Chapter 5. The sepolicy Suite
sepolicyutility provides a suite of features to query the installed SELinux policy. These features are either new or were previously provided by separate utilities, such as
setrans. The suite allows you to generate transition reports, man pages, or even new policy modules, thus giving users easier access and better understanding of the SELinux policy.
sepolicy. Run the following command as the root user to install
yum install policycoreutils-devel
sepolicysuite provides the following features that are invoked as command-line parameters:
Table 5.1. The
|booleans||Query the SELinux Policy to see description of Booleans|
|communicate||Query the SELinux policy to see if domains can communicate with each other|
|generate||Generate an SELinux policy module template|
|gui||Graphical User Interface for SELinux Policy|
|interface||List SELinux Policy interfaces|
|manpage||Generate SELinux man pages|
|network||Query SELinux policy network information|
|transition||Query SELinux policy and generate a process transition report|
sepolicy Python Bindings
sesearchutility is used for searching rules in a SELinux policy while the
seinfoutility allows you to query various other components in the policy.
seinfohave been added so that you can use the functionality of these utilities through the
sepolicysuite. See the example below:
> python >>> import sepolicy >>> sepolicy.info(sepolicy.ATTRIBUTE) Returns a dictionary of all information about SELinux Attributes >>>sepolicy.search([sepolicy.ALLOW]) Returns a dictionary of all allow rules in the policy.