seexport_graph

Section: SELinux Policy Analysis Tool (1)
Updated: 2017-02-09
Page Index
 

NAME

seexport_graph - SELinux policy graph export tool  

SYNOPSIS

seexport_graph [-h] [-c TCLASS] [-p PERMS] [-a ATTR] [-b BOOL] [-ea]
               [-fb [FILTER_BOOLS]] [-fa ATTR]
               package [policy]

 

DESCRIPTION

Exports part of given SELinux policy (concerning selected package) to a graphml file. This file can than be visualized (e.g. using Gephi - gephi.org)  

OPTIONS

 

Positional arguments

package
Policy concerning this package will be exported
policy
Path to the SELinux policy to be used.

 

Optional arguments

-h, --help
show this help message and exit

 

Rule search (similar to sesearch)

-c TCLASS, --class TCLASS
Comma separated list of object classes
-p PERMS, --perms PERMS
Comma separated list of permissions.
-a ATTR, --attr ATTR
Comma separated list of attributes.
-b BOOL, --bool BOOL
Comma separated list of Booleans in the conditional expression.
-ea
Expand rules ending in attribute (to all types that have given attribute)

 

Filtering

-fb [FILTER_BOOLS], --filter_bools [FILTER_BOOLS]
Filter rules based on current boolean setting or comma separated list of [boolean]:[on/off]
-fa ATTR, --filter_attrs ATTR
Filter out rules allowed for specified attributes. ATTR is comma separated list of attributes.
 

EXAMPLE

Export policy concerning bluetooth daemon (only access to files, boolean settings is taken into account):

      $ seexport_graph bluetooth -fb -c file,process
 

SEE ALSO

seextract_cil(1)  

BUGS

domain_groups_cil.conf has to be kept up to date using seextract_cil command. Only packages present there can be exported.  

AUTHOR

Vit Mojzis <vmojzis@redhat.com>


 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
Positional arguments
Optional arguments
Rule search (similar to sesearch)
Filtering
EXAMPLE
SEE ALSO
BUGS
AUTHOR
LinuxReviews : manual page archive : man1