sultree

⚡ Beta v0.1.0

SELinux-aware tree command for security-focused directory visualization

Display hierarchical directory structures filtered by SELinux security contexts. A wary oak - combining security awareness with the classic tree command.

GitHub Get Started

Quick Start

sultree extends the classic tree command with SELinux context filtering - visualize directory structures filtered by security contexts.

Basic Usage

$sultree /etc

/etc ├── passwd [system_u:object_r:passwd_file_t:s0] ├── shadow [system_u:object_r:shadow_t:s0] ├── group [system_u:object_r:passwd_file_t:s0] └── hosts [system_u:object_r:net_conf_t:s0] 4 files

Installation

From Source (Direct)

No installation required - run the standalone script directly:

Standalone

$git clone https://github.com/tenseleyFlow/sultree.git

$cd sultree && ./sultree /path/to/directory

pip Install

pip

$pip install .

Successfully installed sultree-0.1.0

$sultree --version

sultree 0.1.0

RPM Build

RPM

$make rpm

Building RPM package... Wrote: ~/rpmbuild/RPMS/noarch/sultree-0.1.0-1.noarch.rpm

$sudo dnf install ~/rpmbuild/RPMS/noarch/sultree-*.rpm

Dependencies

Runtime Requirements

Python 3.8+ - Core runtime
attr package - Provides getfattr for SELinux queries

Installing attr

Fedora/RHEL

$sudo dnf install attr

First Run

Verify SELinux is available and test basic functionality:

Verification

$getenforce

Enforcing

$sultree -L 1 /etc

/etc ├── passwd ├── shadow ├── group ├── hosts ├── hostname └── fstab 6 files

$sultree -S '*_t' -L 1 /etc

[SELinux contexts displayed for matching types]

Configuration

sultree is configured entirely through command-line arguments - no configuration files required. Internal constants define operational limits.

Internal Constants

These limits are defined in constants.py and provide security boundaries:

Option	Type	Default	Description
`MAX_DEPTH`	integer	1000	Maximum traversal depth limit
`MAX_FILE_LIMIT`	integer	100000	Maximum files per directory limit
`MAX_PATTERN_LENGTH`	integer	1000	Maximum pattern string length
`MAX_SELINUX_PATTERN_LENGTH`	integer	500	Maximum SELinux pattern length
`MAX_PATH_LENGTH`	integer	4096	Maximum file path length
`SELINUX_QUERY_TIMEOUT`	seconds	5	Timeout for SELinux context queries

Listing Options

Control what files and directories are displayed:

Option	Type	Default	Description
`-a, --all`	flag	false	Show all files including hidden (starting with .)
`-d, --dirs-only`	flag	false	List directories only, exclude regular files
`-l, --follow-links`	flag	false	Follow symbolic links as directories
`-f, --full-path`	flag	false	Print full path prefix for each file
`-x, --one-file-system`	flag	false	Stay on current filesystem only
`-L level`	integer	none	Descend only N directories deep

Pattern Options

Filter files by name patterns using shell-style wildcards:

Option	Type	Default	Description
`-P, --pattern <pattern>`	string	none	List only files matching pattern
`-I, --ignore <pattern>`	string	none	Exclude files matching pattern
`--match-dirs`	flag	false	Apply patterns to directory names
`--ignore-case`	flag	false	Case-insensitive pattern matching
`--filelimit N`	integer	none	Skip directories with more than N files

SELinux Options

Filter by SELinux security contexts:

Option	Type	Default	Description
`-S, --selinux <pattern>`	string	none	Filter by SELinux context pattern (repeatable)

Pattern Examples

-S passwd_file_t - Match exact type
-S "*_exec_t" - Match all executable types
-S "system_u:*" - Match system_u user
-S httpd_* - Match Apache-related contexts

Output Options

Option	Type	Default	Description
`--no-report`	flag	false	Omit file/directory count at end
`--version`	flag	-	Show version information

Overview

sultree is a SELinux-aware variant of the standard tree command. It displays hierarchical directory structures while filtering entries based on SELinux security contexts.

The name is a pun: "a wary oak" - combining security/SELinux awareness with the tree command concept. Written in Python with no third-party dependencies beyond the standard library.

Core Capabilities

Native SELinux context awareness and filtering
Display security contexts directly in tree output
Pattern-based filtering on SELinux types, roles, users
Memory-efficient iteration for large directory trees
Automatic symlink loop detection
Proper permission denied handling

System Overview

sultree is a pure Python application with a modular architecture designed for security and performance. No third-party dependencies are required.

src/sultree/
├── __init__.py          # Version and metadata
├── __main__.py          # CLI entry point
├── cli.py               # Main orchestration
├── args.py              # SecureArgumentParser
├── arg_definitions.py   # Data-driven arg definitions
├── validators.py        # Input validation
├── constants.py         # Configuration limits
├── traversal.py         # SecureTraverser engine
├── selinux.py           # SELinux filter module
└── tree_renderer.py     # Visual output rendering

CLI Reference

Complete command-line interface reference for sultree.

sultree [OPTIONS] [directories...]

DESCRIPTION
    Display directory trees with SELinux context filtering.
    The name is a pun: "a wary oak" - security-aware tree.

ARGUMENTS
    directories    One or more directories to display (default: .)

Listing Options

Option	Type	Default	Description
`-a, --all`	flag	false	Show all files including hidden (starting with .)
`-d, --dirs-only`	flag	false	List directories only, exclude regular files
`-l, --follow-links`	flag	false	Follow symbolic links as directories
`-f, --full-path`	flag	false	Print full path prefix for each file
`-x, --one-file-system`	flag	false	Stay on current filesystem only
`-L level`	integer	none	Descend only N directories deep

Pattern Options

Option	Type	Default	Description
`-P, --pattern <pattern>`	string	none	List only files matching pattern
`-I, --ignore <pattern>`	string	none	Exclude files matching pattern
`--match-dirs`	flag	false	Apply patterns to directory names
`--ignore-case`	flag	false	Case-insensitive pattern matching
`--filelimit N`	integer	none	Skip directories with more than N files

SELinux Options

Option	Type	Default	Description
`-S, --selinux <pattern>`	string	none	Filter by SELinux context pattern (repeatable)

Output Options

Option	Type	Default	Description
`--no-report`	flag	false	Omit file/directory count at end
`--version`	flag	-	Show version information

Exit Codes

Option	Type	Default	Description
`0`	code	-	Success - tree completed without errors
`1`	code	-	General error
`2`	code	-	Invalid arguments
`3`	code	-	Permission error
`4`	code	-	Partial success (some directories failed)
`130`	code	-	Interrupted (Ctrl+C)

Usage Examples

Basic Usage

$sultree

Tree of current directory

$sultree /etc /var

Tree multiple directories

$sultree -a ~/.config

Include hidden files

$sultree -d /usr

Directories only

Troubleshooting

Common issues and their solutions when using sultree.

getfattr utility not found

Problem: Warning about missing getfattr when using SELinux features.

Solution: Install the attr package:

Fix

$sudo dnf install attr

# Fedora/RHEL

$sudo apt install attr

# Debian/Ubuntu

SELinux is not enabled

Problem: Using -S flag on system without SELinux.

Solution: Enable SELinux or remove the -S flag:

Check

$getenforce

Disabled

$sudo setenforce 1

# Requires SELinux installed

$sultree /etc

# Use without -S flag

Permission denied errors

Problem: Cannot access certain directories.

Behavior: sultree logs warning and continues with accessible files.

Solution: Run with appropriate privileges:

Fix

$sudo sultree /root

# With privileges

$sultree -x ~/.local

# Restrict to user dirs

Symlink loops

Problem: Circular symlinks causing infinite traversal.

Solution: Automatic - sultree detects loops via inode tracking.

If using -l (follow-links) with circular symlinks, use -L to limit depth.

Large directory hangs

Problem: Traversal takes too long on massive directories.

Solution: Use limiting options:

Performance

$sultree -L 2 /usr

# Limit depth

$sultree --filelimit 100 /var

# Skip large dirs

$sultree -x /

# One filesystem

$sultree -S '*_t' -L 1 /etc

# SELinux + depth

Timeout querying SELinux

Problem: SELinux context queries timing out.

Cause: 5-second timeout on getfattr subprocess (security measure).

Solution: Check system load, try without SELinux filtering:

Debug

$uptime

# Check system load

$sultree /path

# Without -S flag

Invalid SELinux pattern

Problem: Pattern contains invalid/dangerous characters.

Cause: Characters like ; & | ` $ are stripped for security.

Solution: Use clean patterns:

Correct Patterns

$sultree -S 'passwd_file_t' /etc

# Exact type

$sultree -S '*admin*' /var

# Wildcard

$sultree -S 'system_u:*' /etc

# User prefix

Pattern not matching

Problem: Files not shown despite matching pattern.

Debug: Check actual context of target file:

Debug

$getfattr -n security.selinux /path/to/file

# Check actual context

$sultree -S 'exact_context' /path

# Test exact match

$sultree -S '*_type' --ignore-case /path

# Case insensitive

Common issues: patterns are case-sensitive by default, pattern matches any field (not just type), wildcards require exact syntax (? for single char, * for multiple).

Testing

Run tests and smoke checks to verify installation:

Testing

$make smoke-test

Running smoke tests... ✓ Version output ✓ Help text ✓ Basic tree ✓ Directory-only mode ✓ SELinux filtering All tests passed

$PYTHONPATH=src python3 -m unittest discover tests -v

Running unit tests...

$make cache-info

Cache statistics: - Hits: 847 - Misses: 153 - Hit rate: 84.7%

Getting Help

GitHub Issues: Report bugs or request features
Built-in Help: sultree --help

sultree

Quick Start

Installation

From Source (Direct)

pip Install

RPM Build

Dependencies

Runtime Requirements

Installing attr

First Run

Configuration

Internal Constants

Listing Options

Pattern Options

SELinux Options

Pattern Examples

Output Options

Overview

Core Capabilities

SELinux Integration

Context Format

Field Definitions

Context Queries

Query Mechanism

Pattern Filtering

File Patterns

Wildcard Syntax

SELinux Patterns

Pattern Matching Strategy

Directory Traversal

Traversal Features

vs Standard Tree

Supported Tree Features

Sultree Extensions

Not Supported

System Overview

Module Structure

SecureTraverser

Key Classes

Traversal Features

SELinux Filter

Key Classes

Tree Renderer

Rendering Features

Output Format

Data Flow

Security Design

Input Validation

Pattern Security

Subprocess Safety

Path Safety

Stripped Dangerous Characters

CLI Reference

Listing Options

Pattern Options

SELinux Options

Output Options

Exit Codes

Usage Examples

Troubleshooting

getfattr utility not found

SELinux is not enabled

Permission denied errors

Symlink loops

Large directory hangs

Timeout querying SELinux

Invalid SELinux pattern

Pattern not matching

Testing

Getting Help