1seexport_graph(1)        SELinux Policy Analysis Tool        seexport_graph(1)
2
3
4

NAME

6       seexport_graph - SELinux policy graph export tool
7

SYNOPSIS

9       seexport_graph [-h] [-c TCLASS] [-p PERMS] [-a ATTR] [-b BOOL] [-ea]
10                      [-fb [FILTER_BOOLS]] [-fa ATTR]
11                      package [policy]
12
13

DESCRIPTION

15       Exports part of given SELinux policy (concerning selected package) to a
16       graphml file. This file can than be  visualized  (e.g.  using  Gephi  -
17       gephi.org)
18

OPTIONS

20   Positional arguments
21              package
22                     Policy concerning this package will be exported
23
24              policy Path to the SELinux policy to be used.
25
26   Optional arguments
27              -h, --help
28                     show this help message and exit
29
30   Rule search (similar to sesearch)
31              -c TCLASS, --class TCLASS
32                     Comma separated list of object classes
33
34              -p PERMS, --perms PERMS
35                     Comma separated list of permissions.
36
37              -a ATTR, --attr ATTR
38                     Comma separated list of attributes.
39
40              -b BOOL, --bool BOOL
41                     Comma  separated  list  of  Booleans  in  the conditional
42                     expression.
43
44              -ea    Expand rules ending in attribute (to all types that  have
45                     given attribute)
46
47   Filtering
48              -fb [FILTER_BOOLS], --filter_bools [FILTER_BOOLS]
49                     Filter  rules  based  on current boolean setting or comma
50                     separated list of [boolean]:[on/off]
51
52              -fa ATTR, --filter_attrs ATTR
53                     Filter out rules allowed for specified  attributes.  ATTR
54                     is comma separated list of attributes.
55

EXAMPLE

57       Export  policy concerning bluetooth daemon (only access to files, bool‐
58       ean settings is taken into account):
59
60             $ seexport_graph bluetooth -fb -c file,process
61

SEE ALSO

63       seextract_cil(1)
64

BUGS

66       domain_groups_cil.conf has to be kept up to  date  using  seextract_cil
67       command. Only packages present there can be exported.
68

AUTHOR

70       Vit Mojzis <vmojzis@redhat.com>
71
72
73
74                                  2017-02-09                 seexport_graph(1)
Impressum