1FAPOLICYD(8)            System Administration Utilities           FAPOLICYD(8)
2
3
4

NAME

6       fapolicyd - File Access Policy Daemon
7

SYNOPSIS

9       fapolicyd [options]
10

DESCRIPTION

12       fapolicyd  is a userspace daemon that determines access rights to files
13       based on attributes of the process and file. It can be used  to  either
14       blacklist or whitelist processes or file access.
15
16       Configuring  fapolicyd is done with the files in /etc/fapolicyd/. There
17       are two files, fapolicyd.rules and fapolicyd.mounts
18        . The first one sets the access rights and the second  one  determines
19       which partitions to watch.
20

OPTIONS

22       --debug
23              leave the daemon in the foreground for debugging. Event informa‐
24              tion is written to  stderr  so  that  policy  decisions  can  be
25              observed.
26
27       --debug-deny
28              leave the daemon in the foreground for debugging. Event informa‐
29              tion is written to stderr only when  the  decision  is  to  deny
30              access.
31
32       --permissive
33              the daemon will allow file access regardless of the policy deci‐
34              sion. This is useful for debugging rules before making them per‐
35              manent.
36
37       --boost NN
38              increase the daemon's scheduling priority by this much. The num‐
39              ber should be positive and less than or equal to 20. The default
40              boost is 10.
41
42       --queue NNNN
43              the  internal  queue of pending decisions is set by this number.
44              It should be a positive number. The default size is 1024.
45
46       --user NN
47              run as a particular user rather than root. This  may  either  be
48              numeric or a user name from the passwd database.
49
50       --group NN
51              run  using  a particular group rather than root. This may either
52              be numeric or a user name from the passwd database.
53
54       --no-details
55              when fapolicyd ends, it dumps a usage report with  various  sta‐
56              tistics  that  may be useful for tuning performance. It can also
57              detail which processes it knew about and files being accessed by
58              them.  This  can be useful for forensics investigations. In some
59              settings, this may not be desirable as the  file  names  may  be
60              sensitive.  Using  this  option  removes  process and file names
61              leaving only the statistics. The  default  without  giving  this
62              option is to generate a full report.
63

SIGNALS

65       SIGTERM
66              caused fapolicyd to discontinue processing events and exit.
67
68

NOTES

70       To  get  audit  events, you must have auditing enabled and at least one
71       systemcall rule loaded. Otherwise you will not get any events.
72
73

FILES

75       /etc/fapolicyd/fapolicyd.conf - daemon configuration
76
77       /etc/fapolicyd/fapolicyd.rules - access control rules
78
79       /etc/fapolicyd/fapolicyd.mounts - lists partitions to control access to
80
81       /var/log/fapolicyd-access.log  -  information  about  what  was   being
82       accessed.
83
84

SEE ALSO

86       fapolicyd.rules(5) and fapolicyd.conf(5)
87
88

AUTHOR

90       Steve Grubb
91
92
93
94Red Hat                            June 2018                      FAPOLICYD(8)
Impressum