List of SELinux Utilities

This post lists some of the more commonly used command-line utilities for managing and operating SELinux.

 

utilities provided by policycoreutils package

 

The policycoreutils package installs the following utilities:

  • fixfiles: Fixes the security context on file systems
  • load_policy: Loads a new SELinux policy into the kernel
  • restorecon: Resets the security context on one or more files
  • setfiles: Initializes the security context on one or more files
  • secon: Displays the SELinux context from a file, program, or user input
  • semodule_package: Creates an SELinux policy module package
  • restorecond: Is a daemon that watches for file creation and sets the default file context
  • semodule: Manages SELinux policy modules
  • sestatus: Displays SELinux status
  • setsebool: Sets SELinux Boolean value

 

Utilities provided by libselinux-utils package

 

The libselinux-utils package installs the following utilities:

  • avcstat: Displays SELinux AVC statistics
  • getenforce: Reports the current SELinux mode
  • getsebool: Reports SELinux Boolean values
  • matchpathcon: Queries the system policy and displays the default security context associated with the file path
  • selinuxconlist: Displays all of the SELinux context reachable for a user
  • selinuxdefcon: Displays the default SELinux context for a user
  • selinuxenabled: Indicates whether SELinux is enabled
  • setenforce: Modifies the SELinux mode

 

Utilities provided by setools-console package

 

The setools-console package installs the following utilities:

  • findcon: An SELinux file context search tool
  • sechecker: An SELinux policy checking tool
  • sediff: An SELinux policy difference tool
  • seinfo: An SELinux policy query tool
  • sesearch: An SELinux policy query tool

 

Utilities provided by policycoreutils-python package

 

The policycoreutils-python package installs the following utilities:

  • semanage: Is an SELinux policy management tool
  • audit2allow, audit2why: Generates SELinux policy allow/don’t_audit rules from logs of denied operations
  • chcat: Changes or removes the security category for each file or user
  • sandbox: Runs a command in an SELinux sandbox
  • semodule_package: Creates an SELinux policy module package

 

Utilities provided by policycoreutils-gui package

 

The policycoreutils-gui package installs the following utilities:

  • system-config-selinux: SELinux Administration GUI
  • selinux-polgengui: SELinux policy generation tool

 

Was this answer helpful? 0 Users Found This Useful (0 Votes)