1seinfo(1)                   General Commands Manual                  seinfo(1)
2
3
4

NAME

6       seinfo - SELinux policy query tool
7

SYNOPSIS

9       seinfo [OPTIONS] [EXPRESSION] [POLICY ...]
10

DESCRIPTION

12       seinfo allows the user to query the components of a SELinux policy.
13

POLICY

15       seinfo supports loading a SELinux policy in one of four formats.
16
17       source A  single  text  file  containing  policy source for versions 12
18              through 21. This file is usually named policy.conf.
19
20       binary A single file containing a monolithic kernel binary  policy  for
21              versions  15 through 21. This file is usually named by version -
22              for example, policy.20.
23
24       modular
25              A list of policy packages each containing a loadable policy mod‐
26              ule. The first module listed must be a base module.
27
28       policy list
29              A single text file containing all the information needed to load
30              a policy, usually exported by SETools graphical utilities.
31
32       If no policy file is  provided,  seinfo  will  search  for  the  system
33       default  policy:  checking first for a source policy, next for a binary
34       policy matching the running kernel's preferred version, and finally for
35       the  highest version that can be found.  In the latter case, the policy
36       will be downgraded to match the running system.  If no  policy  can  be
37       found, seinfo will print an error message and exit.
38

EXPRESSIONS

40       One  or  more  of  the  following  component types can be queried. Each
41       option may only be specified once.  If an option is  provided  multiple
42       times,  the  last instance will be used. Some components support the -x
43       flag to print expanded information about that component; if a  particu‐
44       lar component specified does not support expanded information, the flag
45       will be ignored for that component (see -x below).  If  no  expressions
46       are provided, policy statistics will be printed (see --stats below).
47
48       -c[NAME], --class[=NAME]
49              Print  a  list  of object classes or, if NAME is provided, print
50              the object class NAME.  With -x, print a list of permissions for
51              each displayed object class.
52
53       --sensitivity[=NAME]
54              Print a list of sensitivities or, if NAME is provided, print the
55              sensitivity NAME.  With -x, print the corresponding level state‐
56              ment for each displayed sensitivity.
57
58       --category[=NAME]
59              Print  a  list  of categories or, if NAME is provided, print the
60              category NAME.  With -x, print  a  list  of  sensitivities  with
61              which each displayed category may be associated.
62
63       -t[NAME], --type[=NAME]
64              Print  a list of types (not including aliases or attributes) or,
65              if NAME is provided, print the type NAME.  With -x, print a list
66              of attributes which include each displayed type.
67
68       -a[NAME], --attribute[=NAME]
69              Print  a  list of type attributes or, if NAME is provided, print
70              the attribute NAME.  With -x, print a list of types assigned  to
71              each displayed attribute.
72
73       -r[NAME], --role[=NAME]
74              Print  a  list  of roles or, if NAME is provided, print the role
75              NAME.  With -x, print a list of types assigned to each displayed
76              role.
77
78       -u[NAME], --user[=NAME]
79              Print  a  list  of users or, if NAME is provided, print the user
80              NAME.  With -x, print a list of roles assigned to each displayed
81              user.
82
83       -b[NAME], --bool[=NAME]
84              Print  a  list  of conditional booleans or, if NAME is provided,
85              print the boolean NAME.  With -x, print  the  default  state  of
86              each displayed conditional boolean.
87
88       --initialsid[=NAME]
89              Print  a list of initial SIDs or, if NAME is provided, print the
90              initial SID NAME.  With -x, print the context assigned  to  each
91              displayed SID.
92
93       --fs_use[=TYPE]
94              Print a list of fs_use statements or, if TYPE is provided, print
95              the statement for filesystem TYPE.  There is no expanded  infor‐
96              mation for this component.
97
98       --genfscon[=TYPE]
99              Print  a  list  of  genfscon statements or, if TYPE is provided,
100              print the statement  for  the  filesystem  TYPE.   There  is  no
101              expanded information for this component.
102
103       --netifcon[=NAME]
104              Print  a  list  of netif contexts or, if NAME is provided, print
105              the statement for interface NAME.  There is no expanded informa‐
106              tion for this component.
107
108       --nodecon[=ADDR]
109              Print a list of node contexts or, if ADDR is provided, print the
110              statement for the node with address ADDR.  There is no  expanded
111              information for this component.
112
113       --polcap
114              Print policy capabilities.
115
116       --permissive
117              Print permissive types.
118
119       --portcon[=PORT]
120              Print a list of port contexts or, if PORT is provided, print the
121              statement for port PORT.  There is no expanded  information  for
122              this component.
123
124       --protocol=PROTO
125              Print  only  portcon  statements  for  the  protocol PROTO. This
126              option is ignored if portcon statements are not printed or if no
127              statement exists for the requested port.
128
129       --constrain
130              Print  a  list of constraints.  There is no expanded information
131              for this component.
132
133       --all  Print all components.
134

OPTIONS

136       -x, --expand
137              Print additional details for each component matching the expres‐
138              sion.   These details include the types assigned to an attribute
139              or role and the permissions for an object class.  This option is
140              not  available  for  all component types; see the description of
141              each component for the details this option will provide.
142
143       --stats
144              Print policy statistics including policy type and version infor‐
145              mation and counts of all components and rules.
146
147       -l, --line-breaks
148              Print line breaks when displaying constraint statements.
149
150       -h, --help
151              Print help information and exit.
152
153       -V, --version
154              Print version information and exit.
155

AUTHOR

157       This manual page was written by Jeremy A. Mowery <jmowery@tresys.com>.
158
160       Copyright(C) 2003-2010 Tresys Technology, LLC
161

BUGS

163       Please report bugs via an email to setools-bugs@tresys.com.
164

SEE ALSO

166       sesearch(1), apol(1)
167
168
169
170                                                                     seinfo(1)
Impressum