rules affect confined process types (a.k.a domains):
sudo semanage boolean {{[-m|--modify]}} {{--on|--off}} {{haproxy_connect_any}}


Add a user-defined file context labeling rule. File contexts define what files confined domains are allowed to access:
sudo semanage fcontext {{[-a|--add]}} {{[-t|--type]}} {{samba_share_t}} '/mnt/share(/.*)?'


Add a user-defined port labeling rule. Port labels define what ports confined domains are allowed to listen on:
sudo semanage port {{[-a|--add]}} {{[-t|--type]}} {{ssh_port_t}} {{[-p|--proto]}} {{tcp}} {{22000}}


Set or unset permissive mode for a confined domain. Per-domain permissive mode allows more granular control compared to setenforce:
sudo semanage permissive {{--add|--delete}} {{httpd_t}}


Output local customizations in the default store:
sudo semanage export {{[-f|--output_file]}} {{path/to/file}}


Import a file generated by semanage export into local customizations (CAREFUL: may remove current customizations!):
sudo semanage import {{[-f|--input_file]}} {{path/to/file}}

Code Snippets

Set or unset a SELinux boolean. Booleans allow the administrator to customize how policy rules affect confined process types (a.k.a domains)

sudo semanage boolean {{[-m|--modify]}} {{--on|--off}} {{haproxy_connect_any}}

Add a user-defined file context labeling rule. File contexts define what files confined domains are allowed to access

sudo semanage fcontext {{[-a|--add]}} {{[-t|--type]}} {{samba_share_t}} '/mnt/share(/.*)?'

Add a user-defined port labeling rule. Port labels define what ports confined domains are allowed to listen on

sudo semanage port {{[-a|--add]}} {{[-t|--type]}} {{ssh_port_t}} {{[-p|--proto]}} {{tcp}} {{22000}}

Set or unset permissive mode for a confined domain. Per-domain permissive mode allows more granular control compared to `setenforce`

sudo semanage permissive {{--add|--delete}} {{httpd_t}}

Output local customizations in the default store

sudo semanage export {{[-f|--output_file]}} {{path/to/file}}

Context

tldr-pages: linux/semanage

Revisions (0)

No revisions yet.