sesearch - Unix, Linux Command

previous next AddThis Social Bookmark Button


sesearch - SELinux policy query tool




This manual page describes the sesearch command.

sesearch allows the user to query a SELinux policy for type enforcement rules.


-s NAME, --source NAME find rules with NAME type/attrib (regex) as source
-t NAME, --target NAME find rules with NAME type/attrib (regex) as target
--role_source NAME find rules with NAME role (regex) as source
--role_target NAME find rules with NAME role (regex) as target
-c NAME, --class NAME find rules with NAME as the object class
-p P1[,P2,...] --perms P1[,P2...] find rules with the specified permissions
-b NAME, --boolean NAME find conditional rules with NAME in the expression
--allow search for allow rules only
--neverallow search for neverallow rules only
--audit search for auditallow and dontaudit rules only
--type search for type_trans and type_change rules only
--rangetrans search for range transition rules
--role_allow search for role allow rules
--role_trans search for role transition rules
-a, --all show all rules regardless of type, class, or perms
-i, --indirect also search for the type’s attributes
-n, --noregex do not use regular expression to match type/attributes
-l, --lineno include line # in policy.conf for each rule. This option is ignored if using a binary policy.
-C, --show_cond show conditional expression for conditional rules
-h, --help display this help and exit
-v, --version output version information and exit


If none of -s, -t, -c, -p, -b, --role_source, or --role_target are specified, then all rules are shown. You must specify -a (--all), or one of more of --allow, --neverallow, --audit, --rangetrans, --role_allow, --role_trans or --type.

The default source policy, or if that is unavailable the default binary policy, will be opened if no policy file name is provided.


This manual page was written by Kevin Carr <>.


Copyright(C) 2006 Tresys Technology, LLC


previous next Printer Friendly