audit2allow

From RaySoft

This utility scans the logs for messages logged when the system denied permission for operations, and generates a snippet of policy rules which, if loaded into policy, might have allowed those operations to succeed. However, this utility only generates Type Enforcement (TE) allow rules. Certain permission denials may require other kinds of policy changes, e.g. adding an attribute to a type declaration to satisfy an existing constraint, adding a role allow rule, or modifying a constraint.[1]

Documentation

Syntax

audit2allow [PARAMETER ...]

Parameters

-m MODULE, --module=MODULE
Generate module/require output MODULE.
-M MODULE; --module-package=MODULE
Generate loadable MODULE package, conflicts with -o.

Examples

Add a SELinux policy to allow a Traefik container to read from /var/run/docker.sock

Scan the log file and report all discovered SELinux issues: 

sealert --analyze '/var/log/audit/audit.log'

Create a SELinux policy for the Traefik container: 

ausearch --comm 'traefik' --raw | audit2allow --module-package='my-traefik'

Install the SELinux policy for the Traefik container: 

semodule --install='my-traefik'

References

  1. man 1 'audit2allow'
Retrieved from "https://www.raysoft.ch/w/index.php?title=audit2allow&oldid=41833"