Other policy analysis
Two additional tools (sediff
and sepolicy
) exist that provide some insight into the current SELinux policy. The next two subsections cover these in more detail.
Comparing policies with sediff
The sediff
tool, part of the setools
package, looks at the differences between two policy files and reports the differences to the user. It does not provide patch-like capabilities (which the regular diff does) but is powerful to find and analyze small differences.
A common use case for the sediff
tool is to validate that a source-built policy file is the same as the distribution-provided binary policy file. Administrators can then be certain that the source code they used to build a policy file is the same as that used by the distribution ...
Get SELinux System Administration - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.