audit2allow 命令

常用示例

说明

audit2allow generates SELinux policy allow rules from audit logs. It reads denial messages from the audit subsystem and creates type enforcement rules that would permit the denied operations. The tool can produce simple allow rules for quick troubleshooting or generate complete loadable policy modules with the -M option. When used with -R, it generates reference policy using standard macros, producing cleaner and more maintainable rules. It is typically used after audit2why has identified the root cause of denials.

参数

-a, --all

Read input from audit and message logs.

-b, --boot

Read input from audit messages since the last boot.

-d, --dmesg

Read input from dmesg output.

-i, --input _file_

Read input from the specified file.

-l, --lastreload

Read only AVC denials since the last policy reload.

-m, --module _name_

Generate module output (source, not packaged).

-M _name_

Generate a loadable policy module package (.pp).

-o, --output _file_

Append output to the given file.

-D, --dontaudit

Generate dontaudit rules instead of allow rules.

-R, --reference

Generate reference policy using installed interface macros.

-N, --noreference

Do not generate reference policy; use traditional allow rules.

-w, --why

Translate audit messages into a description of why access was denied.

-e, --explain

Fully explain the generated output.

-x, --xperms

Generate extended permission (ioctl) rules.

-t, --type _regex_

Filter output by type regular expression.

-C

Generate CIL (Common Intermediate Language) output.

-r, --requires

Generate require statements for loadable modules.

-v, --verbose

Enable verbose output.