semanage-dontaudit(8)semanage-dontaudit(8)NAME
semanage dontaudit- SELinux Policy Management dontaudit tool
SYNOPSIS
semanage dontaudit [-h] [-S STORE] [-N] {on,off}
DESCRIPTION
semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources.
semanage dontaudit toggles whether or not dontaudit rules will be in the policy. Policy writers use dontaudit rules to cause confined
applications to use alternative paths. Dontaudit rules are denied but not reported in the logs. Some times dontaudit rules can cause bugs
in applications but policy writers will not relize it since the AVC is not audited. Turning off dontaudit rules with this command to see
if the kernel is blocking an access.
OPTIONS -h, --help
show this help message and exit
-S STORE, --store STORE
Select an alternate SELinux Policy Store to manage
-N, --noreload
Do not reload the policy after commit
EXAMPLE
Turn off dontaudit rules
# semanage dontaudit off
SEE ALSO
selinux (8), semanage (8)
AUTHOR
This man page was written by Daniel Walsh <dwalsh@redhat.com>
20130617 semanage-dontaudit(8)
Check Out this Related Man Page
semanage(8)semanage(8)NAME
semanage - SELinux Policy Management tool
SYNOPSIS
semanage {import,export,login,user,port,interface,module,node,fcontext,boolean,permissive,dontaudit}
... positional arguments:
import Import local customizations
export Output local customizations
login Manage login mappings between linux users and SELinux confined users
user Manage SELinux confined users (Roles and levels for an SELinux user)
port Manage network port type definitions
interface Manage network interface type definitions
module Manage SELinux policy modules
node Manage network node type definitions
fcontext Manage file context mapping definitions
boolean Manage booleans to selectively enable functionality
permissive Manage process type enforcement mode
dontaudit Disable/Enable dontaudit rules in policy
DESCRIPTION
semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources.
This includes the mapping from Linux usernames to SELinux user identities (which controls the initial security context assigned to Linux
users when they login and bounds their authorized role set) as well as security context mappings for various kinds of objects, such as net-
work ports, interfaces, and nodes (hosts) as well as the file context mapping. See the EXAMPLES section below for some examples of common
usage. Note that the semanage login command deals with the mapping from Linux usernames (logins) to SELinux user identities, while the
semanage user command deals with the mapping from SELinux user identities to authorized role sets. In most cases, only the former mapping
needs to be adjusted by the administrator; the latter is principally defined by the base policy and usually does not require modification.
OPTIONS -h, --help
List help information
SEE ALSO
selinux (8), semanage-boolean (8), semanage-dontaudit (8), semanage-export (8), semanage-fcontext (8), semanage-import (8), semanage-inter-
face (8), semanage-login (8), semanage-module (8), semanage-node (8), semanage-permissive (8), semanage-port (8), semanage-user (8)
AUTHOR
This man page was written by Daniel Walsh <dwalsh@redhat.com>
and Russell Coker <rcoker@redhat.com>.
Examples by Thomas Bleher <ThomasBleher@gmx.de>. usage: semanage [-h]
20100223 semanage(8)
For the life of me, I cannot find semanage binary using a default install. I have the following packages installed. Any help is appreciated.
libsemanage-2.0.43-4.el6.i686
policycoreutils-2.0.82-32.el6.i686
current kernel: 2.6.32-44.1.el6.i686 (1 Reply)
Hello,
I have these S10 boxes with LACP using the L4 policy. Does the L4 policy create a lot more overhead as opposed to using the L2?
I'm noticing that my traffic does not seem to be very well load balanced accross the NIC's, and I am wondering if the policy I'm using has anything else to do... (1 Reply)
Discussion started by: BG_JrAdmin
1 Replies
5. Post Here to Contact Site Administrators and Moderators
I had a consultation request thread removed and a PM telling me to read the rules. I actually DID read the rules prior to the posting...gave pause on the headhunter/recruitment clause...decided that rule was for more permanent positions and went forward with the consultation request.
I... (0 Replies)