Inspect and shape SELinux policy rules from the command line with a focused, queryable tool. 02.07.2026 | reading time: 2 min SELinux policies control what processes can do; the sepolicy command is a focused tool to inspect and query those policy elements so he can answer "why" a denial happened and prototype fixes. Quick inspection demo Run the helper to see available subcommands and then query a rule; for example try: ```sepolicy --help Usage: sepolicy [subcommand] [options] Available subcommands: generate, list, permissive, analyze, manpage Use "sepolicy <subcommand> --help" for details``` and a focused query might look like: ```sepolicy analyze --source httpd_t --target var_log_t Result: no explicit allow rule found; check transitions and filecontext rules``` which demonstrates how to discover whether a domain has an allow rule toward a type. When and how to use it Use sepolicy when he needs a policy-oriented view: to list rules that touch a type, to prototype a small custom module, or to find permissive domains; combine short queries during troubleshooting and longer examines when preparing a policy module to avoid overbroad fixes. Parameters worth knowing Common subcommands to remember include queries that filter by source or target, an analyze mode that explains missing permissions, a generate mode to scaffold modules, and a permissive listing to find domains relaxed for debugging; output is text, so pipe into grep or into an editor when crafting a fix. Other tools that fit here semanage, semodule, audit2allow and restorecon all complement sepolicy by managing booleans and modules, translating audit messages to policy snippets, and restoring file contexts while sepolicy helps inspect and prototype the required policy changes. Final word sepolicy gives a policy-first lens that helps him move from a logged denial to a precise change, reducing guesswork and unnecessary permissions; keep practicing and consider formalizing skills with certifications such as CompTIA Linux+ or LPIC-1 and intensive exam preparation at bitsandbytes.academy. Join Bits & Bytes Academy First class LINUX exam preparation. security utilities troubleshooting scripting Dieser Artikel wurde mithilfe von KI erstellt.