sebuild_graph man page

sebuild_graph ā€” SELinux policy visualization tool graph builder

Synopsis

sebuild_graph [-h] [-dg] [-fb [FILTER_BOOLS]] [-c CLASSES]
                   [-p [POLICY]] FILENAME

Description

Creates a snapshot of given SELinux policy (if no policy file is provided, policy loaded in the system is be used) that can be analyzed using segraph_query.

Options

Positional arguments

FILENAME

Name for the new policy graph file.

Optional arguments

-h, --help

show this help message and exit

-dg, --domain_grouping

Group SELinux domains based on package they belong to. Use with caution, generates false positives!

-fb [FILTER_BOOLS], --filter_bools [FILTER_BOOLS]

Filter rules based on current boolean setting or comma separated list of [boolean]:[on/off].

-c CLASSES, --class CLASSES

Comma separated list of object classes to be present in the graph. All classes assumed if omitted.

-p [POLICY], --policy [POLICY]

Path to the SELinux policy to be used.

Example

Create snapshot of SELinux policy loaded in the system (only rules concerning files and processes are considered, boolean setting is taken into account):

      $ sebuild_graph.py -fb -c file,process graph

See Also

segraph_query(1)

Author

Vit Mojzis <vmojzis@redhat.com>

Referenced By

seextract_cil(1), segraph_query(1).

2017-02-09 SELinux Policy Analysis Tool