For an arbitrary object type, e.g. user_tmp_t
, I want to know which processes are allowed to access this tag. How do I find all allow rules that reference user_tmp_t
?
Redhat – SELinux: How to show all allowed rules for a type
redhatselinux
Related Topic
- Redhat – SElinux: allow httpd to connect to a specific port
- Linux – SELinux permissions for LogRotate and Apache
- SELinux: How to create a new file type
- Centos – Opening ports in SELinux: How to give a daemon permission to listen on predefined port type
- Fedora – How to Configure SELinux to Allow a Port for a New Undefined Service Type
Best Answer
You can't directly find the processes that can transition to a given type, but you can sort of do it indirectly.
It's time to get familiar with the
sesearch
tool. This tool lets you query the SELinux policy in a variety of ways.Here, we will see which types can transition to the
user_tmp_t
type. Among them will be types for the processes you are interested in. As you can see, this also gives you some hints as to what the process will be allowed to do.