Интерактивная система просмотра системных руководств (man-ов)
sesearch (1)
>> sesearch (1) ( Linux man: Команды и прикладные программы пользовательского уровня )
NAME
sesearch - SELinux policy query tool
SYNOPSIS
sesearch
[OPTIONS] [POLICY_FILE]
DESCRIPTION
This manual page describes the
sesearch
command.
sesearch
allows the user to query a SELinux policy for type enforcement rules.
OPTIONS
-s NAME, --source NAME
find rules with NAME type/attrib (regex) as source
-t NAME, --target NAME
find rules with NAME type/attrib (regex) as target
--role_source NAME
find rules with NAME role (regex) as source
--role_target NAME
find rules with NAME role (regex) as target
-c NAME, --class NAME
find rules with NAME as the object class
-p P1[,P2,...] --perms P1[,P2...]
find rules with the specified permissions
-b NAME, --boolean NAME
find conditional rules with NAME in the expression
--allow
search for allow rules only
--neverallow
search for neverallow rules only
--audit
search for auditallow and dontaudit rules only
--type
search for type_trans and type_change rules only
--rangetrans
search for range transition rules
--role_allow
search for role allow rules
--role_trans
search for role transition rules
-a, --all
show all rules regardless of type, class, or perms
-i, --indirect
also search for the type's attributes
-n, --noregex
do not use regular expression to match type/attributes
-l, --lineno
include line # in policy.conf for each rule. This option is ignored if using a binary policy.
-C, --show_cond
show conditional expression for conditional rules
-h, --help
display this help and exit
-v, --version
output version information and exit
INFORMATION
If none of -s, -t, -c, -p, -b, --role_source, or --role_target
are specified, then all rules are shown.
You must specify -a (--all), or one of more of --allow, --neverallow,
--audit, --rangetrans, --role_allow, --role_trans or --type.
The default source policy, or if that is unavailable the default binary policy, will be opened if no policy file name is provided.
