sesearch
sesearch(1) sesearch(1)
NAME
sesearch - SELinux policy query tool
SYNOPSIS
sesearch [OPTIONS] [POLICY_FILE]
DESCRIPTION
This manual page describes the sesearch command.
sesearch allows the user to query a SELinux policy for type enforce-
ment rules.
OPTIONS
-s NAME, --source NAME
find rules with NAME type/attrib (regex) as source
-t NAME, --target NAME
find rules with NAME type/attrib (regex) as target
-c NAME, --class NAME
find rules with NAME as the object class
-p P1[,P2,...] --perms P1[,P2...]
find rules with the specified permissions
-b NAME, --boolean NAME
find conditional rules with NAME in the expression
--allow
search for allow rules only
--neverallow
search for neverallow rules only
--audit
search for auditallow and dontaudit rules only
--type search for type_trans and type_change rules only
-i, --indirect
also search for the type’s attributes
-n, --noregex
do not use regular expression to match type/attributes
-a, --all
show all rules regardless of type, class, or perms
-l, --lineno
include line # in policy.conf for each rule. This option is
ignored if using a binary policy.
-C, --show_cond
show conditional expression for conditional rules
-h, --help
display this help and exit
-v, --version
output version information and exit
INFORMATION
If none of -s, -t, -c, -p -b are specified, then all rules are shown.
You must specify -a (--all), or one of more of --allow,
--neverallow,--audit, or --type.
The default source policy, or if that is unavailable the default
binary policy, will be opened if no policy file name is provided.
AUTHOR
This manual page was written by Kevin Carr <kcarr@tresys.com>.
COPYRIGHT
Copyright(C) 2006 Tresys Technology, LLC
SEE ALSO
seinfo(1), apol(1)
sesearch(1)
