mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-13 17:44:54 +00:00
3e870d7c9b
sestatus has been modified to present additional information: SELinux root directory, MLS flag and the deny_unknow flag. The man page has been updated to reflect these changes and an sestatus.conf(5) man page has also been added. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
78 lines
1.8 KiB
Groff
78 lines
1.8 KiB
Groff
.TH "sestatus" "8" "26 Nov 2011" "Security Enhanced Linux" "SELinux command line documentation"
|
|
.SH "NAME"
|
|
sestatus \- SELinux status tool
|
|
|
|
.SH "SYNOPSIS"
|
|
.B sestatus
|
|
.I [\-v] [\-b]
|
|
.P
|
|
This tool is used to get the status of a system running SELinux.
|
|
|
|
.SH "DESCRIPTION"
|
|
This manual page describes the
|
|
.BR sestatus
|
|
program.
|
|
.sp
|
|
This tool is used to get the status of a system running SELinux. It displays data about whether SELinux is enabled or disabled, location of key directories, and the loaded policy with its status as shown in the example:
|
|
.RS
|
|
> sestatus
|
|
.br
|
|
SELinux status: enabled
|
|
.br
|
|
SELinuxfs mount: /selinux
|
|
.br
|
|
SELinux root directory: /etc/selinux
|
|
.br
|
|
Loaded policy name: targeted
|
|
.br
|
|
Current mode: permissive
|
|
.br
|
|
Mode from config file: enforcing
|
|
.br
|
|
Policy MLS status: enabled
|
|
.br
|
|
Policy deny_unknown status: allow
|
|
.br
|
|
Max kernel policy version: 26
|
|
.RE
|
|
.sp
|
|
\fBsestatus\fR can also be used to display:
|
|
.RS
|
|
.IP "-" 4
|
|
The security context of files and processes listed in the \fI/etc/sestatus.conf\fR file. The format of this file is described in \fBsestatus.conf\fR(5).
|
|
.IP "-" 4
|
|
The status of booleans.
|
|
.RE
|
|
|
|
.SH "OPTIONS"
|
|
.B \-v
|
|
.RS
|
|
Displays the contexts of files and processes listed in the \fI/etc/sestatus.conf\fR file. It also checks whether the file is a symbolic link, if so then the context of the target file is also shown.
|
|
.sp
|
|
The following contexts will always be displayed:
|
|
.RS
|
|
The current process context
|
|
.br
|
|
The init process context
|
|
.br
|
|
The controlling terminal file context
|
|
.RE
|
|
.RE
|
|
.sp
|
|
.B \-b
|
|
.RS
|
|
Display the current state of booleans.
|
|
.RE
|
|
|
|
.SH "FILES"
|
|
.I /etc/sestatus.conf
|
|
|
|
.SH "AUTHOR"
|
|
This man page was written by Daniel Walsh <dwalsh@redhat.com>.
|
|
.br
|
|
The program was written by Chris PeBenito <pebenito@gentoo.org>
|
|
|
|
.SH "SEE ALSO"
|
|
.BR selinux "(8), " sestatus.conf "(5)
|
|
|