Chapter 6. Tools for Manipulating and Analyzing SELinux


75


Classes:


53


Permissions:


192


Types:


316


Attributes:


0


Users:


3


Roles:


4


Booleans:


20


Cond. Expr.:


21


Allow:


11134


Neverallow:


0


Auditallow:


2


Dontaudit:


569


Type_trans:


157


Type_change:


0


Role allow:


5


Role trans:


0


Initial SIDs:


0


sesearch


Similar to the way that


seinfo


provides light information gathering functionality from apol on


the command line,


sesearch


lets you search for a particular type in the policy. Policy source or


binary can be used.


sesearch  a  t httpd_sys_content_t $SELINUX_POLICY/policy.conf


5 Rules match your search criteria


allow


httpd_suexec_t { httpd_sys_content_t \


httpd_sys_script_ro_t httpd_sys_script_rw_t \


httpd_sys_script_exec_t } : dir


{ getattr search };


allow


httpd_sys_script_t


httpd_sys_content_t : dir


\


{ getattr search };


allow


httpd_t


httpd_sys_content_t : dir


{ read getattr \


lock search ioctl };


allow


httpd_t


httpd_sys_content_t : file


{ read getattr \


lock ioctl };


allow


httpd_t


httpd_sys_content_t : lnk_file


{ getattr \


read };


# This same search, when performed on the binary policy file,


# generates 38 matching rules.


There are command line options to


sesearch


to control various factors of the search:


Option


Behavior


 s


,


  source


NAME


Search for rules that have the search expression as a


M


N


source;


NAME


is a regular expression.


M


N


 t


,


  target


NAME


Search for rules that have


NAME


as a target.


M


N


M


N


 c


,


  class


NAME


Search for rules that have


NAME


as the object class.


M


N


M


N


 p


,


  perms


P1[,P2...]


Search for one or more specific permissions.


M


N


  allow


Search for only


allow


rules.


  neverallow


Search for only


neverallow


rules.


  audit


Search for only


dontaudit


and


auditallow


rules.


  type


Search for only type transition (


type_trans


) and type


change (


type_change


) rules.


 i


,


  indirect


Do an indirect search, which looks for rules deriving


from a type's attribute.


 n


,


  noregex


Do not use regular expression matching for types and


attributes searched for.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      adult web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved