The semanage command in Linux is used to manage SELinux (Security-Enhanced Linux) policies, configurations, and contexts. If you are using Rocky Linux 9.3, here's a brief guide on how to use semanage for common tasks:

Installing semanage

First, you need to ensure that the policycoreutils-python-utils package, which includes semanage, is installed:

sudo dnf install policycoreutils-python-utils

Common semanage Usage

Here are some common semanage commands and their usage:

1. Adding and Modifying Port Contexts

To add a new port to a specific SELinux context:

sudo semanage port -a -t http_port_t -p tcp 8080

• -a: Add a new port.
• -t: Type of the context, here http_port_t.
• -p: Protocol, here tcp.
• 8080: Port number to be added.

To modify an existing port:

sudo semanage port -m -t http_port_t -p tcp 8081

• -m: Modify an existing port.

2. Listing Port Contexts

To list all ports with their SELinux contexts:

sudo semanage port -l

3. Managing File Contexts

To add a file context:

sudo semanage fcontext -a -t httpd_sys_content_t "/var/www/html(/.*)?"

• -a: Add a new file context.
• -t: Type of the context, here httpd_sys_content_t.
• "/var/www/html(/.*)?": Directory and its content to be labeled.

To apply the new context to existing files, use restorecon:

sudo restorecon -R -v /var/www/html

4. Listing File Contexts

To list all file contexts:

sudo semanage fcontext -l

5. Managing Boolean Values

To enable a Boolean value:

sudo setsebool -P httpd_can_network_connect on

• -P: Make the change persistent across reboots.

To list all Boolean values and their current state:

sudo getsebool -a

Using semanage with SELinux Modes

Rocky Linux comes with SELinux enabled by default. To check the current SELinux mode:

sestatus

To switch SELinux mode to permissive or enforcing:

sudo setenforce Permissive

or