selinux/python/sepolicy/sepolicy-communicate.8

48 lines
1.7 KiB
Groff
Raw Normal View History

.TH "sepolicy-communicate" "8" "20121005" "" ""
.SH "NAME"
sepolicy-communicate \- Generate a report showing if two SELinux Policy Domains can communicate
.SH "SYNOPSIS"
.br
.B sepolicy communicate [\-h] \-s SOURCE \-t TARGET [\-c TCLASS] [\-S SOURCEACCESS] [\-T TARGETACCESS]
.SH "DESCRIPTION"
Use
.B sepolicy communicate
to examine SELinux Policy and determine if a source SELinux Domain can communicate with a target SELinux Domain.
The default command looks to see if there are any file types that the source domain can write, which the target domain can read.
.SH "OPTIONS"
.TP
.I \-c, \-\-class
Specify the SELinux class which the source domain will attempt to communicate with the target domain. (Default file)
.TP
.I \-h, \-\-help
Display help message
.TP
.I \-s, \-\-source
Specify the source SELinux domain type.
.TP
.I \-S, \-\-sourceaccess
Specify the list of accesses used by the source SELinux domain type to communicate with the target domain. Default Open, Write.
.TP
.I \-t, \-\-target
Specify the target SELinux domain type.
.TP
.I \-T, \-\-targetaccess
Specify the list of accesses used by the target SELinux domain type to receive communications from the source domain. Default Open, Read.
.SH EXAMPLE
.nf
List types that can be used to communicate between samba daemon and apache server
# sepolicy communicate -s httpd_t -t smbd_t
Consider a type to be accessible by the source domain when it can be opened and appended to (as opposed to opened and written to)
# sepolicy communicate -s httpd_t -t smbd_t -S open,append
.SH "AUTHOR"
This man page was written by Daniel Walsh <dwalsh@redhat.com>
.SH "SEE ALSO"
sepolicy(8), selinux(8)