semanage-dontaudit(8)semanage-dontaudit(8)NAME
semanage dontaudit- SELinux Policy Management dontaudit tool
SYNOPSIS
semanage dontaudit [-h] [-S STORE] [-N] {on,off}
DESCRIPTION
semanage is used to configure certain elements of SELinux policy with‐
out requiring modification to or recompilation from policy sources.
semanage dontaudit toggles whether or not dontaudit rules will be in
the policy. Policy writers use dontaudit rules to cause confined
applications to use alternative paths. Dontaudit rules are denied but
not reported in the logs. Some times dontaudit rules can cause bugs in
applications but policy writers will not relize it since the AVC is not
audited. Turning off dontaudit rules with this command to see if the
kernel is blocking an access.
OPTIONS-h, --help
show this help message and exit
-S STORE, --store STORE
Select an alternate SELinux Policy Store to manage
-N, --noreload
Do not reload the policy after commit
EXAMPLE
Turn off dontaudit rules
# semanage dontaudit off
SEE ALSO
selinux (8), semanage (8)
AUTHOR
This man page was written by Daniel Walsh <dwalsh@redhat.com>
20130617 semanage-dontaudit(8)