semanage-ibendport — SELinux Policy Management ibendport mapping tool


semanage ibendport [-h] [-n] [-N] [-S STORE] [ --add -t TYPE -z IBDEV_NAME -r RANGE port | --delete -z IBDEV_NAME port | --deleteall | --extract | --list [-C] | --modify -t TYPE -z IBDEV_NAME -r RANGE port ]


semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources.  semanage ibendport controls the ibendport number to ibendport type definitions.


-h, --help

show this help message and exit

-n, --noheading

Do not print heading when listing the specified object type

-N, --noreload

Do not reload policy after commit

-S STORE, --store STORE

Select an alternate SELinux Policy Store to manage

-C, --locallist

List local customizations

-a, --add

Add a record of the specified object type

-d, --delete

Delete a record of the specified object type

-m, --modify

Modify a record of the specified object type

-l, --list

List records of the specified object type

-E, --extract

Extract customizable commands, for use within a transaction

-D, --deleteall

Remove all local customizations

-t TYPE, --type TYPE

SELinux type for the object

-r RANGE, --range RANGE

MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range. SELinux Range for SELinux user defaults to s0.

-z IBDEV_NAME, --ibdev_name IBDEV_NAME

The name of the infiniband device for the port to be labeled.  (ex. mlx5_0)


List all ibendport definitions
# semanage ibendport -l
Label mlx4_0 port 2.
# semanage ibendport -a -t allowed_ibendport_t -z mlx4_0 2

See Also

selinux(8), semanage(8)


This man page was written by Daniel Jurgens <>

Referenced By