seinfo 命令

常用示例

说明

seinfo is a SELinux policy query tool that allows users to examine the components of a SELinux policy. It can analyze both binary and source policies, providing detailed information about types, attributes, roles, users, booleans, object classes, and constraints. If no policy file is provided, seinfo searches for the system default policy: first checking for a source policy, then for a binary policy matching the running kernel's preferred version, and finally for the highest version available. The tool supports loading policies in source format (policy.conf), binary format (e.g., policy.20), or modular format with loadable policy modules. seinfo is part of the SETools suite and is commonly used for policy analysis, debugging, and security auditing on SELinux-enabled systems.

参数

-a _ATTR_

Display type attributes or details for a named attribute.

-b _BOOL_

Show booleans or specific boolean configuration.

-c _CLASS_

List object classes or permissions for a specific class.

-r _ROLE_

Query roles or role-specific information.

-t _TYPE_

Examine types or their assigned attributes.

-u _USER_

Display users or user statements.

--category _CAT_

Show categories or associated sensitivities.

--common _COMMON_

List common permission sets.

--constrain _CLASS_

Display constraints and mlsconstraints for an object class.

--all

Query all policy components.

-x, --expand

Print additional details for each component matching the expression.

--flat

Exclude formatting headers and indentation.

-v, --verbose

Display extra informational content.

--debug

Activate debugging output.

-h, --help

Display help documentation.

--version

Show version information.