Man Linux: Main Page and Category List

NAME

       seinfo - SELinux policy query tool

SYNOPSIS

       seinfo [OPTIONS] [EXPRESSION] [POLICY ...]

DESCRIPTION

       seinfo allows the user to query the components of a SELinux policy.

POLICY

       seinfo supports loading a SELinux policy in one of four formats.

       source A  single  text  file  containing  policy source for versions 12
              through 21. This file is usually named policy.conf.

       binary A single file containing a monolithic kernel binary  policy  for
              versions  15 through 21. This file is usually named by version -
              for example, policy.20.

       modular
              A list of policy packages  each  containing  a  loadable  policy
              module. The first module listed must be a base module.

       policy list
              A single text file containing all the information needed to load
              a policy, usually exported by SETools graphical utilities.

       If no policy file is  provided,  seinfo  will  search  for  the  system
       default  policy:  checking first for a source policy, next for a binary
       policy matching the running kernel’s preferred version, and finally for
       the  highest version that can be found.  In the latter case, the policy
       will be downgraded to match the running system.  If no  policy  can  be
       found, seinfo will print an error message and exit.

EXPRESSIONS

       One  or  more  of  the  following  component types can be queried. Each
       option may only be specified once.  If an option is  provided  multiple
       times,  the  last instance will be used. Some components support the -x
       flag  to  print  expanded  information  about  that  component;  if   a
       particular  component  specified does not support expanded information,
       the flag will be ignored for that  component  (see  -x  below).  If  no
       expressions  are  provided,  policy  statistics  will  be  printed (see
       --stats below).

       -c[NAME], --class[=NAME]
              Print a list of object classes or, if NAME  is  provided,  print
              the object class NAME.  With -x, print a list of permissions for
              each displayed object class.

       --sensitivity[=NAME]
              Print a list of sensitivities or, if NAME is provided, print the
              sensitivity  NAME.   With  -x,  print  the  corresponding  level
              statement for each displayed sensitivity.

       --category[=NAME]
              Print a list of categories or, if NAME is  provided,  print  the
              category  NAME.   With  -x,  print  a list of sensitivities with
              which each displayed category may be associated.

       -t[NAME], --type[=NAME]
              Print a list of types (not including aliases or attributes)  or,
              if NAME is provided, print the type NAME.  With -x, print a list
              of attributes which include each displayed type.

       -a[NAME], --attribute[=NAME]
              Print a list of type attributes or, if NAME is  provided,  print
              the  attribute NAME.  With -x, print a list of types assigned to
              each displayed attribute.

       -r[NAME], --role[=NAME]
              Print a list of roles or, if NAME is provided,  print  the  role
              NAME.  With -x, print a list of types assigned to each displayed
              role.

       -u[NAME], --user[=NAME]
              Print a list of users or, if NAME is provided,  print  the  user
              NAME.  With -x, print a list of roles assigned to each displayed
              user.

       -b[NAME], --bool[=NAME]
              Print a list of conditional booleans or, if  NAME  is  provided,
              print  the  boolean  NAME.   With -x, print the default state of
              each displayed conditional boolean.

       --initialsid[=NAME]
              Print a list of initial SIDs or, if NAME is provided, print  the
              initial  SID  NAME.  With -x, print the context assigned to each
              displayed SID.

       --fs_use[=TYPE]
              Print a list of fs_use statements or, if TYPE is provided, print
              the  statement  for  filesystem  TYPE.   There  is  no  expanded
              information for this component.

       --genfscon[=TYPE]
              Print a list of genfscon statements or,  if  TYPE  is  provided,
              print  the  statement  for  the  filesystem  TYPE.   There is no
              expanded information for this component.

       --netifcon[=NAME]
              Print a list of netif contexts or, if NAME  is  provided,  print
              the   statement  for  interface  NAME.   There  is  no  expanded
              information for this component.

       --nodecon[=ADDR]
              Print a list of node contexts or, if ADDR is provided, print the
              statement  for the node with address ADDR.  There is no expanded
              information for this component.

       --portcon[=PORT]
              Print a list of port contexts or, if PORT is provided, print the
              statement  for  port PORT.  There is no expanded information for
              this component.

       --protocol=PROTO
              Print only portcon  statements  for  the  protocol  PROTO.  This
              option is ignored if portcon statements are not printed or if no
              statement exists for the requested port.

       --all  Print all components.

OPTIONS

       -x, --expand
              Print  additional  details  for  each  component  matching   the
              expression.   These  details  include  the  types assigned to an
              attribute or role and the permissions for an object class.  This
              option  is  not  available  for  all  component  types;  see the
              description of each component for the details this  option  will
              provide.

       --stats
              Print  policy  statistics  including  policy  type  and  version
              information and counts of all components and rules.

       -h, --help
              Print help information and exit.

       -V, --version
              Print version information and exit.

AUTHOR

       This manual page was written by Jeremy A. Mowery  <jmowery@tresys.com>.

COPYRIGHT

       Copyright(C) 2003-2008 Tresys Technology, LLC

BUGS

       Please report bugs via an email to setools-bugs@tresys.com.

SEE ALSO

       sesearch(1), apol(1)

                                                                     seinfo(1)