semanage-dontaudit(8)semanage-dontaudit(8)NAME
semanage dontaudit- SELinux Policy Management dontaudit tool
SYNOPSIS
semanage dontaudit [-h] [-S STORE] [-N] {on,off}
DESCRIPTION
semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources.
semanage dontaudit toggles whether or not dontaudit rules will be in the policy. Policy writers use dontaudit rules to cause confined
applications to use alternative paths. Dontaudit rules are denied but not reported in the logs. Some times dontaudit rules can cause bugs
in applications but policy writers will not relize it since the AVC is not audited. Turning off dontaudit rules with this command to see
if the kernel is blocking an access.
OPTIONS -h, --help
show this help message and exit
-S STORE, --store STORE
Select an alternate SELinux Policy Store to manage
-N, --noreload
Do not reload the policy after commit
EXAMPLE
Turn off dontaudit rules
# semanage dontaudit off
SEE ALSO
selinux (8), semanage (8)
AUTHOR
This man page was written by Daniel Walsh <dwalsh@redhat.com>
20130617 semanage-dontaudit(8)
Check Out this Related Man Page
semanage-port(8)semanage-port(8)NAME
semanage port- SELinux Policy Management port mapping tool
SYNOPSIS
semanage port [-h] [-n] [-N] [-s STORE] [ --add -t TYPE -p PROTOCOL -r RANGE port_name | port_range | --delete -p PROTOCOL port_name |
port_range | --deleteall | --extract | --list [-C] | --modify -t TYPE -p PROTOCOL -r RANGE port_name | port_range ]
DESCRIPTION
semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources.
semanage port controls the port number to port type defitions.
OPTIONS -h, --help
show this help message and exit
-n, --noheading
Do not print heading when listing the specified object type
-N, --noreload
Do not reload policy after commit
-S STORE, --store STORE
Select an alternate SELinux Policy Store to manage
-C, --locallist
List local customizations
-a, --add
Add a record of the specified object type
-d, --delete
Delete a record of the specified object type
-m, --modify
Modify a record of the specified object type
-l, --list
List records of the specified object type
-E, --extract
Extract customizable commands, for use within a transaction
-D, --deleteall
Remove all local customizations
-t TYPE, --type TYPE
SELinux type for the object
-r RANGE, --range RANGE
MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range.
SELinux Range for SELinux user defaults to s0.
-p PROTO, --proto PROTO
Protocol for the specified port (tcp|udp) or internet protocol version for the specified node (ipv4|ipv6).
EXAMPLE
List all port defitions
# semanage port -l
Allow Apache to listen on tcp port 81
# semanage port -a -t http_port_t -p tcp 81
Allow sshd to listen on tcp port 8991
# semanage port -a -t ssh_port_t -p tcp 8991
SEE ALSO
selinux (8), semanage (8)
AUTHOR
This man page was written by Daniel Walsh <dwalsh@redhat.com>
20130617 semanage-port(8)
For the life of me, I cannot find semanage binary using a default install. I have the following packages installed. Any help is appreciated.
libsemanage-2.0.43-4.el6.i686
policycoreutils-2.0.82-32.el6.i686
current kernel: 2.6.32-44.1.el6.i686 (1 Reply)
Hello,
I have these S10 boxes with LACP using the L4 policy. Does the L4 policy create a lot more overhead as opposed to using the L2?
I'm noticing that my traffic does not seem to be very well load balanced accross the NIC's, and I am wondering if the policy I'm using has anything else to do... (1 Reply)
Discussion started by: BG_JrAdmin
1 Replies
5. Post Here to Contact Site Administrators and Moderators
I had a consultation request thread removed and a PM telling me to read the rules. I actually DID read the rules prior to the posting...gave pause on the headhunter/recruitment clause...decided that rule was for more permanent positions and went forward with the consultation request.
I... (0 Replies)