The seinfo and sesearch utilities can assist users in performing single-step analysis: they either provide immediate information about a SELinux object (which is mainly what seinfo is about) or are capable of querying direct SELinux rules (which is the scope of sesearch). These utilities are provided through the setools package.
Where the seinfo application displays information about SELinux objects, the sesearch application is used to query SELinux rules and behavior information between a source and a target resource.
For example to print out every httpd policy rule available, you can use the below command:
# sesearch --allow | grep httpd_t
If you encounter the below error:
sesearch: command not found
you may try installing the below package as per your choice of distribution.
| Distribution | Command |
|---|---|
| Debian | apt-get install setools |
| Ubuntu | apt-get install setools |
| Kali Linux | apt-get install setools |
| CentOS | yum install setools-console |
| Fedora | dnf install setools-console |
| Raspbian | apt-get install setools |
Summary
We have been using the sesearch application to query standard allow rules (type enforcement related access controls) as well as the impact of SELinux booleans on these allow rules. The sesearch application allows us to not just query rules based on the rule type, but also filter out those rules that match a given source expression using –source (-s) and/or target expression using –target (-t).
The sesearch application can deal with indirect source or target information. For instance, when querying information related to the java_domain attribute, it will also display rules of all types that have this attribute. In the previous setools versions, this behavior can be disabled with the -d option. In the recent setools versions, this can be selectively used on either source (using -ds) or target (using -dt).