This post lists some of the more commonly used command-line utilities for managing and operating SELinux.
utilities provided by policycoreutils package
The policycoreutils package installs the following utilities:
- fixfiles: Fixes the security context on file systems
- load_policy: Loads a new SELinux policy into the kernel
- restorecon: Resets the security context on one or more files
- setfiles: Initializes the security context on one or more files
- secon: Displays the SELinux context from a file, program, or user input
- semodule_package: Creates an SELinux policy module package
- restorecond: Is a daemon that watches for file creation and sets the default file context
- semodule: Manages SELinux policy modules
- sestatus: Displays SELinux status
- setsebool: Sets SELinux Boolean value
Utilities provided by libselinux-utils package
The libselinux-utils package installs the following utilities:
- avcstat: Displays SELinux AVC statistics
- getenforce: Reports the current SELinux mode
- getsebool: Reports SELinux Boolean values
- matchpathcon: Queries the system policy and displays the default security context associated with the file path
- selinuxconlist: Displays all of the SELinux context reachable for a user
- selinuxdefcon: Displays the default SELinux context for a user
- selinuxenabled: Indicates whether SELinux is enabled
- setenforce: Modifies the SELinux mode
Utilities provided by setools-console package
The setools-console package installs the following utilities:
- findcon: An SELinux file context search tool
- sechecker: An SELinux policy checking tool
- sediff: An SELinux policy difference tool
- seinfo: An SELinux policy query tool
- sesearch: An SELinux policy query tool
Utilities provided by policycoreutils-python package
The policycoreutils-python package installs the following utilities:
- semanage: Is an SELinux policy management tool
- audit2allow, audit2why: Generates SELinux policy allow/don’t_audit rules from logs of denied operations
- chcat: Changes or removes the security category for each file or user
- sandbox: Runs a command in an SELinux sandbox
- semodule_package: Creates an SELinux policy module package
Utilities provided by policycoreutils-gui package
The policycoreutils-gui package installs the following utilities:
- system-config-selinux: SELinux Administration GUI
- selinux-polgengui: SELinux policy generation tool
Beginners Guide to SELinux
How to Disable or set SELinux to Permissive mode
How to Check whether SELinux is Enabled or Disabled
How to Disable or set SELinux to Permissive mode
How to Check whether SELinux is Enabled or Disabled