| Dan Walsh | 1925e1e | 2013-10-11 08:34:44 -0400 | [diff] [blame] | 1 | .TH "semanage-dontaudit" "8" "20130617" "" "" |
| 2 | .SH "NAME" |
| Laurent Bigonville | 2e93833 | 2013-11-06 13:24:01 +0100 | [diff] [blame] | 3 | .B semanage\-dontaudit \- SELinux Policy Management dontaudit tool |
| Dan Walsh | 1925e1e | 2013-10-11 08:34:44 -0400 | [diff] [blame] | 4 | .SH "SYNOPSIS" |
| 5 | .B semanage dontaudit [\-h] [\-S STORE] [\-N] {on,off} |
| 6 | |
| 7 | .SH "DESCRIPTION" |
| 8 | semanage is used to configure certain elements of |
| 9 | SELinux policy without requiring modification to or recompilation |
| 10 | from policy sources. semanage dontaudit toggles whether or not dontaudit rules will be in the policy. Policy writers use dontaudit rules to cause |
| Philipp Gesang | c187f0b | 2016-05-27 17:13:21 +0200 | [diff] [blame] | 11 | confined applications to use alternative paths. Dontaudit rules are denied but not reported in the logs. Some times dontaudit rules can cause bugs in applications but policy writers will not realize it since the AVC is not audited. Turning off dontaudit rules with this command to see if the kernel is blocking an access. |
| Dan Walsh | 1925e1e | 2013-10-11 08:34:44 -0400 | [diff] [blame] | 12 | |
| 13 | .SH "OPTIONS" |
| 14 | .TP |
| 15 | .I \-h, \-\-help |
| 16 | show this help message and exit |
| 17 | .TP |
| 18 | .I \-S STORE, \-\-store STORE |
| 19 | Select an alternate SELinux Policy Store to manage |
| 20 | .TP |
| 21 | .I \-N, \-\-noreload |
| 22 | Do not reload the policy after commit |
| 23 | |
| 24 | .SH EXAMPLE |
| 25 | .nf |
| 26 | Turn off dontaudit rules |
| 27 | # semanage dontaudit off |
| 28 | |
| 29 | .SH "SEE ALSO" |
| Alan Jenkins | 62f0589 | 2017-01-11 12:41:09 +0000 | [diff] [blame] | 30 | .BR selinux (8), |
| 31 | .BR semanage (8) |
| Dan Walsh | 1925e1e | 2013-10-11 08:34:44 -0400 | [diff] [blame] | 32 | |
| 33 | .SH "AUTHOR" |
| 34 | This man page was written by Daniel Walsh <dwalsh@redhat.com> |