man semodule (Administration système) - Manage SELinux policy modules.

NAME

semodule - Manage SELinux policy modules.

SYNOPSIS

semodule [options]... MODE [MODES]...

DESCRIPTION

semodule is the tool used to manage SELinux policy modules, including installing, upgrading, listing and removing modules. semodule may also be used to force a rebuild of policy from the module store and/or to force a reload of policy without performing any other transaction. semodule acts on module packages created by semodule_package. Conventionally, these files have a .pp suffix (policy package), although this is not mandated in any way.

OPTIONS

-R, --reload
force a reload of policy
-B, --build
force a rebuild of policy (also reloads unless -n is used)
-i,--install=MODULE_PKG
install/replace a module package
-u,--upgrade=MODULE_PKG
upgrade an existing module package
-b,--base=MODULE_PKG
install/replace base module package
-r,--remove=MODULE_NAME
remove existing module
-l,--list-modules
display list of installed modules (other than base)
-s,--store
name of the store to operate on
-n,--noreload
do not reload policy after commit
-h,--help
prints help message and quit
-v,--verbose
be verbose

EXAMPLE

# Install a base policy package.
$ semodule -b base.pp
# Install a non-base policy package.
$ semodule -i httpd.pp
# List non-base modules.
$ semodule -l

SEE ALSO

AUTHORS

This manual page was written by Dan Walsh <dwalsh@redhat.com>.
The program was written by Karl MacMillan <kmacmillan@tresys.com>, Joshua Brindle <jbrindle@tresys.com>, Jason Tang <jtang@tresys.com>