semodule

Manage SELinux policy modules

TLDR

List all installed policy modules

$ sudo semodule -l

Install a new policy module

$ sudo semodule -i path/to/module.pp

Remove a policy module

$ sudo semodule -r module_name

Enable a policy module

$ sudo semodule -e module_name

Disable a policy module

$ sudo semodule -d module_name

Reload all policy modules

$ sudo semodule -R

List with verbose version info

$ sudo semodule -l -v

semodule manages SELinux policy modules. It installs, removes, enables, and disables modular policy components that extend the base SELinux policy.Policy modules allow customization of SELinux rules without modifying the base policy.

PARAMETERS

-l, --list

List installed modules

-i, --install file

Install policy module (.pp file)

-r, --remove name

Remove module

-e, --enable name

Enable module

-d, --disable name

Disable module

-R, --reload

Force a reload of policy.

-B, --build

Force a rebuild of policy (also reloads unless -n is used).

-X, --priority PRIORITY

Set priority (1-999) for the following operations.

-s, --store NAME

Name of the store to operate on.

-n, --noreload

Do not reload policy after commit.

-D, --disable_dontaudit

Temporarily remove dontaudit rules from policy.

-v, --verbose

Be verbose.

CAVEATS

Module changes require policy reload. Installing incompatible modules may cause policy errors.

HISTORY

Part of policycoreutils, providing modular SELinux policy management.

semodule

Manage SELinux policy modules

TLDR

SYNOPSIS

DESCRIPTION

PARAMETERS

CAVEATS

HISTORY

SEE ALSO