[NoGravitas]

That "show me all contexts related to samba" is something I'm really missing. I worked one weekend on getting NextCloud to play nicely with SELinux and Apache on Fedora 25 without any dirty tricks, and one thing that would really have come in handy was an accurate list of all the labels related to Apache. The only comprehensive lists I could find online were out-of-date, and the only things that were up to date were single examples.

[blockoperation]

sesearch is one way of doing it, for example:

  $ sesearch -A -s some_app_t -c file -p read -p write
  allow some_app_t some_type_t:file { read write };
  allow some_app_t some_other_type_t:file { read write };
  allow some_attribute_of_some_app_t yet_another_type_t:file { read write };

Or, say you want to do the opposite – you know the label, and want to find all domains that can read and write it:

  $ sesearch -A -t some_type_t -c file -p read -p write
  allow some_app_t some_type_t:file { read write };
  allow some_other_app_t some_type_t:file { read write };

You can use regexes for the parameters if you don't know the exact types (just specify '-r[stcdb]').

[NoGravitas]

I had no idea this existed. Thank you.