semodule
Manage SELinux policy modules
TLDR
List all installed policy modules
$ sudo semodule -l
Install a new policy module$ sudo semodule -i path/to/module.pp
Remove a policy module$ sudo semodule -r module_name
Enable a policy module$ sudo semodule -e module_name
Disable a policy module$ sudo semodule -d module_name
Reload all policy modules$ sudo semodule -R
List with verbose version info$ sudo semodule -l -v
SYNOPSIS
semodule [options]
DESCRIPTION
semodule manages SELinux policy modules. It installs, removes, enables, and disables modular policy components that extend the base SELinux policy.
Policy modules allow customization of SELinux rules without modifying the base policy.
PARAMETERS
-l, --list
List installed modules-i, --install file
Install policy module (.pp file)-r, --remove name
Remove module-e, --enable name
Enable module-d, --disable name
Disable module-R, --reload
Reload all modules-v, --verbose
Show verbose information
CAVEATS
Module changes require policy reload. Installing incompatible modules may cause policy errors.
HISTORY
Part of policycoreutils, providing modular SELinux policy management.
SEE ALSO
audit2allow(1), semanage(8)