List of SELinux Utilities – The Geek Diary

This post lists some of the more commonly used command-line utilities for managing and operating SELinux.

utilities provided by policycoreutils package

The policycoreutils package installs the following utilities:

fixfiles: Fixes the security context on file systems
load_policy: Loads a new SELinux policy into the kernel
restorecon: Resets the security context on one or more files
setfiles: Initializes the security context on one or more files
secon: Displays the SELinux context from a file, program, or user input
semodule_package: Creates an SELinux policy module package
restorecond: Is a daemon that watches for file creation and sets the default file context
semodule: Manages SELinux policy modules
sestatus: Displays SELinux status
setsebool: Sets SELinux Boolean value

The libselinux-utils package installs the following utilities:

avcstat: Displays SELinux AVC statistics
getenforce: Reports the current SELinux mode
getsebool: Reports SELinux Boolean values
matchpathcon: Queries the system policy and displays the default security context associated with the file path
selinuxconlist: Displays all of the SELinux context reachable for a user
selinuxdefcon: Displays the default SELinux context for a user
selinuxenabled: Indicates whether SELinux is enabled
setenforce: Modifies the SELinux mode

The setools-console package installs the following utilities:

The policycoreutils-python package installs the following utilities:

semanage: Is an SELinux policy management tool
audit2allow, audit2why: Generates SELinux policy allow/don’t_audit rules from logs of denied operations
chcat: Changes or removes the security category for each file or user
sandbox: Runs a command in an SELinux sandbox
semodule_package: Creates an SELinux policy module package

The policycoreutils-gui package installs the following utilities: