Unix/Linux Go Back    


CentOS 7.0 - man page for seinfo (centos section 1)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


seinfo(1)										seinfo(1)

NAME
       seinfo - SELinux policy query tool

SYNOPSIS
       seinfo [OPTIONS] [EXPRESSION] [POLICY ...]

DESCRIPTION
       seinfo allows the user to query the components of a SELinux policy.

POLICY
       seinfo supports loading a SELinux policy in one of four formats.

       source A  single  text file containing policy source for versions 12 through 21. This file
	      is usually named policy.conf.

       binary A single file containing a monolithic kernel binary policy for versions 15  through
	      21. This file is usually named by version - for example, policy.20.

       modular
	      A  list of policy packages each containing a loadable policy module. The first mod-
	      ule listed must be a base module.

       policy list
	      A single text file containing all the information needed to load a policy,  usually
	      exported by SETools graphical utilities.

       If  no policy file is provided, seinfo will search for the system default policy: checking
       first for a source policy, next for a binary policy matching  the  running  kernel's  pre-
       ferred  version,  and  finally  for  the highest version that can be found.  In the latter
       case, the policy will be downgraded to match the running system.   If  no  policy  can  be
       found, seinfo will print an error message and exit.

EXPRESSIONS
       One or more of the following component types can be queried. Each option may only be spec-
       ified once.  If an option is provided multiple times, the last instance will be used. Some
       components  support  the  -x flag to print expanded information about that component; if a
       particular component specified does not support expanded information,  the  flag  will  be
       ignored	for that component (see -x below). If no expressions are provided, policy statis-
       tics will be printed (see --stats below).

       -c[NAME], --class[=NAME]
	      Print a list of object classes or, if NAME is  provided,	print  the  object  class
	      NAME.  With -x, print a list of permissions for each displayed object class.

       --sensitivity[=NAME]
	      Print  a list of sensitivities or, if NAME is provided, print the sensitivity NAME.
	      With -x, print the corresponding level statement for each displayed sensitivity.

       --category[=NAME]
	      Print a list of categories or, if NAME is provided, print the category NAME.   With
	      -x, print a list of sensitivities with which each displayed category may be associ-
	      ated.

       -t[NAME], --type[=NAME]
	      Print a list of types (not including aliases or attributes) or,  if  NAME  is  pro-
	      vided, print the type NAME.  With -x, print a list of attributes which include each
	      displayed type.

       -a[NAME], --attribute[=NAME]
	      Print a list of type attributes or, if NAME is provided, print the attribute  NAME.
	      With -x, print a list of types assigned to each displayed attribute.

       -r[NAME], --role[=NAME]
	      Print a list of roles or, if NAME is provided, print the role NAME.  With -x, print
	      a list of types assigned to each displayed role.

       -u[NAME], --user[=NAME]
	      Print a list of users or, if NAME is provided, print the user NAME.  With -x, print
	      a list of roles assigned to each displayed user.

       -b[NAME], --bool[=NAME]
	      Print  a	list  of  conditional booleans or, if NAME is provided, print the boolean
	      NAME.  With -x, print the default state of each displayed conditional boolean.

       --initialsid[=NAME]
	      Print a list of initial SIDs or, if NAME is provided, print the initial  SID  NAME.
	      With -x, print the context assigned to each displayed SID.

       --fs_use[=TYPE]
	      Print  a list of fs_use statements or, if TYPE is provided, print the statement for
	      filesystem TYPE.	There is no expanded information for this component.

       --genfscon[=TYPE]
	      Print a list of genfscon statements or, if TYPE is provided,  print  the	statement
	      for the filesystem TYPE.	There is no expanded information for this component.

       --netifcon[=NAME]
	      Print  a	list  of  netif contexts or, if NAME is provided, print the statement for
	      interface NAME.  There is no expanded information for this component.

       --nodecon[=ADDR]
	      Print a list of node contexts or, if ADDR is provided, print the statement for  the
	      node with address ADDR.  There is no expanded information for this component.

       --polcap
	      Print policy capabilities.

       --permissive
	      Print permissive types.

       --portcon[=PORT]
	      Print a list of port contexts or, if PORT is provided, print the statement for port
	      PORT.  There is no expanded information for this component.

       --protocol=PROTO
	      Print only portcon statements for the protocol PROTO. This  option  is  ignored  if
	      portcon  statements  are	not  printed  or if no statement exists for the requested
	      port.

       --constrain
	      Print a list of constraints.  There is no expanded information for this component.

       --all  Print all components.

OPTIONS
       -x, --expand
	      Print additional details for each component matching the expression.  These details
	      include  the  types  assigned  to  an  attribute or role and the permissions for an
	      object class.  This option is not  available  for  all  component  types;  see  the
	      description of each component for the details this option will provide.

       --stats
	      Print policy statistics including policy type and version information and counts of
	      all components and rules.

       -l, --line-breaks
	      Print line breaks when displaying constraint statements.

       -h, --help
	      Print help information and exit.

       -V, --version
	      Print version information and exit.

AUTHOR
       This manual page was written by Jeremy A. Mowery <jmowery@tresys.com>.

COPYRIGHT
       Copyright(C) 2003-2010 Tresys Technology, LLC

BUGS
       Please report bugs via an email to setools-bugs@tresys.com.

SEE ALSO
       sesearch(1), apol(1)

											seinfo(1)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 06:03 PM.