semanage - SELinux Policy Management tool

Output local customizations：導出selinux當前策略
semanage [ -S store ] -o [ output_file | - ]

Input local customizations：導入selinux策略
semanage [ -S store ] -i [ input_file | - ]

Manage booleans. Booleans allow the administrator to modify the confinement of processes based on his configuration.：管理一些進程、服務的開關、配置等等，全是開關兩個狀態
semanage boolean [-S store] -{d|m|l|n|D} -[-on|-off|1|0] -F boolean | boolean_file

Manage SELinux confined users (Roles and levels for an SELinux user)

semanage user [-S store] -{a|d|m|l|n|D} [-LrRP] selinux_name

Manage login mappings between linux users and SELinux confined users：將linux已存在的用戶user映射到登陸保護

semanage login [-S store] -{a|d|m|l|n|D} [-sr] login_name | %groupname

-a：添加

-d：刪除

-m：修改

-l：列舉

-n：不打印說明頭

-D：全部刪除

例子：semanage login -a -s unconfined_u leowang

Manage network port type definitions：管理網絡端口
semanage port [-S store] -{a|d|m|l|n|D} [-tr] [-p proto] port | port_range

-t：類型

-r：角色

例子：semanage port -a -t http_port_t -p tcp 81

Manage network interface type definitions
semanage interface [-S store] -{a|d|m|l|n|D} [-tr] interface_spec

Manage network node type definitions
semanage node [-S store] -{a|d|m|l|n|D} [-tr] [ -p protocol ] [-M netmask] address

Manage file context mapping definitions：管理文件安全上下文的映射

-f：文件

-s：用戶

-t：類型

r：角色
semanage fcontext [-S store] -{a|d|m|l|n|D} [-frst] file_spec
semanage fcontext [-S store] -{a|d|m|l|n|D} -e replacement target
例子：semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?" //新建一條規則，指定/web目錄及其下的所有文件的擴展屬性為httpd_sys_content_t

Manage processes type enforcement mode
semanage permissive [-S store] -{a|d|l|n|D} type

Disable/Enable dontaudit rules in policy
semanage dontaudit [-S store] [ on | off ]

Execute multiple commands within a single transaction.
semanage [-S store] -i command-file