Menu :

TL;DR

audit2allow

Create an SELinux local policy module to allow rules based on denied operations found in logs. Note: Use audit2allow with caution—always review the generated policy before applying it, as it may allow excessive access. More information: https://manned.org/audit2allow.

Generate a local policy to allow access for all denied services:

sudo audit2allow --all -M local_policy_name

Generate a local policy module to grant access to a specific process/service/command from the audit logs:

sudo grep apache2 /var/log/audit/audit.log | sudo audit2allow -M local_policy_name

Inspect and review the Type Enforcement (.te) file for a local policy:

vim local_policy_name.te

Install a local policy module:

sudo semodule -i local_policy_name.pp

This document was created using the contents of the tldr project.

a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
others