semanage-node - Man Page
SELinux Policy Management node mapping tool
Synopsis
semanage node [-h] [-n] [-N] [-S STORE] [ --add -M NETMASK -p PROTOCOL -t TYPE -r RANGE node | --delete -M NETMASK -p PROTOCOL node | --deleteall | --extract | --list [-C] | --modify -M NETMASK -p PROTOCOL -t TYPE -r RANGE node ]
Description
semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. semanage node controls the IP address to node type definitions.
Options
- -h, --help
Show this help message and exit
- -n, --noheading
Do not print heading when listing the specified object type
- -N, --noreload
Do not reload policy after commit
- -S STORE, --store STORE
Select an alternate SELinux Policy Store to manage
- -C, --locallist
List local customizations
- -a, --add
Add a record of the specified object type
- -d, --delete
Delete a record of the specified object type
- -m, --modify
Modify a record of the specified object type
- -l, --list
List records of the specified object type
- -E, --extract
Extract customizable commands, for use within a transaction
- -D, --deleteall
Remove all local customizations
- -M NETMASK, --netmask NETMASK
Network Mask, either in CIDR (/16) or address mask notation (255.255.0.0, ffff::)
- -t TYPE, --type TYPE
SELinux type for the object
- -r RANGE, --range RANGE
MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range. SELinux Range for SELinux user defaults to s0.
- -p PROTO, --proto PROTO
Protocol for the specified port (tcp|udp) or internet protocol version for the specified node (ipv4|ipv6).
Example
Apply type node_t to ipv4 node 127.0.0.2 # semanage node -a -t node_t -p ipv4 -M 255.255.255.255 127.0.0.2