Copied to clipboard


The semanage command line is a tool for managing SELinux policies, which can be used to change SELinux security contexts and policies. It allows users to change the SELinux context for files and processes, as well as add, delete, and modify SELinux policy modules.


  • Change the SELinux security context of the /var/www directory to httpd_sys_content_t:

    semanage fcontext -a -t httpd_sys_content_t "/var/www(/.*)?"
    restorecon -Rv /var/www
  • Change the httpd security context back to default:

    semanage fcontext -d -t httpd_sys_content_t "/var/www(/.*)?"
    restorecon -Rv /var/www
  • Enable httpd_can_network_connect permission:

    semanage port -a -t http_port_t -p tcp 8080
    semanage port -a -t http_port_t -p tcp 8888
    semanage boolean -m httpd_can_network_connect 1
  • Display all installed SELinux modules:

    semanage module -l
  • Install a new SELinux module:

    semanage module -i /root/example.pp
  • Remove SELinux module:

    semanage module -r example
  • List all SELinux users:

    semanage login -l
  • Add a new SELinux user:

    semanage login -a -s user_u -r s0-s0:c0.c1023 example_user
  • Remove a SELinux user:

    semanage login -d example_user