In the previous chapters, we covered a few methods of analyzing SELinux policies through command-line utilities such as seinfo
and sesearch
. These utilities are able to assist users in performing single-step analysis: they either provide immediate information about a SELinux object (which is mainly what seinfo
is about) or are capable of querying direct SELinux rules (which is the scope of sesearch
).
Note
These utilities are provided through the setools
package. This package has recently received an overhaul with the release of setools
version 4, but at the time of writing this, it has not been included yet by RHEL. It offers new capabilities but also a slightly adjusted output. Throughout this chapter, the displayed outputs will not be accompanied with a warning that the output might be different from system to system.
Not all capabilities of the seinfo
and sesearch
utilities have been discussed yet though. The next few subsections will go a bit deeper into how these utilities...