This post lists some of the more commonly used command-line utilities for managing and operating SELinux.
utilities provided by policycoreutils package
The policycoreutils package installs the following utilities:
fixfiles: Fixes the security context on file systemsload_policy: Loads a new SELinux policy into the kernelrestorecon: Resets the security context on one or more filessetfiles: Initializes the security context on one or more filessecon: Displays the SELinux context from a file, program, or user inputsemodule_package: Creates an SELinux policy module packagerestorecond: Is a daemon that watches for file creation and sets the default file contextsemodule: Manages SELinux policy modulessestatus: Displays SELinux statussetsebool: Sets SELinux Boolean value
Utilities provided by libselinux-utils package
The libselinux-utils package installs the following utilities:
avcstat: Displays SELinux AVC statisticsgetenforce: Reports the current SELinux modegetsebool: Reports SELinux Boolean valuesmatchpathcon: Queries the system policy and displays the default security context associated with the file pathselinuxconlist: Displays all of the SELinux context reachable for a userselinuxdefcon: Displays the default SELinux context for a userselinuxenabled: Indicates whether SELinux is enabledsetenforce: Modifies the SELinux mode
Utilities provided by setools-console package
The setools-console package installs the following utilities:
findcon: An SELinux file context search toolsechecker: An SELinux policy checking toolsediff: An SELinux policy difference toolseinfo: An SELinux policy query toolsesearch: An SELinux policy query tool
Utilities provided by policycoreutils-python package
The policycoreutils-python package installs the following utilities:
semanage: Is an SELinux policy management toolaudit2allow, audit2why: Generates SELinux policy allow/don’t_audit rules from logs of denied operationschcat: Changes or removes the security category for each file or usersandbox: Runs a command in an SELinux sandboxsemodule_package: Creates an SELinux policy module package
Utilities provided by policycoreutils-gui package
The policycoreutils-gui package installs the following utilities:
system-config-selinux: SELinux Administration GUIselinux-polgengui: SELinux policy generation tool
