1FAPOLICYD-CLI(1) System Administration Utilities FAPOLICYD-CLI(1)
2
6 fapolicyd-cli - Fapolicyd CLI Tool
7
9 fapolicyd-cli [options]
10
12 The fapolicyd command line utility is a tool to tell the daemon that it
13 needs to update the trust database. Normally, the daemon learns that
14 the trust database needs updating because it uses a dnf plugin to in‐
15 form it. However, you may install an rpm by hand and it can't see that
16 a system package was installed or updated. Or perhaps the admin updates
17 the fapolicyd.trust file and would like the changes to take effect im‐
18 mediately. In either of these cases, you would need to tell the daemon
19 that it needs to do an update by running this command.
20
22 -h, --help
23 Prints a list of command line options.
24 --check-config
26 Opens fapolicyd.conf and parses it to see if there are any syn‐
27 tax errors in the file.
28 --check-watch_fs
30 Check the mounted file systems against the watch_fs daemon con‐
31 fig entry to determine if any file systems need to be added to
32 the configuration.
33 --check-trustdb
35 Check the trustdb against the files on disk to look for mis‐
36 matches that will cause problems at run time.
37 -d, --delete-db
39 Deletes the trust database. Normally this never needs to be
40 done. But if for some reason the trust database becomes cor‐
41 rupted, then the only method of recovery is to run this command.
42 -D, --dump-db
44 Dumps the trust db contents for inspection. This will print the
45 original trust source, path, file size, and SHA256 sum of the
46 file as known by the trust source the entry came from.
47 -f, --file add|delete|update [path]
49 Manage the file trust database.
50 add This command adds the file given by path to the
52 trust database. It gets the size and calculates the
53 required SHA256 hash. If the path is a directory, it
54 will walk the directory tree to the bottom and add
55 every regular file that it finds. By default, the
56 path is appended to the end of the fapolicyd.trust
57 file.
58 delete This command deletes all entries that match from the
60 trust database. It will try to match multiple en‐
61 tries so that entire directories can be deleted in
62 one command. To ensure that you only match a direc‐
63 tory and not a partial name, be sure to end with
64 '/'.
65 update This command updates the size and hash of any match‐
67 ing paths in the file trust database. If no path is
68 given, then all files are updated. If an argument is
69 passed, then only matching paths get updated. If the
70 intent is to match against a directory, ensure that
71 it ends with '/'.
72 --trust-file trust-file-name
74 Use after file option. Makes every command of file option oper‐
75 ate on a single trust file named trust-file-name that is located
76 inside trust.d directory. If a trust file with such a name does
77 not exist inside trust.d directory, it is created.
78 -t, --ftype /path/to/file
80 Prints the mime type of the file given. A full path must be
81 specified. This command is intended to help get the ftype param‐
82 eter of rules correct by seeing how fapolicyd will classify it.
83 Fapolicyd may differ from the file command.
84 -l, --list
86 Prints a listing of the fapolicyd rules file with a rule number
87 to aid in troubleshooting or understanding of the debug mes‐
88 sages.
89 -u, --update
91 Notifies fapolicyd to perform an update of the trust database.
92
94 fapolicyd(8), fapolicyd.rules(5), fapolicyd.trust(5), and fapoli‐
95 cyd.conf(5)
96
99 Zoltan Fridrich
100Red Hat Dec 2021 FAPOLICYD-CLI(1)