audit2allow: add page

pages/linux/audit2allow.md

@@ -0,0 +1,38 @@
+# audit2allow
+
+> Generate SELinux policy allow rules from audit logs.
+> Part of the `policycoreutils-python-utils` package.
+> See also: `audit2why`, `ausearch`, `semodule`.
+> More information: <https://manned.org/audit2allow>.
+
+- Generate allow rules from recent audit denials and display them:
+
+`sudo audit2allow {{[-a|--all]}}`
+
+- Generate allow rules from a specific audit log file:
+
+`sudo audit2allow {{[-i|--input]}} {{path/to/audit.log}}`
+
+- Generate a policy module from recent audit denials:
+
+`sudo audit2allow {{[-a|--all]}} {{[-M|--module]}} {{module_name}}`
+
+- Explain why SELinux denials occurred (same as `audit2why`):
+
+`sudo audit2allow {{[-a|--all]}} --why`
+
+- Display detailed information around generated messages:
+
+`sudo audit2allow {{[-a|--all]}} {{[-e|--explain]}}`
+
+- Use installed macros to generate a reference policy:
+
+`sudo audit2allow {{[-a|--all]}} {{[-R|--reference]}}`
+
+- Generate allow rules for a specific service:
+
+`sudo ausearch {{[-m|--message]}} avc {{[-c|--comm]}} {{service_name}} | audit2allow {{[-M|--module]}} {{policy_name}}`
+
+- Enable verbose output mode:
+
+`sudo audit2allow {{[-a|--all]}} {{[-v|--verbose]}}`