Autres langues

Langue: en

Version: 363827 (ubuntu - 25/10/10)

Section: 8 (Commandes administrateur)


semodule - Manage SELinux policy modules.


semodule [options]... MODE [MODES]...


semodule is the tool used to manage SELinux policy modules, including installing, upgrading, listing and removing modules. semodule may also be used to force a rebuild of policy from the module store and/or to force a reload of policy without performing any other transaction. semodule acts on module packages created by semodule_package. Conventionally, these files have a .pp suffix (policy package), although this is not mandated in any way.


-R, --reload
force a reload of policy
-B, --build             
force a rebuild of policy (also reloads unless -n is used)
-D, --disable_dontaudit
Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt
install/replace a module package
upgrade an existing module package, or install if the module does not exist
install/replace base module package
disable existing module
enable existing module
remove existing module
display list of installed modules (other than base)
name of the store to operate on
do not reload policy after commit
prints help message and quit
be verbose


 # Install or replace a base policy package.
 $ semodule -b base.pp
 # Install or replace a non-base policy package.
 $ semodule -i httpd.pp
 # List non-base modules.
 $ semodule -l
 # Turn on all AVC Messages for which SELinux currently is "dontaudit"ing.
 $ semodule -DB
 # Turn "dontaudit" rules back on.
 $ semodule -B
 # Install or replace all non-base modules in the current directory.
 $ semodule -i *.pp
 # Install or replace all modules in the current directory.
 $ ls *.pp | grep -Ev "base.pp|enableaudit.pp" | xargs /usr/sbin/semodule -b base.pp -i


checkmodule(8), semodule_package(8)


 This manual page was written by Dan Walsh <>.
 The program was written by Karl MacMillan <>, Joshua Brindle <>, Jason Tang <>