semanage命令

Question

semanage命令有什么用？

Answer 1

semanage - SELinux Policy Management toolSYNOPSIS

Output local customizations：导出selinux当前策略

semanage [ -S store ] -o [ output_file | - ]

Input local customizations：导入selinux策略
semanage [ -S store ] -i [ input_file | - ]

Manage booleans. Booleans allow the administrator to modify the confinement of processes based on his configuration.：管理一些进程、服务的开关、配置等等，全是开关两个状态
semanage boolean [-S store] -{d|m|l|n|D} -[-on|-off|1|0] -F boolean | boolean_file

Manage SELinux confined users (Roles and levels for an SELinux user)

semanage user [-S store] -{a|d|m|l|n|D} [-LrRP] selinux_name

Manage login mappings between linux users and SELinux confined users：将linux已存在的用户user映射到登陆保护

semanage login [-S store] -{a|d|m|l|n|D} [-sr] login_name | %groupname

-a：添加

-d：删除

-m：修改

-l：列举

-n：不打印说明头

-D：全部删除

例子：semanage login -a -s unconfined_u leowang

Manage network port type definitions：管理网络端口
semanage port [-S store] -{a|d|m|l|n|D} [-tr] [-p proto] port | port_range

 -t：类型

-r：角色

例子：semanage port -a -t http_port_t -p tcp 81

Manage network interface type definitions
semanage interface [-S store] -{a|d|m|l|n|D} [-tr] interface_spec

Manage network node type definitions
semanage node [-S store] -{a|d|m|l|n|D} [-tr] [ -p protocol ] [-M netmask] address

Manage file context mapping definitions：管理文件安全上下文的映射

-f：文件

-s：用户

-t：类型

r：角色
semanage fcontext [-S store] -{a|d|m|l|n|D} [-frst] file_spec
semanage fcontext [-S store] -{a|d|m|l|n|D} -e replacement target
例子：semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"    //新建一条规则，指定/web目录及其下的所有文件的扩展属性为httpd_sys_content_t

Manage processes type enforcement mode
semanage permissive [-S store] -{a|d|l|n|D} type

Disable/Enable dontaudit rules in policy
semanage dontaudit [-S store] [ on | off ]

Execute multiple commands within a single transaction.

semanage [-S store] -i command-file