7.3.8. Allowing Access: audit2allow
Do not use the example in this section in production. It is used only to demonstrate the use of
manual page: "
- generate SELinux policy allow rules from logs of denied operations"
. After analyzing denials as per Section 7.3.7, “sealert Messages”
, and if no label changes or Booleans allowed access, use
to create a local policy module. After access is denied by SELinux, running the
command presents Type Enforcement rules that allow the previously denied access.
If you have multiple denials from multiple processes, but only want to create a custom policy for a single process, use the
grep command to narrow down the input for
audit2allow. The following example demonstrates using
grep to only send denials related to