diff mbox series

[2/3] python/audit2allow: Add missing options to man page

Message ID 20230503120332.699464-3-vmojzis@redhat.com (mailing list archive)
State Superseded
Delegated to: Petr Lautrbach
Headers show
Series python: Improve man pages | expand

Commit Message

Vit Mojzis May 3, 2023, 12:03 p.m. UTC
---
 python/audit2allow/audit2allow.1 | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

Comments

James Carter May 3, 2023, 6:36 p.m. UTC | #1
On Wed, May 3, 2023 at 8:11 AM Vit Mojzis <vmojzis@redhat.com> wrote:
>
> ---
>  python/audit2allow/audit2allow.1 | 27 ++++++++++++++++++++++-----
>  1 file changed, 22 insertions(+), 5 deletions(-)
>
> diff --git a/python/audit2allow/audit2allow.1 b/python/audit2allow/audit2allow.1
> index 04ec3239..b7d30918 100644
> --- a/python/audit2allow/audit2allow.1
> +++ b/python/audit2allow/audit2allow.1
> @@ -40,26 +40,36 @@
>  Read input from audit and message log, conflicts with \-i
>  .TP
>  .B "\-b" | "\-\-boot"
> -Read input from audit messages since last boot conflicts with \-i
> +Read input from audit messages since last boot, conflicts with \-i
>  .TP
>  .B "\-d" | "\-\-dmesg"
> -Read input from output of
> +Read input from output of
>  .I /bin/dmesg.
>  Note that all audit messages are not available via dmesg when
>  auditd is running; use "ausearch \-m avc | audit2allow"  or "\-a" instead.
>  .TP
> +.B "\-\-debug"
> +Leave generated modules for -M

I know that this is what it says in the usage of audit2allow, but I
have no idea what it means or what "--debug" actually does.
Thanks,
Jim

> +.TP
>  .B "\-D" | "\-\-dontaudit"
>  Generate dontaudit rules (Default: allow)
>  .TP
> +.B "\-e" | "\-\-explain"
> +Fully explain generated output
> +.TP
>  .B "\-h" | "\-\-help"
>  Print a short usage message
>  .TP
>  .B "\-i  <inputfile>" | "\-\-input <inputfile>"
> -read input from
> +Read input from
>  .I <inputfile>
>  .TP
> +.B "\-\-interface-info=<interface_info_file>"
> +Read interface information from
> +.I <interface_info_file>
> +.TP
>  .B "\-l" | "\-\-lastreload"
> -read input only after last policy reload
> +Read input only after last policy reload
>  .TP
>  .B "\-m <modulename>" | "\-\-module <modulename>"
>  Generate module/require output <modulename>
> @@ -70,8 +80,12 @@ Generate loadable module package, conflicts with \-o
>  .B "\-p <policyfile>"  | "\-\-policy <policyfile>"
>  Policy file to use for analysis
>  .TP
> +.B "\-\-perm-map <perm_map_file>"
> +Read permission map from
> +.I <perm_map_file>
> +.TP
>  .B "\-o <outputfile>"  | "\-\-output <outputfile>"
> -append output to
> +Append output to
>  .I <outputfile>
>  .TP
>  .B "\-r" | "\-\-requires"
> @@ -85,6 +99,9 @@ This is the default behavior.
>  Generate reference policy using installed macros.
>  This attempts to match denials against interfaces and may be inaccurate.
>  .TP
> +.B "\-t <type_regex>" | "\-\-type=<type_regex>"
> +Only process messages with a type that matches this regex
> +.TP
>  .B "\-x" | "\-\-xperms"
>  Generate extended permission access vector rules
>  .TP
> --
> 2.40.0
>
diff mbox series

Patch

diff --git a/python/audit2allow/audit2allow.1 b/python/audit2allow/audit2allow.1
index 04ec3239..b7d30918 100644
--- a/python/audit2allow/audit2allow.1
+++ b/python/audit2allow/audit2allow.1
@@ -40,26 +40,36 @@ 
 Read input from audit and message log, conflicts with \-i
 .TP
 .B "\-b" | "\-\-boot"
-Read input from audit messages since last boot conflicts with \-i
+Read input from audit messages since last boot, conflicts with \-i
 .TP
 .B "\-d" | "\-\-dmesg"
-Read input from output of 
+Read input from output of
 .I /bin/dmesg.
 Note that all audit messages are not available via dmesg when
 auditd is running; use "ausearch \-m avc | audit2allow"  or "\-a" instead.
 .TP
+.B "\-\-debug"
+Leave generated modules for -M
+.TP
 .B "\-D" | "\-\-dontaudit"
 Generate dontaudit rules (Default: allow)
 .TP
+.B "\-e" | "\-\-explain"
+Fully explain generated output
+.TP
 .B "\-h" | "\-\-help"
 Print a short usage message
 .TP
 .B "\-i  <inputfile>" | "\-\-input <inputfile>"
-read input from 
+Read input from
 .I <inputfile>
 .TP
+.B "\-\-interface-info=<interface_info_file>"
+Read interface information from
+.I <interface_info_file>
+.TP
 .B "\-l" | "\-\-lastreload"
-read input only after last policy reload
+Read input only after last policy reload
 .TP
 .B "\-m <modulename>" | "\-\-module <modulename>"
 Generate module/require output <modulename>
@@ -70,8 +80,12 @@  Generate loadable module package, conflicts with \-o
 .B "\-p <policyfile>"  | "\-\-policy <policyfile>"
 Policy file to use for analysis
 .TP
+.B "\-\-perm-map <perm_map_file>"
+Read permission map from
+.I <perm_map_file>
+.TP
 .B "\-o <outputfile>"  | "\-\-output <outputfile>"
-append output to 
+Append output to
 .I <outputfile>
 .TP
 .B "\-r" | "\-\-requires"
@@ -85,6 +99,9 @@  This is the default behavior.
 Generate reference policy using installed macros.
 This attempts to match denials against interfaces and may be inaccurate.
 .TP
+.B "\-t <type_regex>" | "\-\-type=<type_regex>"
+Only process messages with a type that matches this regex
+.TP
 .B "\-x" | "\-\-xperms"
 Generate extended permission access vector rules
 .TP