The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

semanage (8)
  • semanage (8) ( Русские man: Команды системного администрирования )
  • >> semanage (8) ( Linux man: Команды системного администрирования )
    •  

    NAME

    semanage - SELinux Policy Management tool

    
 

    SYNOPSIS

    semanage {login|user|port|interface|fcontext|translation} -l [-n]
    semanage login -{a|d|m} [-sr] login_name
    semanage user -{a|d|m} [-LrRP] selinux_name
    semanage port -{a|d|m} [-tr] [-p protocol] port | port_range
    semanage interface -{a|d|m} [-tr] interface_spec
    semanage fcontext -{a|d|m} [-frst] file_spec
    semanage translation -{a|d|m} [-T] level

     

    DESCRIPTION

    semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. This includes the mapping from Linux usernames to SELinux user identities (which controls the initial security context assigned to Linux users when they login and bounds their authorized role set) as well as security context mappings for various kinds of objects, such as network ports, interfaces, and nodes (hosts) as well as the file context mapping. See the EXAMPLES section below for some examples of common usage. Note that the semanage login command deals with the mapping from Linux usernames (logins) to SELinux user identities, while the semanage user command deals with the mapping from SELinux user identities to authorized role sets. In most cases, only the former mapping needs to be adjusted by the administrator; the latter is principally defined by the base policy and usually does not require modification.

     

    OPTIONS

    -a, --add
    Add a OBJECT record NAME
    -d, --delete
    Delete a OBJECT record NAME
    -f, --ftype
    File Type. This is used with fcontext. Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
    -h, --help
    display this message
    -l, --list
    List the OBJECTS
    -L, --level
    Default SELinux Level for SELinux use, s0 Default. (MLS/MCS Systems only)
    -m, --modify
    Modify a OBJECT record NAME
    -n, --noheading
    Do not print heading when listing OBJECTS.
    -p, --proto
    Protocol for the specified port (tcp|udp).
    -r, --range
    MLS/MCS Security Range (MLS/MCS Systems only)
    -R, --role
    SELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify -R multiple times.
    -P, --prefix
    SELinux Prefix. Prefix added to home_dir_t and home_t for labeling users home directories.
    -s, --seuser
    SELinux user name
    -t, --type
    SELinux Type for the object
    -T, --trans
    SELinux Translation

     

    EXAMPLE

    # View SELinux user mappings
$ semanage user -l
# Allow joe to login as staff_u
$ semanage login -a -s staff_u joe
# Add file-context for everything under /web (used by restorecon)
$ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
# Allow Apache to listen on port 81
$ semanage port -a -t http_port_t -p tcp 81

     

    AUTHOR

    This man page was written by Daniel Walsh <dwalsh@redhat.com> and Russell Coker <rcoker@redhat.com>. Examples by Thomas Bleher <ThomasBleher@gmx.de>.

     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    OPTIONS
    EXAMPLE
    AUTHOR

    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей     		Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру