CentOS 7.0 - man page for sesearch (centos section 1)

Linux & Unix Commands - Search Man Pages

Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

sesearch(1)									      sesearch(1)

       sesearch - SELinux policy query tool


       sesearch allows the user to search the rules in a SELinux policy.

       sesearch supports loading a SELinux policy in one of four formats.

       source A  single  text file containing policy source for versions 12 through 21. This file
	      is usually named policy.conf.

       binary A single file containing a monolithic kernel binary policy for versions 15  through
	      21. This file is usually named by version - for example, policy.20.

	      A  list of policy packages each containing a loadable policy module. The first mod-
	      ule listed must be a base module.

       policy list
	      A single text file containing all the information needed to load a policy,  usually
	      exported by SETools graphical utilities.

       If  no policy file is provided, sesearch will search for the system default policy: check-
       ing first for a source policy, next for a binary policy matching the running kernel's pre-
       ferred  version,  and  finally  for  the highest version that can be found.  In the latter
       case, the policy will be downgraded to match the running system.   If  no  policy  can  be
       found, sesearch will print an error message and exit.

       sesearch  is  capable  of searching multiple types of rules. At least one of the following
       must be provided to specify the desired type(s) of rules to search.

       -A, --allow
	      Search for allow rules.

	      Search for neverallow rules.

	      Search for auditallow rules.

       -D, --dontaudit
	      Search for dontaudit rules.

       -T, --type
	      Search for type_transition, type_member, and type_change rules.

	      Search for role allow rules.

	      Search for role_transition rules.

	      Search for range_transition rules.

       --all  Search all rule types.

       The user may specify an expression containing values for a given field(s) in a rule.  Only
       those  fields  applicable  to  a  given	rule  type will be used; all other fields will be
       ignored.  (For example, type_transition rules will ignore the permissions field.)   If  no
       expression is specified or if none of the specified fields apply to a given rule type, all
       rules of that type are considered to match the expression.

       -s NAME, --source=NAME
	      Find rules with type/attribute NAME as their source.

       -t NAME, --target=NAME
	      Find rules with type/attribute NAME as their target.

	      Find rules with role NAME as their source.

	      Find rules with role NAME as their target.

       -c NAME, --class=NAME
	      Find rules with class NAME as their object class.

       -p P1[,P2,...] --perm=P1[,P2...]
	      Find rules with at least one of the specified  permissions.   Multiple  permissions
	      may  be  specified  as  a comma separated list; it is recommended that this list be
	      quoted for shells that interpret comma as a special character.

       -b NAME, --bool=NAME
	      Find conditional rules with NAME in their conditional expression.  This option will
	      include rules in both the true and false lists of the conditional.

       The  following  additional  options  exist  to  modify how the search is performed and the
       amount of information printed for each result.

       -d, --direct
	      Normally rules are matched using the type given or any of  that  type's  attributes
	      (or  an  attribute's types).  This "indirect" matching also considers types used in
	      complemented sets, the special set "*", and the special target  "self".	When  the
	      direct flag is given, matching is done literally.  The rule must explicitly contain
	      the given type (or attribute) for it to be returned.

       -R, --regex
	      Use regular expressions to match	symbol	names.	 By  default  only  exact  string
	      matches will be considered.

       -n, --linenum
	      Print  the line number for each rule.  This option is ignored if using the --seman-
	      tic option or if line numbers are not available for the given policy.

       -S, --semantic
	      Search rules semantically instead of syntactically.  This  option  is  implied  for
	      policies for which syntactic rules are not available.

       -C, --show_cond
	      Print  the  conditional expression and state for all conditional rules found.  This
	      option has no effect on unconditional rules.

       -h, --help
	      Print help information and exit.

       -V, --version
	      Print version information and exit.

       This manual page was written by Jeremy A. Mowery <jmowery@tresys.com>.

       Copyright(C) 2003-2008 Tresys Technology, LLC

       Please report bugs via an email to setools-bugs@tresys.com.

       seinfo(1), apol(1)

Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 06:27 PM.

Unix & Linux Forums Content Copyright©1993-2018. All Rights Reserved.
Show Password

Not a Forum Member?
Forgot Password?