• Home
  • Raw
  • Download

Lines Matching +full:- +full:- +full:reload +full:- +full:rules

1 .\" Hey, Emacs! This is an -*- nroff -*- source file.
29 \- generate SELinux policy allow/dontaudit rules from logs of denied operations
32 \- translates SELinux audit messages into a description of why the access was denied (audit2allow \
39 .B "\-a" | "\-\-all"
40 Read input from audit and message log, conflicts with \-i
42 .B "\-b" | "\-\-boot"
43 Read input from audit messages since last boot conflicts with \-i
45 .B "\-d" | "\-\-dmesg"
49 auditd is running; use "ausearch \-m avc | audit2allow"  or "\-a" instead.
51 .B "\-D" | "\-\-dontaudit"
52 Generate dontaudit rules (Default: allow)
54 .B "\-h" | "\-\-help"
57 .B "\-i  <inputfile>" | "\-\-input <inputfile>"
61 .B "\-l" | "\-\-lastreload"
62 read input only after last policy reload
64 .B "\-m <modulename>" | "\-\-module <modulename>"
67 .B "\-M <modulename>" 
68 Generate loadable module package, conflicts with \-o
70 .B "\-p <policyfile>"  | "\-\-policy <policyfile>"
73 .B "\-o <outputfile>"  | "\-\-output <outputfile>"
77 .B "\-r" | "\-\-requires"
80 .B "\-N" | "\-\-noreference"
81 Do not generate reference policy, traditional style allow rules.
84 .B "\-R" | "\-\-reference"
88 .B "\-x" | "\-\-xperms"
89 Generate extended permission access vector rules
91 .B "\-w" | "\-\-why"
95 .B "\-v" | "\-\-verbose"
101 permission for operations, and generates a snippet of policy rules
104 rules.  Certain permission denials may require other kinds of policy changes,
129 $ cat /var/log/audit/audit.log | audit2allow \-m local > local.te
147 $ cat /var/log/audit/audit.log | audit2allow \-R \-m local > local.te
166 $ make \-f /usr/share/selinux/devel/Makefile local.pp
175 $ semodule \-i local.pp
180 $ checkmodule \-M \-m \-o local.mod local.te
183 $ semodule_package \-o local.pp \-m local.mod
186 $ semodule \-i local.pp
190 $ cat /var/log/audit/audit.log | audit2allow \-M local
193 Compiling policy: checkmodule \-M \-m \-o local.mod local.te
194 Building package: semodule_package \-o local.pp \-m local.mod
201 semodule \-i local.pp
203 .B Using audit2allow to generate monolithic (non\-module) policy