The semanage
command in Linux is used to manage SELinux (Security-Enhanced Linux) policies, configurations, and contexts. If you are using Rocky Linux 9.3, here's a brief guide on how to use semanage
for common tasks:
Installing semanage
First, you need to ensure that the policycoreutils-python-utils
package, which includes semanage
, is installed:
sudo dnf install policycoreutils-python-utils
Common semanage
Usage
Here are some common semanage
commands and their usage:
1. Adding and Modifying Port Contexts
To add a new port to a specific SELinux context:
sudo semanage port -a -t http_port_t -p tcp 8080
-a
: Add a new port.-t
: Type of the context, herehttp_port_t
.-p
: Protocol, heretcp
.8080
: Port number to be added.
To modify an existing port:
sudo semanage port -m -t http_port_t -p tcp 8081
-m
: Modify an existing port.
2. Listing Port Contexts
To list all ports with their SELinux contexts:
sudo semanage port -l
3. Managing File Contexts
To add a file context:
sudo semanage fcontext -a -t httpd_sys_content_t "/var/www/html(/.*)?"
-a
: Add a new file context.-t
: Type of the context, herehttpd_sys_content_t
."/var/www/html(/.*)?"
: Directory and its content to be labeled.
To apply the new context to existing files, use restorecon
:
sudo restorecon -R -v /var/www/html
4. Listing File Contexts
To list all file contexts:
sudo semanage fcontext -l
5. Managing Boolean Values
To enable a Boolean value:
sudo setsebool -P httpd_can_network_connect on
-P
: Make the change persistent across reboots.
To list all Boolean values and their current state:
sudo getsebool -a
Using semanage
with SELinux Modes
Rocky Linux comes with SELinux enabled by default. To check the current SELinux mode:
sestatus
To switch SELinux mode to permissive or enforcing:
sudo setenforce Permissive
or
sudo setenforce Enforcing
sudo nano /etc/selinux/config
SELINUX
line to:SELINUX=permissive
SELINUX=enforcing
Conclusion
The semanage
tool is powerful for managing SELinux policies and contexts in Rocky Linux 9.3. By using the commands above, you can configure port contexts, file contexts, and Boolean values to control how SELinux applies security policies on your system. For more detailed usage, refer to the semanage
man pages:
man semanage