Difference between revisions of "Audit2allowRecipe"

From SELinux Wiki
Jump to: navigation, search
(New page: If you are getting denied access for something you believe should be allowed you can add rules to your policy with audit2allow. First, find out if you are running auditd, you can do this ...)
 
m (add -l to audit2allow call)
Line 13: Line 13:
 
If you have previously used a module name you'll want to choose a new name. For example, if you run this once with -M local you'll want to use a different name next time, like -M local2.
 
If you have previously used a module name you'll want to choose a new name. For example, if you run this once with -M local you'll want to use a different name next time, like -M local2.
  
  [root@localhost ~]# audit2allow -a -M local
+
  [root@localhost ~]# audit2allow -l -a -M local
 
  ******************** IMPORTANT ***********************
 
  ******************** IMPORTANT ***********************
 
  To make this policy package active, execute:
 
  To make this policy package active, execute:

Revision as of 15:04, 29 September 2009

If you are getting denied access for something you believe should be allowed you can add rules to your policy with audit2allow.

First, find out if you are running auditd, you can do this with ps:

[root@localhost ~]# ps -ef | grep auditd
root        69     2  0 Sep26 ?        00:00:00 [kauditd]
root      1159     1  0 Sep26 ?        00:00:00 auditd

If you see auditd running, as above, you'll want to use the -a option with audit2allow, else you'll use the -d option.

The -l option only reads denials since the last policy reload and the -M option lets you create a module to add the rule to.

If you have previously used a module name you'll want to choose a new name. For example, if you run this once with -M local you'll want to use a different name next time, like -M local2.

[root@localhost ~]# audit2allow -l -a -M local
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i local.pp

You can take a look at the rules that will be added in local.te, and if you are satisfied you can run semodule -i local.pp as above.