|
HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|
|
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLE | SEE ALSO | AUTHOR | COLOPHON |
|
|
|
semanage-port(8) semanage-port(8)
semanage-port - SELinux Policy Management port mapping tool
semanage port [-h] [-n] [-N] [-S STORE] [ --add -t TYPE -p
PROTOCOL -r RANGE port_name | port_range | --delete -p PROTOCOL
port_name | port_range | --deleteall | --extract | --list [-C] |
--modify -t TYPE -p PROTOCOL -r RANGE port_name | port_range ]
semanage is used to configure certain elements of SELinux policy
without requiring modification to or recompilation from policy
sources. semanage port controls the port number to port type
definitions.
-h, --help
Show this help message and exit
-n, --noheading
Do not print heading when listing the specified object type
-N, --noreload
Do not reload policy after commit
-S STORE, --store STORE
Select an alternate SELinux Policy Store to manage
-C, --locallist
List local customizations
-a, --add
Add a record of the specified object type
-d, --delete
Delete a record of the specified object type
-m, --modify
Modify a record of the specified object type
-l, --list
List records of the specified object type
-E, --extract
Extract customizable commands, for use within a transaction
-D, --deleteall
Remove all local customizations
-t TYPE, --type TYPE
SELinux type for the object
-r RANGE, --range RANGE
MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range
for SELinux login mapping defaults to the SELinux user
record range. SELinux Range for SELinux user defaults to
s0.
-p PROTO, --proto PROTO
Protocol for the specified port (tcp|udp|dccp|sctp) or
internet protocol version for the specified node
(ipv4|ipv6).
List all port definitions
# semanage port -l
Allow Apache to listen on tcp port 81 (i.e. assign tcp port 81 label http_port_t, which apache is allowed to listen on)
# semanage port -a -t http_port_t -p tcp 81
Allow sshd to listen on tcp port 8991 (i.e. assign tcp port 8991 label ssh_port_t, which sshd is allowed to listen on)
# semanage port -a -t ssh_port_t -p tcp 8991
selinux(8), semanage(8)
This man page was written by Daniel Walsh <[email protected]>
This page is part of the selinux (Security-Enhanced Linux user-
space libraries and tools) project. Information about the project
can be found at ⟨https://github.com/SELinuxProject/selinux/wiki⟩.
If you have a bug report for this manual page, see
⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩.
This page was obtained from the project's upstream Git repository
⟨https://github.com/SELinuxProject/selinux⟩ on 2025-08-11. (At
that time, the date of the most recent commit that was found in
the repository was 2025-08-04.) If you discover any rendering
problems in this HTML version of the page, or you believe there is
a better or more up-to-date source for the page, or you have
corrections or improvements to the information in this COLOPHON
(which is not part of the original manual page), send a mail to
[email protected]
20130617 semanage-port(8)
Pages that refer to this page: semanage(8)
|
HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|