semanage

SELinux persistent policy management tool. Some subcommands such as boolean, fcontext, port, etc. have their own usage documentation. More information: https://manned.org/semanage.

• Set or unset a SELinux boolean. Booleans allow the administrator to customize how policy rules affect confined process types (a.k.a domains):

sudo semanage boolean -m|–modify -1|–on|-0|–off haproxy_connect_any

• Add a user-defined file context labeling rule. File contexts define what files confined domains are allowed to access:

sudo semanage fcontext -a|–add -t|–type samba_share_t '/mnt/share(/.*)?'

• Add a user-defined port labeling rule. Port labels define what ports confined domains are allowed to listen on:

sudo semanage port -a|–add -t|–type ssh_port_t -p|–proto tcp 22000

• Set or unset permissive mode for a confined domain. Per-domain permissive mode allows more granular control compared to setenforce:

sudo semanage permissive -a|–add|-d|–delete httpd_t

• Output local customizations in the default store:

sudo semanage export -f|–output_file path/to/file

• Import a file generated by semanage export into local customizations (CAREFUL: may remove current customizations!):

sudo semanage import -f|–input_file path/to/file