SELinux commands cheatsheet

A comprehensive list of SELinux commands with descriptions.

avcstat
Display short Selinux AVC statistical numbers (lookups, hits, misses, allocs, reclaims, frees).

avcstat

audit2allow
Automatically create rules to allow actions based on deny logs from SELinux.

cat /var/log/audit/audit.log | audit2allow
cat /var/log/audit/audit.log | grep apache | audit2allow

audit2why
Get more detailed output (human readable) from the SELinux log.

cat /var/log/audit/audit.log | audit2why

chcon
Change the SELinux context of a file or directory temporarily.
Upon reboot or reset (restorecon), the context will be changed back again.

chcon user_home_t /home/user
chcon -R -t user_home_t /home/*

checkpolicy

fixfiles

genhomedircon

getsebool

getenforce

matchpathcon

newrole

restorecon

run_init

selinuxenabled

sestatus

setfiles

setsebool

setenforce

Leave a Reply