安装:

yum install policycoreutils-python

semanage使用方法:

/usr/sbin/semanage:
semanage [ -S store ] -i [ input_file | - ]
semanage [ -S store ] -o [ output_file | - ]
semanage {boolean|login|user|port|interface|module|node|fcontext} -{l|D|E} [-n]
semanage login -{a|d|m} [-sr] login_name | %groupname
semanage user -{a|d|m} [-LrRP] selinux_name
semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
semanage interface -{a|d|m} [-tr] interface_spec
semanage module -{a|d|m} [--enable|--disable] module
semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr
semanage fcontext -{a|d|m} [-efrst] file_spec
semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
semanage permissive -{d|a|l} type
semanage dontaudit [ on | off ]
Primary Options:
    -a, --add        Add a OBJECT record NAME
    -d, --delete     Delete a OBJECT record NAME
    -m, --modify     Modify a OBJECT record NAME
        -i, --input      Input multiple semange commands in a transaction
        -o, --output     Output current customizations as semange commands
    -l, --list       List the OBJECTS
    -E, --extract    extract customizable commands
    -C, --locallist  List OBJECTS local customizations
    -D, --deleteall  Remove all OBJECTS local customizations
    -h, --help       Display this message
    -n, --noheading  Do not print heading when listing OBJECTS
        -S, --store      Select and alternate SELinux store to manage
Object-specific Options (see above):
    -f, --ftype      File Type of OBJECT
        "" (all files)
        -- (regular file)
        -d (directory)
        -c (character device)
        -b (block device)
        -s (socket)
        -l (symbolic link)
        -p (named pipe)
        -F, --file       Treat target as an input file for command, change multiple settings
    -p, --proto      Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
    -M, --mask       Netmask
        -e, --equal      Substitue source path for dest path when labeling
    -P, --prefix     Prefix for home directory labeling
    -L, --level      Default SELinux Level (MLS/MCS Systems only)
    -R, --roles      SELinux Roles (ex: "sysadm_r staff_r")
    -s, --seuser     SELinux User Name
    -t, --type       SELinux Type for the object
    -r, --range      MLS/MCS Security Range (MLS/MCS Systems only)
        --enable         Enable a module
        --disable        Disable a module