sesearch - Unix, Linux Command

NAME

sesearch - SELinux policy query tool

SYNOPSIS

sesearch [OPTIONS] [POLICY_FILE]

DESCRIPTION

This manual page describes the sesearch command.

sesearch allows the user to query a SELinux policy for type enforcement rules.

OPTIONS

Tag	Description
-s NAME, --source NAME	find rules with NAME type/attrib (regex) as source
-t NAME, --target NAME	find rules with NAME type/attrib (regex) as target
--role_source NAME	find rules with NAME role (regex) as source
--role_target NAME	find rules with NAME role (regex) as target
-c NAME, --class NAME	find rules with NAME as the object class
-p P1[,P2,...] --perms P1[,P2...]	find rules with the specified permissions
-b NAME, --boolean NAME	find conditional rules with NAME in the expression
--allow	search for allow rules only
--neverallow	search for neverallow rules only
--audit	search for auditallow and dontaudit rules only
--type	search for type_trans and type_change rules only
--rangetrans	search for range transition rules
--role_allow	search for role allow rules
--role_trans	search for role transition rules
-a, --all	show all rules regardless of type, class, or perms
-i, --indirect	also search for the type’s attributes
-n, --noregex	do not use regular expression to match type/attributes
-l, --lineno	include line # in policy.conf for each rule. This option is ignored if using a binary policy.
-C, --show_cond	show conditional expression for conditional rules
-h, --help	display this help and exit
-v, --version	output version information and exit

INFORMATION

If none of -s, -t, -c, -p, -b, --role_source, or --role_target are specified, then all rules are shown. You must specify -a (--all), or one of more of --allow, --neverallow, --audit, --rangetrans, --role_allow, --role_trans or --type.

The default source policy, or if that is unavailable the default binary policy, will be opened if no policy file name is provided.

AUTHOR

This manual page was written by Kevin Carr <kcarr@tresys.com>.