86
Chapter 6. Tools for Manipulating and Analyzing SELinux
Figure 6 7. Policy Rules and TE Rules Search
The Search Options menu lets you pick search parameters. The selection for Only search for en
abled rules refers to the Boolean value for a rule, or if a conditional expression (
ifdef
statement) is
true. This selection is a filter that can hide or reveal a large number of possible routes between a pair
of types.
If you expand your search to include disabled conditional rules, you can have the results highlighted.
By selecting Mark enabled conditional rules and Mark disabled conditional rules, the conditional
rules are identified and marked with their status of Enabled or Disabled.
The search parameter tabs Types/Attributes and Classes/Permissions let you describe details about
the source and target you are analyzing. An asterisk * appears on the tab if a parameter from that tab
is set and affecting the search. You can define the source by using the exact type or using a regular
expression. Automatically, the expression is anchored at both ends, so a caret
^
and dollar sign
$
surround the search terms unless you explicitly change them.
You can choose to Include Indirect Matches, which expands the search to include attributes. You
may choose to search by type and/or by attribute, with searching by attribute being similar to including
indirect matches.
You can further refine or expand the search using the object classes and associated permissions under
the Classes/Permissions tab.
The search results are displayed in a tabular format, with a different search result and its search
parameters for each tab. Switching between search result tabs changes the search parameters. You can
keep up to ten results open at a time.
To start a new search, you click New, which displays the results in a new tab. You can change the
search parameters and click Update, which updates the search within the existing tab. This allows
you to keep track of many different parts of an analysis. You can save queries for later recall using
Query =
Save Query.
a
Example 6 1 shows the contents of a search result field from the Type Enforcement Rules Display
area. The search that generated these results included searching for enabled and disabled conditional
rules with display. The type searched for is
^httpd_t$
as a source and/or target. The comments
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved