How can I query for all selinux rules/default file contexts/etc affecting a type
39,670
Some of the commands to obtain this info are (examples use httpd_log_t
):
-
seinfo
# seinfo -x --type=httpd_log_t /etc/selinux/default/policy/policy.26 httpd_log_t file_type non_security_file_type logfile
-
sesearch
# sesearch --dontaudit -t httpd_log_t /etc/selinux/default/policy/policy.26 | head Found 35 semantic av rules: dontaudit run_init_t file_type : dir { getattr search open } ; dontaudit staff_t non_security_file_type : file getattr ; dontaudit staff_t non_security_file_type : dir { ioctl read getattr lock search open } ; dontaudit staff_t non_security_file_type : lnk_file getattr ; dontaudit staff_t non_security_file_type : sock_file getattr ; dontaudit staff_t non_security_file_type : fifo_file getattr ; dontaudit unconfined_t non_security_file_type : file getattr ; dontaudit unconfined_t non_security_file_type : dir { ioctl read getattr lock search open } ; dontaudit unconfined_t non_security_file_type : lnk_file getattr ;
-
semanage
# semanage fcontext -l | grep httpd_log_t /etc/httpd/logs all files system_u:object_r:httpd_log_t:s0 /var/log/apache(2)?(/.*)? all files system_u:object_r:httpd_log_t:s0 /var/log/apache-ssl(2)?(/.*)? all files system_u:object_r:httpd_log_t:s0 /var/log/cacti(/.*)? all files system_u:object_r:httpd_log_t:s0 /var/log/cgiwrap\.log.* regular file system_u:object_r:httpd_log_t:s0 /var/log/horde2(/.*)? all files system_u:object_r:httpd_log_t:s0 /var/log/httpd(/.*)? all files system_u:object_r:httpd_log_t:s0 /var/log/lighttpd(/.*)? all files system_u:object_r:httpd_log_t:s0 /var/log/piranha(/.*)? all files system_u:object_r:httpd_log_t:s0 /var/www(/.*)?/logs(/.*)? all files system_u:object_r:httpd_log_t:s0
References: RHEL6 SELinux manual
Related videos on Youtube
Author by
Yanko Hernández Álvarez
Updated on September 18, 2022Comments
-
Yanko Hernández Álvarez almost 2 years
I need to know everything related to a selinux type on a running system's current rules:
- allow, allowaudit, dontaudit rules.
- files labeled with a context using the type.
- transitions.
...and any other info.
Is there any command(s) I can use to query for that info or should I download the all selinux related "src" packages, filter out the modules not in use and grep every file for that info? There must be an easier way to do that.
-
Yanko Hernández Álvarez almost 11 yearsis there any way to know which modules use a specified type? i.e. how to connect that info to the loaded selinux policy module (semodule -l)?
-
Yanko Hernández Álvarez almost 11 yearsOK, I will reduce the scope of the question to mark this answer as accepted and separate the first aspect to another question.
-
dawud almost 11 years@YankoHernándezÁlvarez believe it or not, I've trying to figure that out. I've post my findings in you other question.
-
Michael Mol about 7 yearsFor those looking, that other question is here.