Jump to content

audit2allow

From RaySoft

This utility scans the logs for messages logged when the system denied permission for operations, and generates a snippet of policy rules which, if loaded into policy, might have allowed those operations to succeed. However, this utility only generates Type Enforcement (TE) allow rules. Certain permission denials may require other kinds of policy changes, e.g. adding an attribute to a type declaration to satisfy an existing constraint, adding a role allow rule, or modifying a constraint.[1]

Documentation

Syntax

audit2allow [PARAMETER ...]

Parameters

-m MODULE, --module=MODULE
Generate module/require output MODULE.
-M MODULE; --module-package=MODULE
Generate loadable MODULE package, conflicts with -o.

References

  1. man 1 'audit2allow'
Retrieved from "https://www.raysoft.ch/w/index.php?title=audit2allow&oldid=44782"