How can I query for all selinux rules/default file contexts/etc affecting a type

linux security selinux

39,670

Some of the commands to obtain this info are (examples use httpd_log_t):

seinfo

# seinfo -x --type=httpd_log_t /etc/selinux/default/policy/policy.26
   httpd_log_t
      file_type
      non_security_file_type
      logfile

sesearch

# sesearch --dontaudit -t httpd_log_t /etc/selinux/default/policy/policy.26 | head
Found 35 semantic av rules:
    dontaudit run_init_t file_type : dir { getattr search open } ;
    dontaudit staff_t non_security_file_type : file getattr ;
    dontaudit staff_t non_security_file_type : dir { ioctl read getattr lock search open } ;
    dontaudit staff_t non_security_file_type : lnk_file getattr ;
    dontaudit staff_t non_security_file_type : sock_file getattr ;
    dontaudit staff_t non_security_file_type : fifo_file getattr ;
    dontaudit unconfined_t non_security_file_type : file getattr ;
    dontaudit unconfined_t non_security_file_type : dir { ioctl read getattr lock search open } ;
    dontaudit unconfined_t non_security_file_type : lnk_file getattr ;

semanage

# semanage fcontext -l | grep httpd_log_t
/etc/httpd/logs                                    all files          system_u:object_r:httpd_log_t:s0
/var/log/apache(2)?(/.*)?                          all files          system_u:object_r:httpd_log_t:s0
/var/log/apache-ssl(2)?(/.*)?                      all files          system_u:object_r:httpd_log_t:s0
/var/log/cacti(/.*)?                               all files          system_u:object_r:httpd_log_t:s0
/var/log/cgiwrap\.log.*                            regular file       system_u:object_r:httpd_log_t:s0
/var/log/horde2(/.*)?                              all files          system_u:object_r:httpd_log_t:s0
/var/log/httpd(/.*)?                               all files          system_u:object_r:httpd_log_t:s0
/var/log/lighttpd(/.*)?                            all files          system_u:object_r:httpd_log_t:s0
/var/log/piranha(/.*)?                             all files          system_u:object_r:httpd_log_t:s0
/var/www(/.*)?/logs(/.*)?                          all files          system_u:object_r:httpd_log_t:s0

References: RHEL6 SELinux manual

39,670

Yanko Hernández Álvarez

Updated on September 18, 2022

Comments

Yanko Hernández Álvarez almost 2 years
I need to know everything related to a selinux type on a running system's current rules:
- allow, allowaudit, dontaudit rules.
- files labeled with a context using the type.
- transitions.
...and any other info.

Is there any command(s) I can use to query for that info or should I download the all selinux related "src" packages, filter out the modules not in use and grep every file for that info? There must be an easier way to do that.
Yanko Hernández Álvarez almost 11 years

is there any way to know which modules use a specified type? i.e. how to connect that info to the loaded selinux policy module (semodule -l)?
Yanko Hernández Álvarez almost 11 years

OK, I will reduce the scope of the question to mark this answer as accepted and separate the first aspect to another question.
dawud almost 11 years

@YankoHernándezÁlvarez believe it or not, I've trying to figure that out. I've post my findings in you other question.
Michael Mol about 7 years

For those looking, that other question is here.