python/semanage/semanage.8 - platform/external/selinux - Git at Google

 .TH "semanage" "8" "20100223" "" ""
 .SH "NAME"
 semanage \- SELinux Policy Management tool

 .SH "SYNOPSIS"
 .B semanage                {import,export,login,user,port,interface,module,node,fcontext,boolean,permissive,dontaudit,ibpkey,ibendport}
                 ...
 .B positional arguments:

 .B    import
 Import local customizations

 .B    export
 Output local customizations

 .B    login
 Manage login mappings between linux users and SELinux confined users

 .B    user
 Manage SELinux confined users (Roles and levels for an SELinux user)

 .B    port
 Manage network port type definitions

 .B    interface
 Manage network interface type definitions

 .B    module
 Manage SELinux policy modules

 .B    node
 Manage network node type definitions

 .B    fcontext
 Manage file context mapping definitions

 .B    boolean
 Manage booleans to selectively enable functionality

 .B    permissive
 Manage process type enforcement mode

 .B    dontaudit
 Disable/Enable dontaudit rules in policy

 .B    ibpkey
 Manage infiniband pkey type definitions

 .B    ibendport
 Manage infiniband end port type definitions

 .SH "DESCRIPTION"
 semanage is used to configure certain elements of
 SELinux policy without requiring modification to or recompilation
 from policy sources.  This includes the mapping from Linux usernames
 to SELinux user identities (which controls the initial security context
 assigned to Linux users when they login and bounds their authorized role set)
 as well as security context mappings for various kinds of objects, such
 as network ports, interfaces, infiniband pkeys and endports, and nodes (hosts)
 as well as the file context mapping. Note that the semanage login command deals
 with the mapping from Linux usernames (logins) to SELinux user identities,
 while the semanage user command deals with the mapping from SELinux
 user identities to authorized role sets.  In most cases, only the
 former mapping needs to be adjusted by the administrator; the latter
 is principally defined by the base policy and usually does not require
 modification.

 .SH "OPTIONS"
 .TP
 .I                \-h, \-\-help
 List help information

 .SH "SEE ALSO"
 .BR selinux (8),
 .BR semanage-boolean (8),
 .BR semanage-dontaudit (8),
 .BR semanage-export (8),
 .BR semanage-fcontext (8),
 .BR semanage-import (8),
 .BR semanage-interface (8),
 .BR semanage-login (8),
 .BR semanage-module (8),
 .BR semanage-node (8),
 .BR semanage-permissive (8),
 .BR semanage-port (8),
 .BR semanage-user (8)
 .BR semanage-ibkey (8),
 .BR semanage-ibendport (8),

 .SH "AUTHOR"
 This man page was written by Daniel Walsh <dwalsh@redhat.com>
 .br
 and Russell Coker <rcoker@redhat.com>.
 .br
 Examples by Thomas Bleher <ThomasBleher@gmx.de>.
 usage: semanage [\-h]
	.TH "semanage" "8" "20100223" "" ""
	.SH "NAME"
	semanage \- SELinux Policy Management tool

	.SH "SYNOPSIS"
	.B semanage {import,export,login,user,port,interface,module,node,fcontext,boolean,permissive,dontaudit,ibpkey,ibendport}
	...
	.B positional arguments:

	.B import
	Import local customizations

	.B export
	Output local customizations

	.B login
	Manage login mappings between linux users and SELinux confined users

	.B user
	Manage SELinux confined users (Roles and levels for an SELinux user)

	.B port
	Manage network port type definitions

	.B interface
	Manage network interface type definitions

	.B module
	Manage SELinux policy modules

	.B node
	Manage network node type definitions

	.B fcontext
	Manage file context mapping definitions

	.B boolean
	Manage booleans to selectively enable functionality

	.B permissive
	Manage process type enforcement mode

	.B dontaudit
	Disable/Enable dontaudit rules in policy

	.B ibpkey
	Manage infiniband pkey type definitions

	.B ibendport
	Manage infiniband end port type definitions

	.SH "DESCRIPTION"
	semanage is used to configure certain elements of
	SELinux policy without requiring modification to or recompilation
	from policy sources. This includes the mapping from Linux usernames
	to SELinux user identities (which controls the initial security context
	assigned to Linux users when they login and bounds their authorized role set)
	as well as security context mappings for various kinds of objects, such
	as network ports, interfaces, infiniband pkeys and endports, and nodes (hosts)
	as well as the file context mapping. Note that the semanage login command deals
	with the mapping from Linux usernames (logins) to SELinux user identities,
	while the semanage user command deals with the mapping from SELinux
	user identities to authorized role sets. In most cases, only the
	former mapping needs to be adjusted by the administrator; the latter
	is principally defined by the base policy and usually does not require
	modification.

	.SH "OPTIONS"
	.TP
	.I \-h, \-\-help
	List help information

	.SH "SEE ALSO"
	.BR selinux (8),
	.BR semanage-boolean (8),
	.BR semanage-dontaudit (8),
	.BR semanage-export (8),
	.BR semanage-fcontext (8),
	.BR semanage-import (8),
	.BR semanage-interface (8),
	.BR semanage-login (8),
	.BR semanage-module (8),
	.BR semanage-node (8),
	.BR semanage-permissive (8),
	.BR semanage-port (8),
	.BR semanage-user (8)
	.BR semanage-ibkey (8),
	.BR semanage-ibendport (8),

	.SH "AUTHOR"
	This man page was written by Daniel Walsh <dwalsh@redhat.com>
	.br
	and Russell Coker <rcoker@redhat.com>.
	.br
	Examples by Thomas Bleher <ThomasBleher@gmx.de>.
	usage: semanage [\-h]