1. Administering SELinux
  2. About Administering SELinux in Oracle Linux
  3. SELinux Package Descriptions

SELinux Package Descriptions

SELinux contains several packages, each of which contain specific utilities that you can use to administer SELinux on Oracle Linux systems. Some packages are installed by default, while other packages are optional.

The following table describes the SELinux packages that are installed by default with Oracle Linux.

Package Description

policycoreutils

Provides utilities such as load_policy, restorecon, secon, setfiles, semodule, sestatus, and setsebool for operating and managing SELinux.

libselinux

Provides the API that SELinux applications use to get and set process and file security contexts, and to obtain security policy decisions.

python3-libselinux

Contains Python bindings for developing SELinux applications.

selinux-policy

Provides the SELinux Reference Policy, which is used as the basis for other policies, such as the SELinux targeted policy.

selinux-policy-targeted

Provides the SELinux targeted policy, where objects outside the targeted domains run under DAC.

libselinux-utils

Provides the avcstat, getenforce, getsebool, matchpathcon, selinuxconlist, selinuxdefcon, selinuxenabled, setenforce, and togglesebool utilities.

The following table describes useful SELinux packages that aren't installed by default.

Package Description

mcstrans

Translates SELinux levels, such as s0-s0:c0.c1023, to an easier-to-read form, such as SystemLow-SystemHigh.

policycoreutils-python-utils

Provides Python utilities for operating SELinux, such as audit2allow, audit2why, chcat, and semanage.

selinux-policy-mls

Provides a strict Multi-Level Security (MLS) policy as an alternative to the SELinux targeted policy.

selinux-policy-doc Provides manual pages for many SELinux policy elements.

setroubleshoot

Enables you to view setroubleshoot-server messages by using the sealert command.

setroubleshoot-server

Translates access-denial messages from SELinux into detailed descriptions that you can view on the command line using the sealert command.

setools-console

Provides the Tresys Technology SETools distribution of tools and libraries, which you can use to analyze and query policies, monitor and report audit logs, and to manage file context.

Use the dnf command or another suitable package manager to install SELinux packages that you require for the system.

For more information, see the SELinux Project Wiki, the selinux(8) manual page, and other manual pages for the SELinux commands.