1seinfo(1) General Commands Manual seinfo(1)
2
6 seinfo - SELinux policy query tool
7
9 seinfo [OPTIONS] [EXPRESSION] [POLICY ...]
10
12 seinfo allows the user to query the components of a SELinux policy.
13
15 seinfo supports loading a SELinux policy in one of four formats.
16 source A single text file containing policy source for versions 12
18 through 21. This file is usually named policy.conf.
19 binary A single file containing a monolithic kernel binary policy for
21 versions 15 through 21. This file is usually named by version -
22 for example, policy.20.
23 modular
25 A list of policy packages each containing a loadable policy mod‐
26 ule. The first module listed must be a base module.
27 policy list
29 A single text file containing all the information needed to load
30 a policy, usually exported by SETools graphical utilities.
31 If no policy file is provided, seinfo will search for the system
33 default policy: checking first for a source policy, next for a binary
34 policy matching the running kernel's preferred version, and finally for
35 the highest version that can be found. In the latter case, the policy
36 will be downgraded to match the running system. If no policy can be
37 found, seinfo will print an error message and exit.
38
40 One or more of the following component types can be queried. Each
41 option may only be specified once. If an option is provided multiple
42 times, the last instance will be used. Some components support the -x
43 flag to print expanded information about that component; if a particu‐
44 lar component specified does not support expanded information, the flag
45 will be ignored for that component (see -x below). If no expressions
46 are provided, policy statistics will be printed (see --stats below).
47 -c[NAME], --class[=NAME]
49 Print a list of object classes or, if NAME is provided, print
50 the object class NAME. With -x, print a list of permissions for
51 each displayed object class.
52 --sensitivity[=NAME]
54 Print a list of sensitivities or, if NAME is provided, print the
55 sensitivity NAME. With -x, print the corresponding level state‐
56 ment for each displayed sensitivity.
57 --category[=NAME]
59 Print a list of categories or, if NAME is provided, print the
60 category NAME. With -x, print a list of sensitivities with
61 which each displayed category may be associated.
62 -t[NAME], --type[=NAME]
64 Print a list of types (not including aliases or attributes) or,
65 if NAME is provided, print the type NAME. With -x, print a list
66 of attributes which include each displayed type.
67 -a[NAME], --attribute[=NAME]
69 Print a list of type attributes or, if NAME is provided, print
70 the attribute NAME. With -x, print a list of types assigned to
71 each displayed attribute.
72 -r[NAME], --role[=NAME]
74 Print a list of roles or, if NAME is provided, print the role
75 NAME. With -x, print a list of types assigned to each displayed
76 role.
77 -u[NAME], --user[=NAME]
79 Print a list of users or, if NAME is provided, print the user
80 NAME. With -x, print a list of roles assigned to each displayed
81 user.
82 -b[NAME], --bool[=NAME]
84 Print a list of conditional booleans or, if NAME is provided,
85 print the boolean NAME. With -x, print the default state of
86 each displayed conditional boolean.
87 --initialsid[=NAME]
89 Print a list of initial SIDs or, if NAME is provided, print the
90 initial SID NAME. With -x, print the context assigned to each
91 displayed SID.
92 --fs_use[=TYPE]
94 Print a list of fs_use statements or, if TYPE is provided, print
95 the statement for filesystem TYPE. There is no expanded infor‐
96 mation for this component.
97 --genfscon[=TYPE]
99 Print a list of genfscon statements or, if TYPE is provided,
100 print the statement for the filesystem TYPE. There is no
101 expanded information for this component.
102 --netifcon[=NAME]
104 Print a list of netif contexts or, if NAME is provided, print
105 the statement for interface NAME. There is no expanded informa‐
106 tion for this component.
107 --nodecon[=ADDR]
109 Print a list of node contexts or, if ADDR is provided, print the
110 statement for the node with address ADDR. There is no expanded
111 information for this component.
112 --polcap
114 Print policy capabilities.
115 --permissive
117 Print permissive types.
118 --portcon[=PORT]
120 Print a list of port contexts or, if PORT is provided, print the
121 statement for port PORT. There is no expanded information for
122 this component.
123 --protocol=PROTO
125 Print only portcon statements for the protocol PROTO. This
126 option is ignored if portcon statements are not printed or if no
127 statement exists for the requested port.
128 --constrain
130 Print a list of constraints. There is no expanded information
131 for this component.
132 --all Print all components.
134
136 -x, --expand
137 Print additional details for each component matching the expres‐
138 sion. These details include the types assigned to an attribute
139 or role and the permissions for an object class. This option is
140 not available for all component types; see the description of
141 each component for the details this option will provide.
142 --stats
144 Print policy statistics including policy type and version infor‐
145 mation and counts of all components and rules.
146 -l, --line-breaks
148 Print line breaks when displaying constraint statements.
149 -h, --help
151 Print help information and exit.
152 -V, --version
154 Print version information and exit.
155
157 This manual page was written by Jeremy A. Mowery <jmowery@tresys.com>.
158
160 Copyright(C) 2003-2010 Tresys Technology, LLC
161
163 Please report bugs via an email to setools-bugs@tresys.com.
164
166 sesearch(1), apol(1)
167 seinfo(1)