Query the rule details of the SELinux policy
Use the seinfo command to query how many related rules the SELinux policy provides. If you find the related type or Boolean value and want to know the detailed rules, use the sesearch command to query. SELinux policy and rule management related commands: seinfo command, sesearch command, getsebool command, setsebool command, semanage command.
sesearch [-a] [-s body type] [-t target type] [-b boolean]
-a: List all related information of this type or Boolean value
-t: followed by the type, for example -t httpd_t
-b: followed by a Boolean rule, for example -b httpd_enable_ftp_server
Find out the relevant information about the target file resource type httpd_sys_content_t
:
sesearch -a -t httpd_sys_content_t
Find out all the information related to the main process being httpd_t
and the target file type being httpd:
sesearch -s httpd_t -t httpd_* -a
See how many rules the boolean httpd_enable_homedirs
has set
sesearch -b httpd_enable_homedirs -a