audit2allow

Generate allow rules

$ sudo audit2allow -a

$ sudo audit2allow -i /var/log/audit/audit.log

$ sudo audit2allow -a -M my_module

$ sudo audit2allow -a --why

$ sudo audit2allow -a -R

$ sudo ausearch -m avc -c httpd | audit2allow -M httpd_policy

audit2allow [OPTIONS]

audit2allow generates SELinux policy allow rules from audit logs. It reads denial messages from the audit subsystem and creates type enforcement rules that would permit the denied operations.
The tool can produce simple allow rules for quick troubleshooting or generate complete loadable policy modules with the -M option. When used with -R, it generates reference policy using standard macros, producing cleaner and more maintainable rules. It is typically used after audit2why has identified the root cause of denials.

-a, --all

Read input from audit log

Read input from specified file

Generate loadable policy module

Explain why denials occurred

Show detailed information about denials

Generate reference policy using macros

Enable verbose output

Generated policies should be reviewed before installation. Blindly allowing all denials can create security vulnerabilities. Use audit2why first to understand why denials occurred.

audit2allow is part of policycoreutils-python-utils, providing SELinux policy development tools.

audit2why(1), ausearch(8), semodule(8)