SELinux/Find

From FedoraProject

Jump to: navigation, search

Find command

The find command has a powerful SELinux option "-context". This allows you to search for files matching a certain context. It uses a "glob" syntax to you can execute a command like

find /etc -context '*net_conf_t'
/etc/sysconfig/networking/profiles/default/resolv.conf
/etc/resolv.conf.windham
/etc/resolv.conf.comcast
/etc/ntp.conf
/etc/ntp/step-tickers
/etc/resolv.conf.old
/etc/yp.conf
/etc/resolv.conf.redhat
/etc/resolv.conf

To find all the files labeled with type net_conf_t.

Another handy find option is:

find /etc -context "*net_conf_t" -printf "%p %Z\n"
/etc/sysconfig/networking/profiles/default/resolv.conf system_u:object_r:net_conf_t
/etc/resolv.conf.windham system_u:object_r:net_conf_t
/etc/resolv.conf.comcast system_u:object_r:net_conf_t
/etc/ntp.conf system_u:object_r:net_conf_t
/etc/ntp/step-tickers system_u:object_r:net_conf_t
/etc/resolv.conf.old system_u:object_r:net_conf_t
/etc/yp.conf root:object_r:net_conf_t
/etc/resolv.conf.redhat system_u:object_r:net_conf_t
/etc/resolv.conf system_u:object_r:net_conf_t