sebuild_graph

Section: SELinux Policy Analysis Tool (1)
Updated: 2017-02-09
Page Index
 

NAME

sebuild_graph - SELinux policy visualization tool graph builder  

SYNOPSIS

sebuild_graph [-h] [-dg] [-fb [FILTER_BOOLS]] [-c CLASSES]
                   [-p [POLICY]] FILENAME

 

DESCRIPTION

Creates a snapshot of given SELinux policy (if no policy file is provided, policy loaded in the system is be used) that can be analyzed using segraph_query.  

OPTIONS

 

Positional arguments:

FILENAME
Name for the new policy graph file.

 

Optional arguments:

-h, --help
show this help message and exit
-dg, --domain_grouping
Group SELinux domains based on package they belong to. Use with caution, generates false positives!
-fb [FILTER_BOOLS], --filter_bools [FILTER_BOOLS]
Filter rules based on current boolean setting or comma separated list of [boolean]:[on/off].
-c CLASSES, --class CLASSES
Comma separated list of object classes to be present in the graph. All classes assumed if omitted.
-p [POLICY], --policy [POLICY]
Path to the SELinux policy to be used.

 

EXAMPLE

Create snapshot of SELinux policy loaded in the system (only rules concerning files and processes are considered, boolean setting is taken into account):

      $ sebuild_graph.py -fb -c file,process graph


 

SEE ALSO

segraph_query(1)  

AUTHOR

Vit Mojzis <vmojzis@redhat.com>


 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
Positional arguments:
Optional arguments:
EXAMPLE
SEE ALSO
AUTHOR