seinfo Command: Query SELinux Policy Under CentOS / RHEL / Linux

How do I query and get information about a policy under SELinux? How do I analyze a binary or a source policy file under SELinux?

Tutorial details
Difficulty level Intermediate
Root privileges Yes
Requirements seinfo
Est. reading time N/A
You need to use seinfo command. This command allows the user to query the components of a SELinux policy. You can analyze a binary or a source policy using this tool.

Installation

Type the following command:
# yum install setools-console
Sample outputs:

Loaded plugins: auto-update-debuginfo, protectbase, rhnplugin
0 packages excluded due to repository protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package setools-console.x86_64 0:3.3.7-4.el6 will be installed
--> Finished Dependency Resolution
 
Dependencies Resolved
 
================================================================================
 Package             Arch       Version          Repository                Size
================================================================================
Installing:
 setools-console     x86_64     3.3.7-4.el6      rhel-x86_64-server-6     328 k
 
Transaction Summary
================================================================================
Install       1 Package(s)
 
Total download size: 328 k
Installed size: 0  
Is this ok [y/N]: y
Downloading Packages:
setools-console-3.3.7-4.el6.x86_64.rpm                   | 328 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : setools-console-3.3.7-4.el6.x86_64                           1/1 
  Verifying  : setools-console-3.3.7-4.el6.x86_64                           1/1 
 
Installed:
  setools-console.x86_64 0:3.3.7-4.el6                                          
 
Complete!

How do I use seinfo Command?

The syntax is:

seinfo /path/to/policy
seinfo [options] /path/to/policy

For example, get information about /etc/selinux/targeted/policy/policy.24 policy, enter:
# seinfo /etc/selinux/targeted/policy/policy.24
Sample outputs:

 
Statistics for policy file: /etc/selinux/targeted/policy/policy.24
Policy Version & Type: v.24 (binary, mls)
 
   Classes:            81    Permissions:       235
   Sensitivities:       1    Categories:       1024
   Types:            3508    Attributes:        277
   Users:               9    Roles:              12
   Booleans:          190    Cond. Expr.:       225
   Allow:          275791    Neverallow:          0
   Auditallow:         97    Dontaudit:      202153
   Type_trans:      24052    Type_change:        38
   Type_member:        48    Role allow:         20
   Role_trans:        292    Range_trans:      3995
   Constraints:        87    Validatetrans:       0
   Initial SIDs:       27    Fs_use:             22
   Genfscon:           81    Portcon:           426
   Netifcon:            0    Nodecon:             0
   Permissives:        59    Polcap:              2

To list the number of types with the domain attribute, enter:
# seinfo -adomain -x | less
To print a list of user, enter:
# seinfo -adomain -u
Sample outputs:

   domain

Users: 9
   sysadm_u
   system_u
   xguest_u
   root
   guest_u
   staff_u
   user_u
   unconfined_u
   git_shell_u

To print a list of roles, enter:
# seinfo -adomain -r
Sample outputs:

   domain

Roles: 12
   guest_r
   staff_r
   user_r
   git_shell_r
   logadm_r
   object_r
   sysadm_r
   system_r
   webadm_r
   xguest_r
   nx_server_r

To print a list of conditional booleans:
# seinfo -adomain -b
# seinfo -adomain -b | less
# seinfo -adomain -bssh_sysadm_login -x

For more information read seinfo man page:
# man seinfo


🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 0 comments... add one


CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum