semodule - Manage SELinux policy modules.

semodule [options]... MODE [MODES]...

semodule is the tool used to manage SELinux policy modules, including installing, upgrading, listing and removing modules. semodule may also be used to force a rebuild of policy from the module store and/or to force a reload of policy without performing any other transaction. semodule acts on module packages created by semodule_package. Conventionally, these files have a .pp suffix (policy package), although this is not mandated in any way.

-R, --reload

force a reload of policy

-B, --build

force a rebuild of policy (also reloads unless -n is used)

-i,--install=MODULE_PKG

install/replace a module package

-u,--upgrade=MODULE_PKG

upgrade an existing module package

-b,--base=MODULE_PKG

install/replace base module package

-r,--remove=MODULE_NAME

remove existing module

-l,--list-modules

display list of installed modules (other than base)

-s,--store

name of the store to operate on

-n,--noreload

do not reload policy after commit

-h,--help

prints help message and quit

-v,--verbose

be verbose

# Install a base policy package.
$ semodule -b base.pp
# Install a non-base policy package.
$ semodule -i httpd.pp
# List non-base modules.
$ semodule -l

checkmodule(8), semodule_package(8) (8),

This manual page was written by Dan Walsh <dwalsh@redhat.com>.
The program was written by Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>, Jason Tang <jtang@tresys.com>