NAME¶
apol - SELinux policy analysis tool
SYNOPSIS¶
apol [OPTIONS] [POLICY ...]
DESCRIPTION¶
apol is a graphical tool that allows the user to inspect aspects of a
SELinux policy. The tool allows the user to browse policy components (types,
classes, roles, users, etc.), rules (TE, RBAC, MLS), and file system contexts.
The tool also provides in depth analyses of domain transitions, information
flows, and relabeling permissions.
POLICY¶
apol supports loading a SELinux policy in one of four formats.
- source
- A single text file containing policy source for versions 12
through 21. This file is usually named policy.conf.
- binary
- A single file containing a monolithic kernel binary policy
for versions 15 through 21. This file is usually named by version - for
example, policy.20.
- modular
- A list of policy packages each containing a loadable policy
module. The first module listed must be a base module.
- policy list
- A single text file containing all the information needed to
load a policy, usually exported by SETools graphical utilities.
If a policy is not given on the command line then
apol will begin with
none loaded.
OPTIONS¶
- -h, --help
- Print help information and exit.
- -V, --version
- Print version information and exit.
AUTHOR¶
This manual page was written by Jeremy A. Mowery <jmowery@tresys.com>.
COPYRIGHT¶
Copyright(C) 2001-2007 Tresys Technology, LLC
BUGS¶
Please report bugs via an email to setools-bugs@tresys.com.
SEE ALSO¶
seinfo(1),
sesearch(1),
sechecker(1),
indexcon(1)