commands.sh

audit2allow

linux

Generate SELinux policy allow rules from audit logs. Part of the `policycoreutils-python-utils` package. See also: `audit2why`, `ausearch`, `semodule`.

More info →

Options (8)

-a, --allboolean

Generate allow rules from recent audit denials and display them

Example: sudo audit2allow {{[-a|--all]}}
-i, --inputboolean

Generate allow rules from a specific audit log file

Example: sudo audit2allow {{[-i|--input]}} {{path/to/audit.log}}
-M, --moduleboolean

Generate a policy module from recent audit denials

Example: sudo audit2allow {{[-a|--all]}} {{[-M|--module]}} {{module_name}}
-e, --explainboolean

Display detailed information around generated messages

Example: sudo audit2allow {{[-a|--all]}} {{[-e|--explain]}}
-R, --referenceboolean

Use installed macros to generate a reference policy

Example: sudo audit2allow {{[-a|--all]}} {{[-R|--reference]}}
-m, --messageboolean

Generate allow rules for a specific service

Example: sudo ausearch {{[-m|--message]}} avc {{[-c|--comm]}} {{service_name}} | audit2allow {{[-M|--module]}} {{policy_name}}
-c, --commboolean

Generate allow rules for a specific service

Example: sudo ausearch {{[-m|--message]}} avc {{[-c|--comm]}} {{service_name}} | audit2allow {{[-M|--module]}} {{policy_name}}
-v, --verboseboolean

Enable verbose output mode

Example: sudo audit2allow {{[-a|--all]}} {{[-v|--verbose]}}

Examples (8)

Generate allow rules from recent audit denials and display them

sudo audit2allow [-a|--all]

Generate allow rules from a specific audit log file

sudo audit2allow [-i|--input] path/to/audit.log

Generate a policy module from recent audit denials

sudo audit2allow [-a|--all] [-M|--module] module_name

Explain why SELinux denials occurred (same as `audit2why`)

sudo audit2allow [-a|--all] --why

Display detailed information around generated messages

sudo audit2allow [-a|--all] [-e|--explain]

Use installed macros to generate a reference policy

sudo audit2allow [-a|--all] [-R|--reference]

Generate allow rules for a specific service

sudo ausearch [-m|--message] avc [-c|--comm] service_name | audit2allow [-M|--module] policy_name

Enable verbose output mode

sudo audit2allow [-a|--all] [-v|--verbose]
made by @shridhargupta | data from tldr-pages