| Message ID | 20230503120332.699464-3-vmojzis@redhat.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Petr Lautrbach |
| Headers | show |
| Series | python: Improve man pages | expand |
On Wed, May 3, 2023 at 8:11 AM Vit Mojzis <vmojzis@redhat.com> wrote: > > --- > python/audit2allow/audit2allow.1 | 27 ++++++++++++++++++++++----- > 1 file changed, 22 insertions(+), 5 deletions(-) > > diff --git a/python/audit2allow/audit2allow.1 b/python/audit2allow/audit2allow.1 > index 04ec3239..b7d30918 100644 > --- a/python/audit2allow/audit2allow.1 > +++ b/python/audit2allow/audit2allow.1 > @@ -40,26 +40,36 @@ > Read input from audit and message log, conflicts with \-i > .TP > .B "\-b" | "\-\-boot" > -Read input from audit messages since last boot conflicts with \-i > +Read input from audit messages since last boot, conflicts with \-i > .TP > .B "\-d" | "\-\-dmesg" > -Read input from output of > +Read input from output of > .I /bin/dmesg. > Note that all audit messages are not available via dmesg when > auditd is running; use "ausearch \-m avc | audit2allow" or "\-a" instead. > .TP > +.B "\-\-debug" > +Leave generated modules for -M I know that this is what it says in the usage of audit2allow, but I have no idea what it means or what "--debug" actually does. Thanks, Jim > +.TP > .B "\-D" | "\-\-dontaudit" > Generate dontaudit rules (Default: allow) > .TP > +.B "\-e" | "\-\-explain" > +Fully explain generated output > +.TP > .B "\-h" | "\-\-help" > Print a short usage message > .TP > .B "\-i <inputfile>" | "\-\-input <inputfile>" > -read input from > +Read input from > .I <inputfile> > .TP > +.B "\-\-interface-info=<interface_info_file>" > +Read interface information from > +.I <interface_info_file> > +.TP > .B "\-l" | "\-\-lastreload" > -read input only after last policy reload > +Read input only after last policy reload > .TP > .B "\-m <modulename>" | "\-\-module <modulename>" > Generate module/require output <modulename> > @@ -70,8 +80,12 @@ Generate loadable module package, conflicts with \-o > .B "\-p <policyfile>" | "\-\-policy <policyfile>" > Policy file to use for analysis > .TP > +.B "\-\-perm-map <perm_map_file>" > +Read permission map from > +.I <perm_map_file> > +.TP > .B "\-o <outputfile>" | "\-\-output <outputfile>" > -append output to > +Append output to > .I <outputfile> > .TP > .B "\-r" | "\-\-requires" > @@ -85,6 +99,9 @@ This is the default behavior. > Generate reference policy using installed macros. > This attempts to match denials against interfaces and may be inaccurate. > .TP > +.B "\-t <type_regex>" | "\-\-type=<type_regex>" > +Only process messages with a type that matches this regex > +.TP > .B "\-x" | "\-\-xperms" > Generate extended permission access vector rules > .TP > -- > 2.40.0 >
diff --git a/python/audit2allow/audit2allow.1 b/python/audit2allow/audit2allow.1 index 04ec3239..b7d30918 100644 --- a/python/audit2allow/audit2allow.1 +++ b/python/audit2allow/audit2allow.1 @@ -40,26 +40,36 @@ Read input from audit and message log, conflicts with \-i .TP .B "\-b" | "\-\-boot" -Read input from audit messages since last boot conflicts with \-i +Read input from audit messages since last boot, conflicts with \-i .TP .B "\-d" | "\-\-dmesg" -Read input from output of +Read input from output of .I /bin/dmesg. Note that all audit messages are not available via dmesg when auditd is running; use "ausearch \-m avc | audit2allow" or "\-a" instead. .TP +.B "\-\-debug" +Leave generated modules for -M +.TP .B "\-D" | "\-\-dontaudit" Generate dontaudit rules (Default: allow) .TP +.B "\-e" | "\-\-explain" +Fully explain generated output +.TP .B "\-h" | "\-\-help" Print a short usage message .TP .B "\-i <inputfile>" | "\-\-input <inputfile>" -read input from +Read input from .I <inputfile> .TP +.B "\-\-interface-info=<interface_info_file>" +Read interface information from +.I <interface_info_file> +.TP .B "\-l" | "\-\-lastreload" -read input only after last policy reload +Read input only after last policy reload .TP .B "\-m <modulename>" | "\-\-module <modulename>" Generate module/require output <modulename> @@ -70,8 +80,12 @@ Generate loadable module package, conflicts with \-o .B "\-p <policyfile>" | "\-\-policy <policyfile>" Policy file to use for analysis .TP +.B "\-\-perm-map <perm_map_file>" +Read permission map from +.I <perm_map_file> +.TP .B "\-o <outputfile>" | "\-\-output <outputfile>" -append output to +Append output to .I <outputfile> .TP .B "\-r" | "\-\-requires" @@ -85,6 +99,9 @@ This is the default behavior. Generate reference policy using installed macros. This attempts to match denials against interfaces and may be inaccurate. .TP +.B "\-t <type_regex>" | "\-\-type=<type_regex>" +Only process messages with a type that matches this regex +.TP .B "\-x" | "\-\-xperms" Generate extended permission access vector rules .TP