sesearch

sesearch is a command-line utility used to query SELinux policy rules. It is part of the Setools toolset and is widely employed for SELinux policy analysis, debugging, and auditing. The program reads the policy store and reports policy rules that would allow a given combination of subject, object, class, and permission.

Common tasks include identifying which permissions a subject type has on a target type, discovering all rules

sesearch outputs a list of matching rules with their policy contexts, such as source type, target type,

Because it analyzes the policy database directly, sesearch is a diagnostic tool rather than a runtime policy

Availability and history: sesearch is part of Setools, a suite developed for SELinux policy analysis. It is