7.1 Adding policy to existing policy

Next: 7.2 Configuring vsftpd Up: 7 Example Previous: 7 Example Contents

7.1 Adding policy to existing policy

You can generate simplified policy like audit2allow by audit2spdl utility. Typical usage is following.

$ su - (select sysadm_r)
# audit2spdl -a -l -v

Then, policy is outputted to console. Make sure whether everything is correct. Then, when you want to add policy to file,

# cd  /etc/selinux/seedit/src/policy/
# audit2spdl -a -l -o ./simplified_policy
# make diffrelabel

When you are not running auditd, use -d option instead of -a option. However, file path for allow rule is sometimes incorrect in -d option. So it is recommended to enable auditd.
Notice: audit2spdl is still in progress. For some log, audit2spdl can not output configuration. Please tell me if you find problem.

2006-02-27