tldr/pages/linux/semanage.md

# semanage

> SELinux persistent policy management tool.
> Some subcommands such as `boolean`, `fcontext`, `port`, etc. have their own usage documentation.
> More information: <https://manned.org/semanage>.

- Set or unset a SELinux boolean. Booleans allow the administrator to customize how policy rules affect confined process types (a.k.a domains):

`sudo semanage boolean {{-m|--modify}} {{-1|--on|-0|--off}} {{haproxy_connect_any}}`

- Add a user-defined file context labeling rule. File contexts define what files confined domains are allowed to access:

`sudo semanage fcontext {{-a|--add}} {{-t|--type}} {{samba_share_t}} '/mnt/share(/.*)?'`

- Add a user-defined port labeling rule. Port labels define what ports confined domains are allowed to listen on:

`sudo semanage port {{-a|--add}} {{-t|--type}} {{ssh_port_t}} {{-p|--proto}} {{tcp}} {{22000}}`

- Set or unset permissive mode for a confined domain. Per-domain permissive mode allows more granular control compared to `setenforce`:

`sudo semenage permissive {{-a|--add|-d|--delete}} {{httpd_t}}`

- Output local customizations in the default store:

`sudo semanage export {{-f|--output_file}} {{path/to/file}}`

- Import a file generated by `semanage export` into local customizations (CAREFUL: may remove current customizations!):

`sudo semanage import {{-f|--input_file}} {{path/to/file}}`
semanage: add page (#4353) 2020-10-17 10:41:23 +01:00			`# semanage`

semanage: rewrite page (#12832) 2024-05-25 02:23:06 +01:00			`> SELinux persistent policy management tool.`
setenforce, {get,set}sebool, semanage-{boolean,port,permissive}: add page (#12834) Co-authored-by: spageektti <git@spageektti.cc> 2024-05-26 19:28:37 +01:00			> Some subcommands such as `boolean`, `fcontext`, `port`, etc. have their own usage documentation.
multiple pages: replace all die.net links (#5528) Most of the links were replaced by manned.org, except when there are more up-to-date sources (like `ifup`) or first-party sources (like `sftp`). 2021-04-16 15:42:14 +01:00			`> More information: <https://manned.org/semanage>.`
semanage: add page (#4353) 2020-10-17 10:41:23 +01:00
semanage: rewrite page (#12832) 2024-05-25 02:23:06 +01:00			`- Set or unset a SELinux boolean. Booleans allow the administrator to customize how policy rules affect confined process types (a.k.a domains):`
semanage: add page (#4353) 2020-10-17 10:41:23 +01:00
semanage: rewrite page (#12832) 2024-05-25 02:23:06 +01:00			`sudo semanage boolean {{-m\|--modify}} {{-1\|--on\|-0\|--off}} {{haproxy_connect_any}}`
semanage: add page (#4353) 2020-10-17 10:41:23 +01:00
semanage: rewrite page (#12832) 2024-05-25 02:23:06 +01:00			`- Add a user-defined file context labeling rule. File contexts define what files confined domains are allowed to access:`
semanage: add page (#4353) 2020-10-17 10:41:23 +01:00
semanage: rewrite page (#12832) 2024-05-25 02:23:06 +01:00			`sudo semanage fcontext {{-a\|--add}} {{-t\|--type}} {{samba_share_t}} '/mnt/share(/.*)?'`
semanage: add page (#4353) 2020-10-17 10:41:23 +01:00
semanage: rewrite page (#12832) 2024-05-25 02:23:06 +01:00			`- Add a user-defined port labeling rule. Port labels define what ports confined domains are allowed to listen on:`
semanage: add page (#4353) 2020-10-17 10:41:23 +01:00
semanage: rewrite page (#12832) 2024-05-25 02:23:06 +01:00			`sudo semanage port {{-a\|--add}} {{-t\|--type}} {{ssh_port_t}} {{-p\|--proto}} {{tcp}} {{22000}}`
semanage: add page (#4353) 2020-10-17 10:41:23 +01:00
semanage: rewrite page (#12832) 2024-05-25 02:23:06 +01:00			- Set or unset permissive mode for a confined domain. Per-domain permissive mode allows more granular control compared to `setenforce`:
semanage: add page (#4353) 2020-10-17 10:41:23 +01:00
semanage: rewrite page (#12832) 2024-05-25 02:23:06 +01:00			`sudo semenage permissive {{-a\|--add\|-d\|--delete}} {{httpd_t}}`
semanage: add page (#4353) 2020-10-17 10:41:23 +01:00
semanage: rewrite page (#12832) 2024-05-25 02:23:06 +01:00			`- Output local customizations in the default store:`
semanage: add page (#4353) 2020-10-17 10:41:23 +01:00
semanage: rewrite page (#12832) 2024-05-25 02:23:06 +01:00			`sudo semanage export {{-f\|--output_file}} {{path/to/file}}`

			- Import a file generated by `semanage export` into local customizations (CAREFUL: may remove current customizations!):

			`sudo semanage import {{-f\|--input_file}} {{path/to/file}}`