From 09320e25a03ff862cc6e70340259961a00c9ea0cf0cbc9eec3665402520d08f8 Mon Sep 17 00:00:00 2001
From: Sam Hadow <sam.hadow@inbox.lv>
Date: Sat, 22 Feb 2025 21:27:03 +0100
Subject: [PATCH] update selinux commands

---
 selinux.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/selinux.md b/selinux.md
index 321c51b..01c6d83 100644
--- a/selinux.md
+++ b/selinux.md
@@ -27,3 +27,24 @@ apply change
 Relabeled /usr/bin/file from unconfined_u:object_r:bin_t:s0 to system_u:object_r:bin_t:s0
 # restorecon -R for recursive
 ```
+
+## Containers
+
+### volumes
+` :z `  shared content label  
+` :Z `  private unshared label  
+` :ro,z ` combine read only and SElinux label  
+
+### udica
+[git](https://github.com/containers/udica)  
+```
+$ podman inspect $(podman ps -f name=<container name> -q) > container.json
+# udica -j container.json  my_container
+```
+
+## denied access
+
+see recent denials
+```
+# ausearch -m avc -ts recent
+```