Linux command
semodule 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
List
sudo semodule -l
Install
sudo semodule -i path/to/module.pp
Remove
sudo semodule -r module_name
Enable
sudo semodule -e module_name
Disable
sudo semodule -d module_name
Reload
sudo semodule -R
Example
sudo semodule -l -v
说明
semodule manages SELinux policy modules. It installs, removes, enables, and disables modular policy components that extend the base SELinux policy. Policy modules allow customization of SELinux rules without modifying the base policy.
参数
- -l, --list
- List installed modules
- -i, --install _file_
- Install policy module (.pp file)
- -r, --remove _name_
- Remove module
- -e, --enable _name_
- Enable module
- -d, --disable _name_
- Disable module
- -R, --reload
- Force a reload of policy.
- -B, --build
- Force a rebuild of policy (also reloads unless -n is used).
- -X, --priority _PRIORITY_
- Set priority (1-999) for the following operations.
- -s, --store _NAME_
- Name of the store to operate on.
- -n, --noreload
- Do not reload policy after commit.
- -D, --disable_dontaudit
- Temporarily remove dontaudit rules from policy.
- -v, --verbose
- Be verbose.
FAQ
What is the semodule command used for?
semodule manages SELinux policy modules. It installs, removes, enables, and disables modular policy components that extend the base SELinux policy. Policy modules allow customization of SELinux rules without modifying the base policy.
How do I run a basic semodule example?
Run `sudo semodule -l` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -l, --list do in semodule?
List installed modules