seinfo(1) - SELinux policy query tool



  • seinfo(1)		    General Commands Manual		     seinfo(1)
    
    
    
    NAME
           seinfo - SELinux policy query tool
    
    SYNOPSIS
           seinfo [OPTIONS] [EXPRESSION] [POLICY ...]
    
    DESCRIPTION
           seinfo allows the user to query the components of a SELinux policy.
    
    POLICY
           seinfo supports loading a SELinux policy in one of four formats.
    
           source A	 single	 text  file  containing	 policy source for versions 12
    	      through 21. This file is usually named policy.conf.
    
           binary A single file containing a monolithic kernel binary  policy  for
    	      versions	15 through 21. This file is usually named by version -
    	      for example, policy.20.
    
           modular
    	      A list of policy packages each containing a loadable policy mod‐
    	      ule. The first module listed must be a base module.
    
           policy list
    	      A single text file containing all the information needed to load
    	      a policy, usually exported by SETools graphical utilities.
    
           If no policy file is  provided,	seinfo	will  search  for  the	system
           default	policy:	 checking first for a source policy, next for a binary
           policy matching the running kernel's preferred version, and finally for
           the  highest version that can be found.	In the latter case, the policy
           will be downgraded to match the running system.	If no  policy  can  be
           found, seinfo will print an error message and exit.
    
    EXPRESSIONS
           One  or	more  of  the  following  component types can be queried. Each
           option may only be specified once.  If an option is  provided  multiple
           times,  the  last instance will be used. Some components support the -x
           flag to print expanded information about that component; if a  particu‐
           lar component specified does not support expanded information, the flag
           will be ignored for that component (see -x below).  If  no  expressions
           are provided, policy statistics will be printed (see --stats below).
    
           -c[NAME], --class[=NAME]
    	      Print  a	list  of object classes or, if NAME is provided, print
    	      the object class NAME.  With -x, print a list of permissions for
    	      each displayed object class.
    
           --sensitivity[=NAME]
    	      Print a list of sensitivities or, if NAME is provided, print the
    	      sensitivity NAME.	 With -x, print the corresponding level state‐
    	      ment for each displayed sensitivity.
    
           --category[=NAME]
    	      Print  a	list  of categories or, if NAME is provided, print the
    	      category NAME.  With -x, print  a	 list  of  sensitivities  with
    	      which each displayed category may be associated.
    
           -t[NAME], --type[=NAME]
    	      Print  a list of types (not including aliases or attributes) or,
    	      if NAME is provided, print the type NAME.	 With -x, print a list
    	      of attributes which include each displayed type.
    
           -a[NAME], --attribute[=NAME]
    	      Print  a	list of type attributes or, if NAME is provided, print
    	      the attribute NAME.  With -x, print a list of types assigned  to
    	      each displayed attribute.
    
           -r[NAME], --role[=NAME]
    	      Print  a	list  of roles or, if NAME is provided, print the role
    	      NAME.  With -x, print a list of types assigned to each displayed
    	      role.
    
           -u[NAME], --user[=NAME]
    	      Print  a	list  of users or, if NAME is provided, print the user
    	      NAME.  With -x, print a list of roles assigned to each displayed
    	      user.
    
           -b[NAME], --bool[=NAME]
    	      Print  a	list  of conditional booleans or, if NAME is provided,
    	      print the boolean NAME.  With -x, print  the  default  state  of
    	      each displayed conditional boolean.
    
           --initialsid[=NAME]
    	      Print  a list of initial SIDs or, if NAME is provided, print the
    	      initial SID NAME.	 With -x, print the context assigned  to  each
    	      displayed SID.
    
           --fs_use[=TYPE]
    	      Print a list of fs_use statements or, if TYPE is provided, print
    	      the statement for filesystem TYPE.  There is no expanded	infor‐
    	      mation for this component.
    
           --genfscon[=TYPE]
    	      Print  a	list  of  genfscon statements or, if TYPE is provided,
    	      print the statement  for	the  filesystem	 TYPE.	 There	is  no
    	      expanded information for this component.
    
           --netifcon[=NAME]
    	      Print  a	list  of netif contexts or, if NAME is provided, print
    	      the statement for interface NAME.	 There is no expanded informa‐
    	      tion for this component.
    
           --nodecon[=ADDR]
    	      Print a list of node contexts or, if ADDR is provided, print the
    	      statement for the node with address ADDR.	 There is no  expanded
    	      information for this component.
    
           --polcap
    	      Print policy capabilities.
    
           --permissive
    	      Print permissive types.
    
           --portcon[=PORT]
    	      Print a list of port contexts or, if PORT is provided, print the
    	      statement for port PORT.	There is no expanded  information  for
    	      this component.
    
           --protocol=PROTO
    	      Print  only  portcon  statements	for  the  protocol PROTO. This
    	      option is ignored if portcon statements are not printed or if no
    	      statement exists for the requested port.
    
           --constrain
    	      Print  a	list of constraints.  There is no expanded information
    	      for this component.
    
           --all  Print all components.
    
    OPTIONS
           -x, --expand
    	      Print additional details for each component matching the expres‐
    	      sion.   These details include the types assigned to an attribute
    	      or role and the permissions for an object class.	This option is
    	      not  available  for  all component types; see the description of
    	      each component for the details this option will provide.
    
           --stats
    	      Print policy statistics including policy type and version infor‐
    	      mation and counts of all components and rules.
    
           -l, --line-breaks
    	      Print line breaks when displaying constraint statements.
    
           -h, --help
    	      Print help information and exit.
    
           -V, --version
    	      Print version information and exit.
    
    AUTHOR
           This manual page was written by Jeremy A. Mowery <[email protected]>.
    
    COPYRIGHT
           Copyright(C) 2003-2010 Tresys Technology, LLC
    
    BUGS
           Please report bugs via an email to [email protected].
    
    SEE ALSO
           sesearch(1), apol(1)
    
    
    
    								     seinfo(1)
    

Log in to reply
 

© Lightnetics 2024