semanage使用详解 
NAME 
semanage - SELinux Policy Management tool 
SYNOPSIS 
Output local customizations:导出selinux当前策略 
semanage [ -S store ] -o [ output_file | - ] 
Input local customizations:导入selinux策略 
semanage [ -S store ] -i [ input_file | - ] 
Manage booleans. Booleans allow the administrator to modify the confinement of processes based on his configuration.:管理一些进程、服务的开关、配置等等,全是开关两个状态 
semanage boolean [-S store] -{d|m|l|n|D} -[-on|-off|1|0] -F boolean | boolean_file 
Manage SELinux confined users (Roles and levels for an SELinux user) 
semanage user [-S store] -{a|d|m|l|n|D} [-LrRP] selinux_name 
Manage login mappings between linux users and SELinux confined users:将linux已存在的用户user映射到登陆保护 
semanage login [-S store] -{a|d|m|l|n|D} [-sr] login_name | %groupname 
-a:添加 
-d:删除 
-m:修改 
-l:列举 
-n:不打印说明头 
-D:全部删除 
例子:semanage login -a -s unconfined_u leowang 
Manage network port type definitions:管理网络端口 
semanage port [-S store] -{a|d|m|l|n|D} [-tr] [-p proto] port | port_range 
-t:类型 
-r:角色 
例子:semanage port -a -t http_port_t -p tcp 81 
Manage network interface type definitions 
semanage interface [-S store] -{a|d|m|l|n|D} [-tr] interface_spec 
Manage network node type definitions 
semanage node [-S store] -{a|d|m|l|n|D} [-tr] [ -p protocol ] [-M netmask] address 
Manage file context mapping definitions:管理文件安全上下文的映射 
-f:文件 
-s:用户 
-t:类型 
-r:角色 
semanage fcontext [-S store] -{a|d|m|l|n|D} [-frst] file_spec 
semanage fcontext [-S store] -{a|d|m|l|n|D} -e replacement target 
例子:semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"    //新建一条规则,指定/web目录及其下的所有文件的扩展属性为httpd_sys_content_t 
Manage processes type enforcement mode 
semanage permissive [-S store] -{a|d|l|n|D} type 
Disable/Enable dontaudit rules in policy 
semanage dontaudit [-S store] [ on | off ] 
Execute multiple commands within a single transaction. 
semanage [-S store] -i command-file

来自:http://www.woxihuan.com/34836801/1322030895088167.shtml