The seinfo command is a Linux command that is used to query the Security-Enhanced Linux (SELinux) policy and display the number of relevant rules that are provided by the policy. SELinux is a mandatory access control (MAC) security mechanism that is implemented in the Linux kernel. It is designed to provide a higher level of security by enforcing access controls on system resources, such as files, processes, and network ports.
Overview
The seinfo command is used to display information about the SELinux policy, including the number of relevant rules that are provided by the policy. This information can be useful for troubleshooting SELinux-related issues and for understanding the security posture of a system.
The seinfo command can be used with various options to display different types of information about the SELinux policy. For example, the -a option can be used to display information about all available SELinux attributes, while the -t option can be used to display information about all available SELinux types.
Here are some examples of how to use the seinfo command:
$ seinfo -r
Policy Capability: query
CentOS7
Policy version: 28
Policy language version: 28
Policy minimum MLS level: s0
Policy MLS range: s0:c0.c1023
Policy deny_unknown: no
Max kernel policy version: 28
This command displays the relevant rules for the SELinux policy, as well as other information such as the policy version, policy language version, and policy minimum MLS level.
$ seinfo -a
Policy Capability: query
...
This command displays all available SELinux attributes.
$ seinfo -t
Policy Capability: query
...
This command displays all available SELinux types.
Options
The seinfo command supports the following options:
| Option | Description |
|---|---|
-r |
Display the relevant rules for the SELinux policy. |
-a |
Display all available SELinux attributes. |
-t |
Display all available SELinux types. |
-x |
Display all available SELinux contexts. |
-u |
Display all available SELinux users. |
-b |
Display all available SELinux booleans. |
-d |
Display all available SELinux defaults. |
-f |
Display all available SELinux file contexts. |
-l |
Display all available SELinux ports. |
-m |
Display all available SELinux modules. |
-p |
Display all available SELinux policy capabilities. |
-z |
Display all available SELinux categories. |
Troubleshooting tips
If you are having trouble using the seinfo command, here are some troubleshooting tips:
- Make sure that SELinux is enabled on your system. You can check this by running the
sestatuscommand. - Make sure that you have the necessary permissions to run the
seinfocommand. You may need to run the command as root or with sudo privileges. - If you are getting an error message when running the
seinfocommand, make sure that you have typed the command correctly and that you are using the correct options.
Notes
- The
seinfocommand is only available on systems that have SELinux enabled. - The output of the
seinfocommand can be quite verbose, so it is often helpful to pipe the output to a pager such asless. For example, you can runseinfo -r | lessto display the relevant rules for the SELinux policy in a more readable format.