semanage-node - Man Page

SELinux Policy Management node mapping tool


semanage node [-h] [-n] [-N] [-S STORE] [ --add -M NETMASK -p PROTOCOL -t TYPE -r RANGE node | --delete -M NETMASK -p PROTOCOL node | --deleteall | --extract | --list [-C] | --modify -M NETMASK -p PROTOCOL -t TYPE -r RANGE node ]


semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. semanage node controls the IP address to node type definitions.


-h,  --help

Show this help message and exit

-n,  --noheading

Do not print heading when listing the specified object type

-N,  --noreload

Do not reload policy after commit

-S STORE, --store STORE

Select an alternate SELinux Policy Store to manage

-C,  --locallist

List local customizations

-a,  --add

Add a record of the specified object type

-d,  --delete

Delete a record of the specified object type

-m,  --modify

Modify a record of the specified object type

-l,  --list

List records of the specified object type

-E,  --extract

Extract customizable commands, for use within a transaction

-D,  --deleteall

Remove all local customizations


Network Mask, either in CIDR (/16) or address mask notation (, ffff::)

-t TYPE, --type TYPE

SELinux type for the object

-r RANGE, --range RANGE

MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range. SELinux Range for SELinux user defaults to s0.

-p PROTO, --proto PROTO

Protocol for the specified port (tcp|udp) or internet protocol version for the specified node (ipv4|ipv6).


Apply type node_t to ipv4 node
# semanage node -a -t node_t -p ipv4 -M

See Also

selinux(8), semanage(8)

Referenced By