seexport_graph - Man Page
SELinux policy graph export tool
Synopsis
seexport_graph [-h] [-c TCLASS] [-p PERMS] [-a ATTR] [-b BOOL] [-ea]
[-fb [FILTER_BOOLS]] [-fa ATTR]
package [policy]Description
Exports part of given SELinux policy (concerning selected package) to a graphml file. This file can than be visualized (e.g. using Gephi - gephi.org)
Options
Positional arguments
- package
Policy concerning this package will be exported
- policy
Path to the SELinux policy to be used.
Optional arguments
- -h, ā--help
show this help message and exit
Rule search (similar to sesearch)
- -c TCLASS, --class TCLASS
Comma separated list of object classes
- -p PERMS, --perms PERMS
Comma separated list of permissions.
- -a ATTR, --attr ATTR
Comma separated list of attributes.
- -b BOOL, --bool BOOL
Comma separated list of Booleans in the conditional expression.
- -ea
Expand rules ending in attribute (to all types that have given attribute)
Filtering
- -fb [FILTER_BOOLS], --filter_bools [FILTER_BOOLS]
Filter rules based on current boolean setting or comma separated list of [boolean]:[on/off]
- -fa ATTR, --filter_attrs ATTR
Filter out rules allowed for specified attributes. ATTR is comma separated list of attributes.
Example
Export policy concerning bluetooth daemon (only access to files, boolean settings is taken into account):
$ seexport_graph bluetooth -fb -c file,process
See Also
Bugs
domain_groups_cil.conf has to be kept up to date using seextract_cil command. Only packages present there can be exported.
Author
Vit Mojzis <vmojzis@redhat.com>
Referenced By
seextract_cil(1), sevisual_query(1).