Other policy analysis

Two additional tools (sediff and sepolicy) exist that provide some insight into the current SELinux policy. The next two subsections cover these in more detail.

Comparing policies with sediff

The sediff tool, part of the setools package, looks at the differences between two policy files and reports the differences to the user. It does not provide patch-like capabilities (which the regular diff does) but is powerful to find and analyze small differences.

A common use case for the sediff tool is to validate that a source-built policy file is the same as the distribution-provided binary policy file. Administrators can then be certain that the source code they used to build a policy file is the same as that used by the distribution ...

Get SELinux System Administration - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SELinux System Administration - Second Edition by Sven Vermeulen

Other policy analysis

Comparing policies with sediff

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly