инструмент управления политиками SELinux dontaudit (SELinux Policy Management dontaudit tool)
Имя (Name)
semanage-dontaudit - SELinux Policy Management dontaudit tool
Синопсис (Synopsis)
semanage dontaudit [-h] [-S STORE] [-N] {on,off}
Описание (Description)
semanage is used to configure certain elements of SELinux policy
without requiring modification to or recompilation from policy
sources. semanage dontaudit toggles whether or not dontaudit
rules will be in the policy. Policy writers use dontaudit rules
to cause confined applications to use alternative paths.
Dontaudit rules are denied but not reported in the logs. Some
times dontaudit rules can cause bugs in applications but policy
writers will not realize it since the AVC is not audited.
Turning off dontaudit rules with this command to see if the
kernel is blocking an access.
Параметры (Options)
-h, --help
show this help message and exit
-S STORE, --store STORE
Select an alternate SELinux Policy Store to manage
-N, --noreload
Do not reload the policy after commit
Примеры (Examples)
Turn off dontaudit rules
# semanage dontaudit off
Смотри также (See also)
selinux(8), semanage(8)
