NAME
semodule - Manage SELinux policy modules.
SYNOPSIS
semodule [options]... MODE [MODES]...
DESCRIPTION
semodule is the tool used to manage SELinux policy modules, including
installing, upgrading, listing and removing modules. semodule may also
be used to force a rebuild of policy from the module store and/or to
force a reload of policy without performing any other transaction.
semodule acts on module packages created by semodule_package.
Conventionally, these files have a .pp suffix (policy package),
although this is not mandated in any way.
OPTIONS
-R, --reload
force a reload of policy
-B, --build
force a rebuild of policy (also reloads unless -n is used)
-D, --disable_dontaudit
Temporarily remove dontaudits from policy. Reverts whenever
policy is rebuilt
-i,--install=MODULE_PKG
install/replace a module package
-u,--upgrade=MODULE_PKG
upgrade an existing module package, or install if the module
does not exist
-b,--base=MODULE_PKG
install/replace base module package
-d,--disable=MODULE_NAME
disable existing module
-e,--enable=MODULE_NAME
enable existing module
-r,--remove=MODULE_NAME
remove existing module
-l,--list-modules
display list of installed modules (other than base)
-s,--store
name of the store to operate on
-n,--noreload
do not reload policy after commit
-h,--help
prints help message and quit
-v,--verbose
be verbose
EXAMPLE
# Install or replace a base policy package.
$ semodule -b base.pp
# Install or replace a non-base policy package.
$ semodule -i httpd.pp
# List non-base modules.
$ semodule -l
# Turn on all AVC Messages for which SELinux currently is "dontaudit"ing.
$ semodule -DB
# Turn "dontaudit" rules back on.
$ semodule -B
# Install or replace all non-base modules in the current directory.
$ semodule -i *.pp
# Install or replace all modules in the current directory.
$ ls *.pp | grep -Ev "base.pp|enableaudit.pp" | xargs /usr/sbin/semodule -b base.pp -i
SEE ALSO
checkmodule(8), semodule_package(8)
AUTHORS
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
The program was written by Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>, Jason Tang <jtang@tresys.com>