Your company here — click to reach over 10,000 unique daily visitors

semanage-permissive - Man Page

SELinux Policy Management permissive mapping tool

Examples (TL;DR)


semanage permissive [-h] [-n] [-N] [-S STORE] (--add TYPE | --delete TYPE | --deleteall | --extract | --list)


semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. semanage permissive adds or removes a SELinux Policy permissive module. Please note that this command can make any domain permissive, but can only remove the permissive property from domains where it was added by semanage permissive ("semanage permissive -d" can only be used on types listed as "Customized Permissive Types" by "semanage permissive -l").


-h,  --help

Show this help message and exit

-a,  --add

Add a record of the specified object type

-d,  --delete

Delete a record of the specified object type

-D,  --deleteall

Remove all local customizations of permissive domains

-l,  --list

List records of the specified object type

-E,  --extract

Extract customizable commands, for use within a transaction

-n,  --noheading

Do not print heading when listing the specified object type

-N,  --noreload

Do not reload the policy after commit

-S STORE, --store STORE

Select an alternate SELinux Policy Store to manage


List all permissive domains ("Builtin Permissive Types" where set by the system policy, or a custom policy module)
# semanage permissive -l
Make httpd_t (Web Server) a permissive domain
# semanage permissive -a httpd_t

See Also

selinux(8), semanage(8)


This man page was written by Daniel Walsh <dwalsh@redhat.com>

Referenced By