1seexport_graph(1) SELinux Policy Analysis Tool seexport_graph(1)
2
6 seexport_graph - SELinux policy graph export tool
7
9 seexport_graph [-h] [-c TCLASS] [-p PERMS] [-a ATTR] [-b BOOL] [-ea]
10 [-fb [FILTER_BOOLS]] [-fa ATTR]
11 package [policy]
12
15 Exports part of given SELinux policy (concerning selected package) to a
16 graphml file. This file can than be visualized (e.g. using Gephi -
17 gephi.org)
18
20 Positional arguments
21 package
22 Policy concerning this package will be exported
23 policy Path to the SELinux policy to be used.
25 Optional arguments
27 -h, --help
28 show this help message and exit
29 Rule search (similar to sesearch)
31 -c TCLASS, --class TCLASS
32 Comma separated list of object classes
33 -p PERMS, --perms PERMS
35 Comma separated list of permissions.
36 -a ATTR, --attr ATTR
38 Comma separated list of attributes.
39 -b BOOL, --bool BOOL
41 Comma separated list of Booleans in the conditional
42 expression.
43 -ea Expand rules ending in attribute (to all types that have
45 given attribute)
46 Filtering
48 -fb [FILTER_BOOLS], --filter_bools [FILTER_BOOLS]
49 Filter rules based on current boolean setting or comma
50 separated list of [boolean]:[on/off]
51 -fa ATTR, --filter_attrs ATTR
53 Filter out rules allowed for specified attributes. ATTR
54 is comma separated list of attributes.
55
57 Export policy concerning bluetooth daemon (only access to files, bool‐
58 ean settings is taken into account):
59 $ seexport_graph bluetooth -fb -c file,process
61
63 seextract_cil(1)
64
66 domain_groups_cil.conf has to be kept up to date using seextract_cil
67 command. Only packages present there can be exported.
68
70 Vit Mojzis <vmojzis@redhat.com>
71 2017-02-09 seexport_graph(1)