The sesearch command is used to query the SELinux policy rule details. It is a powerful tool to analyze SELinux policy rules and find out why a particular operation is being denied. It can also be used to find out which rules are being applied to a particular file or process.
Overview
The sesearch command has the following syntax:
sesearch [options] query
Where query is a string that specifies the search criteria. The query argument can be a file name, a process name, a user name, or a permission. The options argument is optional and can be used to modify the behavior of the sesearch command.
Examples
- To find out which rules are being applied to a particular file:
sesearch -A -s unconfined_t -t etc_t /etc/passwd
This command will display all the SELinux policy rules that apply to the /etc/passwd file.
- To find out why a particular operation is being denied:
sesearch -A -s unconfined_t -t etc_t -c file -p read
This command will display all the SELinux policy rules that deny the read operation on files with the etc_t type.
- To find out which processes are running with a particular SELinux context:
sesearch -T -s httpd_t -c process
This command will display all the processes that are running with the httpd_t SELinux context.
Specific Use Cases
The sesearch command can be used in various scenarios, including:
- Troubleshooting SELinux policy violations
- Analyzing SELinux policy rules
- Finding out which processes are running with a particular SELinux context
- Finding out which files are labeled with a particular SELinux type
Options
The sesearch command has the following options:
| Option | Description |
|---|---|
| -A | Display all matches |
| -C | Display only the count of matches |
| -T | Display the type of the match |
| -s | Specify the source context |
| -t | Specify the target context |
| -c | Specify the class of the permission |
| -p | Specify the permission |
| -S | Use a different SELinux policy file |
| -P | Use a different policy module |
| -h | Display help |
Troubleshooting tips
If you are having issues with the sesearch command, consider the following tips:
- Make sure you have the necessary permissions to query the SELinux policy. The
sesearchcommand requires root privileges to run. - Double-check your search criteria. The
sesearchcommand is very powerful, but it can also return a lot of results if the search criteria are too broad. - Use the
-Coption to display only the count of matches. This can help you quickly determine if there are any matches without having to parse through a large amount of output.
Notes
- The
sesearchcommand is part of thepolicycoreutils-python-utilspackage and is included in most Linux distributions. - The output of the
sesearchcommand can be quite verbose. Consider using thegrepcommand to filter the output if you are looking for a specific result. - The
sesearchcommand only works with SELinux policies. If you are not using SELinux, this command will not be useful.