semanage(8) — Linux manual page


semanage(8)                                                  semanage(8)

NAME         top

       semanage - SELinux Policy Management tool

SYNOPSIS         top

                       ...  positional arguments:

       import Import local customizations

       export Output local customizations

       login Manage login mappings between linux users and SELinux
       confined users

       user Manage SELinux confined users (Roles and levels for an
       SELinux user)

       port Manage network port type definitions

       interface Manage network interface type definitions

       module Manage SELinux policy modules

       node Manage network node type definitions

       fcontext Manage file context mapping definitions

       boolean Manage booleans to selectively enable functionality

       permissive Manage process type enforcement mode

       dontaudit Disable/Enable dontaudit rules in policy

       ibpkey Manage infiniband pkey type definitions

       ibendport Manage infiniband end port type definitions

DESCRIPTION         top

       semanage is used to configure certain elements of SELinux policy
       without requiring modification to or recompilation from policy
       sources.  This includes the mapping from Linux usernames to
       SELinux user identities (which controls the initial security
       context assigned to Linux users when they login and bounds their
       authorized role set) as well as security context mappings for
       various kinds of objects, such as network ports, interfaces,
       infiniband pkeys and endports, and nodes (hosts) as well as the
       file context mapping. Note that the semanage login command deals
       with the mapping from Linux usernames (logins) to SELinux user
       identities, while the semanage user command deals with the
       mapping from SELinux user identities to authorized role sets.  In
       most cases, only the former mapping needs to be adjusted by the
       administrator; the latter is principally defined by the base
       policy and usually does not require modification.

OPTIONS         top

       -h, --help
              List help information

SEE ALSO         top

       selinux(8), semanage-boolean(8), semanage-dontaudit(8),
       semanage-export(8), semanage-fcontext(8), semanage-import(8),
       semanage-interface(8), semanage-login(8), semanage-module(8),
       semanage-node(8), semanage-permissive(8), semanage-port(8),
       semanage-user(8) semanage-ibkey(8), semanage-ibendport(8),

AUTHOR         top

       This man page was written by Daniel Walsh <>
       and Russell Coker <>.
       Examples by Thomas Bleher <>.  usage: semanage

COLOPHON         top

       This page is part of the selinux (Security-Enhanced Linux user-
       space libraries and tools) project.  Information about the
       project can be found at 
       ⟨⟩.  If you have a
       bug report for this manual page, see
       This page was obtained from the project's upstream Git repository
       ⟨⟩ on 2021-08-27.  (At
       that time, the date of the most recent commit that was found in
       the repository was 2021-08-23.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to

                                20100223                     semanage(8)

Pages that refer to this page: customizable_types(5)semanage.conf(5)chcat(8)genhomedircon(8)sefcontext_compile(8)selinux(8)semanage-boolean(8)semanage-dontaudit(8)semanage-export(8)semanage-fcontext(8)semanage-ibendport(8)semanage-ibpkey(8)semanage-import(8)semanage-interface(8)semanage-login(8)semanage-module(8)semanage-permissive(8)semanage-port(8)semanage-user(8)sepolicy-network(8)setsebool(8)system-config-selinux(8)