Provided by: policycoreutils_2.3-1_amd64 bug


       semodule - Manage SELinux policy modules.


       semodule [options]... MODE [MODES]...


       semodule  is  the  tool  used  to  manage  SELinux  policy  modules, including installing,
       upgrading, listing and removing modules.  semodule may also be used to force a rebuild  of
       policy  from  the  module  store and/or to force a reload of policy without performing any
       other  transaction.   semodule  acts  on  module  packages  created  by  semodule_package.
       Conventionally,  these  files  have  a  .pp  suffix (policy package), although this is not
       mandated in any way.


       -R, --reload
              force a reload of policy

       -B, --build
              force a rebuild of policy (also reloads unless -n is used)

       -D, --disable_dontaudit
              Temporarily remove dontaudits from policy.  Reverts whenever policy is rebuilt

              install/replace a module package

              upgrade an existing module package, or install if the module does not exist

              install/replace base module package

              disable existing module

              enable existing module

              use an alternate root path

              remove existing module

              display list of installed modules (other than base)

              name of the store to operate on

              do not reload policy after commit

              prints help message and quit

              Preserve tunables in policy

              be verbose


       # Install or replace a base policy package.
       $ semodule -b base.pp
       # Install or replace a non-base policy package.
       $ semodule -i httpd.pp
       # List non-base modules.
       $ semodule -l
       # Turn on all AVC Messages for which SELinux currently is "dontaudit"ing.
       $ semodule -DB
       # Turn "dontaudit" rules back on.
       $ semodule -B
       # Install or replace all non-base modules in the current directory.
       $ semodule -i *.pp
       # Install or replace all modules in the current directory.
       $ ls *.pp | grep -Ev "base.pp|enableaudit.pp" | xargs /usr/sbin/semodule -b base.pp -i


       checkmodule(8), semodule_package(8)


       This manual page was written by Dan Walsh <>.
       The program was written by Karl MacMillan <>, Joshua Brindle <>, Jason Tang <>