semanage-dontaudit(8) [centos man page]

semanage-dontaudit(8)													     semanage-dontaudit(8)

NAME

       semanage dontaudit- SELinux Policy Management dontaudit tool

SYNOPSIS

       semanage dontaudit [-h] [-S STORE] [-N] {on,off}

DESCRIPTION

       semanage  is  used  to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources.
       semanage dontaudit toggles whether or not dontaudit rules will be in the policy.  Policy writers use  dontaudit	rules  to  cause  confined
       applications to use alternative paths.  Dontaudit rules are denied but not reported in the logs.  Some times dontaudit rules can cause bugs
       in applications but policy writers will not relize it since the AVC is not audited.  Turning off dontaudit rules with this command  to  see
       if the kernel is blocking an access.

OPTIONS

       -h, --help
	      show this help message and exit

       -S STORE, --store STORE
	      Select an alternate SELinux Policy Store to manage

       -N, --noreload
	      Do not reload the policy after commit

EXAMPLE

       Turn off dontaudit rules
       # semanage dontaudit off

SEE ALSO

       selinux (8), semanage (8)

AUTHOR

       This man page was written by Daniel Walsh <dwalsh@redhat.com>

								     20130617						     semanage-dontaudit(8)

semanage(8)															       semanage(8)

NAME

       semanage - SELinux Policy Management tool

SYNOPSIS

       semanage {import,export,login,user,port,interface,module,node,fcontext,boolean,permissive,dontaudit}
		       ...  positional arguments:

       import Import local customizations

       export Output local customizations

       login Manage login mappings between linux users and SELinux confined users

       user Manage SELinux confined users (Roles and levels for an SELinux user)

       port Manage network port type definitions

       interface Manage network interface type definitions

       module Manage SELinux policy modules

       node Manage network node type definitions

       fcontext Manage file context mapping definitions

       boolean Manage booleans to selectively enable functionality

       permissive Manage process type enforcement mode

       dontaudit Disable/Enable dontaudit rules in policy

DESCRIPTION

       semanage  is  used  to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources.
       This includes the mapping from Linux usernames to SELinux user identities (which controls the initial security context  assigned  to  Linux
       users when they login and bounds their authorized role set) as well as security context mappings for various kinds of objects, such as net-
       work ports, interfaces, and nodes (hosts) as well as the file context mapping. See the EXAMPLES section below for some examples	of  common
       usage.	Note  that  the  semanage login command deals with the mapping from Linux usernames (logins) to SELinux user identities, while the
       semanage user command deals with the mapping from SELinux user identities to authorized role sets.  In most cases, only the former  mapping
       needs to be adjusted by the administrator; the latter is principally defined by the base policy and usually does not require modification.

OPTIONS

       -h, --help
	      List help information

SEE ALSO

       selinux (8), semanage-boolean (8), semanage-dontaudit (8), semanage-export (8), semanage-fcontext (8), semanage-import (8), semanage-inter-
       face (8), semanage-login (8), semanage-module (8), semanage-node (8), semanage-permissive (8), semanage-port (8), semanage-user (8)

AUTHOR

       This man page was written by Daniel Walsh <dwalsh@redhat.com>
       and Russell Coker <rcoker@redhat.com>.
       Examples by Thomas Bleher <ThomasBleher@gmx.de>.  usage: semanage [-h]

								     20100223							       semanage(8)