> Have you tried the seinfo and sesearch commands. Here are some examples: > > sesearch -SC --allow -s user_t -t file_type -c file -p execute > sesearch -SC --allow -s userdomain -t etc_t -c file > sesearch -SC --allow -t exec_type > > (man sesearch) > > seinfo -x -aexec_type > seinfo -x -tetc_t > > (man seinfo) > Oh man, how I've been looking for this command for absolute ages!!! I've had a 'problem' with the '*_server_packet_t' and '*_client_packet_t' types which are 'automatically' created when the network_port() macro is called and could not figure out whether these types already exist or not (had to guess!) after I could not find any suitable command to search the policy for them ... until now! -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
