sesearch 命令

常用示例

说明

sesearch is a SELinux policy query tool from the setools package that allows users to search and analyze rules within a SELinux policy. It can query both binary policy files (typically named policy.XX) and modular policies, making it essential for SELinux policy debugging and development. The tool supports searching various rule types including allow rules, type transitions, role-based access control rules, and MLS (Multi-Level Security) range transitions. Results can be filtered by source type, target type, object class, permissions, and Boolean conditions.

参数

-A, --allow

Search for allow and allowxperm rules

-T, --type_transition

Search for type_transition rules

--auditallow

Search for auditallow rules

--dontaudit

Search for dontaudit rules

-s, --source _NAME_

Find rules with matching source type/attribute

-t, --target _NAME_

Find rules with matching target type/attribute

-c, --class _NAME_

Find rules with matching object class

-p, --perm _P1,P2,..._

Find rules with matching permissions (comma-separated)

-b, --bool _NAME_

Find rules with matching conditional Boolean

-ds

Match source type directly, not by attribute

-dt

Match target type directly, not by attribute

-v, --verbose

Display additional rule information

--version

Print version and exit