Audit2allowRecipe

From SELinux Wiki
Revision as of 14:52, 29 September 2009 by JoshuaBrindle (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

If you are getting denied access for something you believe should be allowed you can add rules to your policy with audit2allow.

First, find out if you are running auditd, you can do this with ps:

[root@localhost ~]# ps -ef | grep auditd
root        69     2  0 Sep26 ?        00:00:00 [kauditd]
root      1159     1  0 Sep26 ?        00:00:00 auditd

If you see auditd running, as above, you'll want to use the -a option with audit2allow, else you'll use the -d option.

The -l option only reads denials since the last policy reload and the -M option lets you create a module to add the rule to.

If you have previously used a module name you'll want to choose a new name. For example, if you run this once with -M local you'll want to use a different name next time, like -M local2.

[root@localhost ~]# audit2allow -a -M local
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i local.pp

You can take a look at the rules that will be added in local.te, and if you are satisfied you can run semodule -i local.pp as above.