xenial (1) seinfo.1.gz

Provided by: setools_3.3.8+20151215-2_amd64 bug

NAME

       seinfo - SELinux policy query tool

SYNOPSIS

       seinfo [OPTIONS] [EXPRESSION] [POLICY ...]

DESCRIPTION

       seinfo allows the user to query the components of a SELinux policy.

POLICY

       seinfo supports loading a SELinux policy in one of four formats.

       source A single text file containing policy source for versions 12 through 21. This file is usually named
              policy.conf.

       binary A single file containing a monolithic kernel binary policy for versions 15 through 21.  This  file
              is usually named by version - for example, policy.20.

       modular
              A  list  of policy packages each containing a loadable policy module. The first module listed must
              be a base module.

       policy list
              A single text file containing all the information needed to load a  policy,  usually  exported  by
              SETools graphical utilities.

       If  no  policy  file  is provided, seinfo will search for the system default policy: checking first for a
       source policy, next for a binary policy matching the running kernel's preferred version, and finally  for
       the  highest  version  that can be found.  In the latter case, the policy will be downgraded to match the
       running system.  If no policy can be found, seinfo will print an error message and exit.

EXPRESSIONS

       One or more of the following component types can be queried. Each option may only be specified once.   If
       an option is provided multiple times, the last instance will be used. Some components support the -x flag
       to print expanded information about that component; if a particular component specified does not  support
       expanded  information,  the flag will be ignored for that component (see -x below). If no expressions are
       provided, policy statistics will be printed (see --stats below).

       -c[NAME], --class[=NAME]
              Print a list of object classes or, if NAME is provided, print the object  class  NAME.   With  -x,
              print a list of permissions for each displayed object class.

       --sensitivity[=NAME]
              Print a list of sensitivities or, if NAME is provided, print the sensitivity NAME.  With -x, print
              the corresponding level statement for each displayed sensitivity.

       --category[=NAME]
              Print a list of categories or, if NAME is provided, print the category NAME.   With  -x,  print  a
              list of sensitivities with which each displayed category may be associated.

       -t[NAME], --type[=NAME]
              Print  a  list  of  types (not including aliases or attributes) or, if NAME is provided, print the
              type NAME.  With -x, print a list of attributes which include each displayed type.

       -a[NAME], --attribute[=NAME]
              Print a list of type attributes or, if NAME is provided, print the attribute NAME.  With -x, print
              a list of types assigned to each displayed attribute.

       -r[NAME], --role[=NAME]
              Print  a  list  of  roles  or, if NAME is provided, print the role NAME.  With -x, print a list of
              types assigned to each displayed role.

       -u[NAME], --user[=NAME]
              Print a list of users or, if NAME is provided, print the user NAME.  With  -x,  print  a  list  of
              roles assigned to each displayed user.

       -b[NAME], --bool[=NAME]
              Print  a  list  of conditional booleans or, if NAME is provided, print the boolean NAME.  With -x,
              print the default state of each displayed conditional boolean.

       --initialsid[=NAME]
              Print a list of initial SIDs or, if NAME is provided, print the initial SID NAME.  With -x,  print
              the context assigned to each displayed SID.

       --fs_use[=TYPE]
              Print  a  list  of  fs_use  statements or, if TYPE is provided, print the statement for filesystem
              TYPE.  There is no expanded information for this component.

       --genfscon[=TYPE]
              Print a list of genfscon statements  or,  if  TYPE  is  provided,  print  the  statement  for  the
              filesystem TYPE.  There is no expanded information for this component.

       --netifcon[=NAME]
              Print  a  list  of netif contexts or, if NAME is provided, print the statement for interface NAME.
              There is no expanded information for this component.

       --nodecon[=ADDR]
              Print a list of node contexts or, if ADDR is provided, print  the  statement  for  the  node  with
              address ADDR.  There is no expanded information for this component.

       --polcap
              Print policy capabilities.

       --permissive
              Print permissive types.

       --portcon[=PORT]
              Print  a  list of port contexts or, if PORT is provided, print the statement for port PORT.  There
              is no expanded information for this component.

       --protocol=PROTO
              Print only portcon statements for the protocol PROTO. This option is ignored if portcon statements
              are not printed or if no statement exists for the requested port.

       --constrain
              Print a list of constraints.  There is no expanded information for this component.

       --all  Print all components.

OPTIONS

       -x, --expand
              Print  additional  details  for each component matching the expression.  These details include the
              types assigned to an attribute or role and the permissions for an object class.   This  option  is
              not  available for all component types; see the description of each component for the details this
              option will provide.

       --stats
              Print policy statistics including policy type and version information and counts of all components
              and rules.

       -l, --line-breaks
              Print line breaks when displaying constraint statements.

       -h, --help
              Print help information and exit.

       -V, --version
              Print version information and exit.

AUTHOR

       This manual page was written by Jeremy A. Mowery <jmowery@tresys.com>.

       Copyright(C) 2003-2010 Tresys Technology, LLC

BUGS

       Please report bugs via an email to setools-bugs@tresys.com.

SEE ALSO

       sesearch(1), apol(1)

                                                                                                       seinfo(1)