SELinux tips and hacks

BASH Functions To Manipulate selinux Policy

function chkaudit {
GETENFORCE="$(which getenforce)"
if [ "$EUID" != "0" ] || [ "$USER" != "root" ]
then
echo "chkaudit must be run as root."
else
if [ -e "$GETENFORCE" ]
then
CHK="$($GETENFORCE)"
if [[ $CHK == "Enforcing" ]]
then
AUDIT="$(locate audit.log | grep /audit.log$)"
A2A="$(which audit2allow)"
echo "Checking $AUDIT for violations..."
$A2A < $AUDIT
fi
fi
fi
}

function mkpolicy {
GETENFORCE="$(which getenforce)"
if [ "$EUID" != "0" ] || [ "$USER" != "root" ]
then
echo "mkpolicy must be run as root."
else
if [ -e "$GETENFORCE" ]
then
CHK="$($GETENFORCE)"
if [[ $CHK == "Enforcing" ]]
then
AUDIT="$(locate audit.log | grep /audit.log$)"
A2A="$(which audit2allow)"
echo "Updating SELinux policy..."
$A2A -M local < $AUDIT
fi
fi
fi
}