1FAPOLICYD(8) System Administration Utilities FAPOLICYD(8)
2
3
4
6 fapolicyd - File Access Policy Daemon
7
9 fapolicyd [options]
10
12 fapolicyd is a userspace daemon that determines access rights to files
13 based on attributes of the process and file. It can be used to either
14 blacklist or whitelist processes or file access.
15
16 Configuring fapolicyd is done with the files in /etc/fapolicyd/. There
17 are two files, fapolicyd.rules and fapolicyd.mounts
18 . The first one sets the access rights and the second one determines
19 which partitions to watch.
20
22 --debug
23 leave the daemon in the foreground for debugging. Event informa‐
24 tion is written to stderr so that policy decisions can be
25 observed.
26
27 --debug-deny
28 leave the daemon in the foreground for debugging. Event informa‐
29 tion is written to stderr only when the decision is to deny
30 access.
31
32 --permissive
33 the daemon will allow file access regardless of the policy deci‐
34 sion. This is useful for debugging rules before making them per‐
35 manent.
36
37 --boost NN
38 increase the daemon's scheduling priority by this much. The num‐
39 ber should be positive and less than or equal to 20. The default
40 boost is 10.
41
42 --queue NNNN
43 the internal queue of pending decisions is set by this number.
44 It should be a positive number. The default size is 1024.
45
46 --user NN
47 run as a particular user rather than root. This may either be
48 numeric or a user name from the passwd database.
49
50 --group NN
51 run using a particular group rather than root. This may either
52 be numeric or a user name from the passwd database.
53
54 --no-details
55 when fapolicyd ends, it dumps a usage report with various sta‐
56 tistics that may be useful for tuning performance. It can also
57 detail which processes it knew about and files being accessed by
58 them. This can be useful for forensics investigations. In some
59 settings, this may not be desirable as the file names may be
60 sensitive. Using this option removes process and file names
61 leaving only the statistics. The default without giving this
62 option is to generate a full report.
63
65 SIGTERM
66 caused fapolicyd to discontinue processing events and exit.
67
68
70 To get audit events, you must have auditing enabled and at least one
71 systemcall rule loaded. Otherwise you will not get any events.
72
73
75 /etc/fapolicyd/fapolicyd.conf - daemon configuration
76
77 /etc/fapolicyd/fapolicyd.rules - access control rules
78
79 /etc/fapolicyd/fapolicyd.mounts - lists partitions to control access to
80
81 /var/log/fapolicyd-access.log - information about what was being
82 accessed.
83
84
86 fapolicyd.rules(5) and fapolicyd.conf(5)
87
88
90 Steve Grubb
91
92
93
94Red Hat June 2018 FAPOLICYD(8)