SEMODULE_EXPAND(8) NSA SEMODULE_EXPAND(8)NAME
semodule_expand - Expand a SELinux policy module package.
SYNOPSIS
semodule_expand [-V ] [ -a ] [ -c [version]] basemodpkg outputfile
DESCRIPTION
semodule_expand is a developer tool for manually expanding a base policy module package into a kernel binary policy file. This tool is not
necessary for normal operation of SELinux. In normal operation, such expanding is performed internally by libsemanage in response to
semodule commands. Base policy module packages can be created directly by semodule_package or by semodule_link (when linking together a
set of packages into a single package).
OPTIONS -V show version
-c [version]
policy version to create
-a Do not check assertions. This will cause the policy to not check any neverallow rules.
SEE ALSO checkmodule(8), semodule_package(8), semodule(8), semodule_link(8) (8),
AUTHORS
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
The program was written by Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>
Security Enhanced Linux Nov 2005 SEMODULE_EXPAND(8)
Check Out this Related Man Page
SEMODULE(8) NSA SEMODULE(8)NAME
semodule - Manage SELinux policy modules.
SYNOPSIS
semodule [options]... MODE [MODES]...
DESCRIPTION
semodule is the tool used to manage SELinux policy modules, including installing, upgrading, listing and removing modules. semodule may
also be used to force a rebuild of policy from the module store and/or to force a reload of policy without performing any other transac-
tion. semodule acts on module packages created by semodule_package. Conventionally, these files have a .pp suffix (policy package),
although this is not mandated in any way.
OPTIONS -R, --reload
force a reload of policy
-B, --build
force a rebuild of policy (also reloads unless -n is used)
-D, --disable_dontaudit
Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt
-i,--install=MODULE_PKG
install/replace a module package
-u,--upgrade=MODULE_PKG
upgrade an existing module package, or install if the module does not exist
-b,--base=MODULE_PKG
install/replace base module package
-d,--disable=MODULE_NAME
disable existing module
-e,--enable=MODULE_NAME
enable existing module
-p,--path=ROOTPATH
use an alternate root path
-r,--remove=MODULE_NAME
remove existing module
-l,--list-modules
display list of installed modules (other than base)
-s,--store
name of the store to operate on
-n,--noreload
do not reload policy after commit
-h,--help
prints help message and quit
-v,--verbose
be verbose
EXAMPLE
# Install or replace a base policy package.
$ semodule -b base.pp
# Install or replace a non-base policy package.
$ semodule -i httpd.pp
# List non-base modules.
$ semodule -l
# Turn on all AVC Messages for which SELinux currently is "dontaudit"ing.
$ semodule -DB
# Turn "dontaudit" rules back on.
$ semodule -B
# Install or replace all non-base modules in the current directory.
$ semodule -i *.pp
# Install or replace all modules in the current directory.
$ ls *.pp | grep -Ev "base.pp|enableaudit.pp" | xargs /usr/sbin/semodule -b base.pp -i
SEE ALSO checkmodule(8), semodule_package(8)AUTHORS
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
The program was written by Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>, Jason Tang <jtang@tresys.com>
Security Enhanced Linux Nov 2005 SEMODULE(8)