TechQA.

Selinux must need auditing support? Can audit2allow be used instead?

379 views Asked by At

I have seen that selinux need to enable auditing support. I want to know the difference between audit and audit2allow, can I just use audit2allow instead of audit? It seems that no audit support in android code, only audit2allow.

For the audit, I mean the audit package at http://people.redhat.com/sgrubb/audit/.

audit selinux auditing audit-trail libselinux
Original Q&A
1

There are 1 answers

0
admirableadmin On BEST ANSWER

audit is a daemon, which log denied access (AVC) into /var/log/audit/audit.log

audit2allow is a user-tool to transfer AVP-log into a SELinux-Policy.

examples:

  • show reason for denied access: cat audit.log | audit2why
  • create SELinux-Policy foo.pp: cat audit.log | audit2allow -M foo

Related Questions in AUDIT

Related Questions in SELINUX

Related Questions in AUDITING

Related Questions in AUDIT-TRAIL

Related Questions in LIBSELINUX

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions