Man Linux: Main Page and Category List


       semodule - Manage SELinux policy modules.


       semodule [options]... MODE [MODES]...


       semodule  is  the tool used to manage SELinux policy modules, including
       installing, upgrading, listing and removing modules.  semodule may also
       be  used  to  force a rebuild of policy from the module store and/or to
       force a reload of policy  without  performing  any  other  transaction.
       semodule   acts   on   module  packages  created  by  semodule_package.
       Conventionally,  these  files  have  a  .pp  suffix  (policy  package),
       although this is not mandated in any way.


       -R, --reload
              force a reload of policy

       -B, --build
              force a rebuild of policy (also reloads unless -n is used)

       -D, --disable_dontaudit
              Temporarily  remove  dontaudits  from  policy.  Reverts whenever
              policy is rebuilt

              install/replace a module package

              upgrade an existing module package, or  install  if  the  module
              does not exist

              install/replace base module package

              disable existing module

              enable existing module

              remove existing module

              display list of installed modules (other than base)

              name of the store to operate on

              do not reload policy after commit

              prints help message and quit

              be verbose


       # Install or replace a base policy package.
       $ semodule -b base.pp
       # Install or replace a non-base policy package.
       $ semodule -i httpd.pp
       # List non-base modules.
       $ semodule -l
       # Turn on all AVC Messages for which SELinux currently is "dontaudit"ing.
       $ semodule -DB
       # Turn "dontaudit" rules back on.
       $ semodule -B
       # Install or replace all non-base modules in the current directory.
       $ semodule -i *.pp
       # Install or replace all modules in the current directory.
       $ ls *.pp | grep -Ev "base.pp|enableaudit.pp" | xargs /usr/sbin/semodule -b base.pp -i


       checkmodule(8), semodule_package(8)


       This manual page was written by Dan Walsh <>.
       The program was written by Karl MacMillan <>, Joshua Brindle <>, Jason Tang <>