1FAPOLICYD-CLI(1) System Administration Utilities FAPOLICYD-CLI(1)
2
6 fapolicyd-cli - Fapolicyd CLI Tool
7
9 fapolicyd-cli [options]
10
12 The fapolicyd command line utility is a tool to tell the daemon that it
13 needs to update the trust database. Normally, the daemon learns that
14 the trust database needs updating because it uses a dnf plugin to in‐
15 form it. However, you may install an rpm by hand and it can't see that
16 a system package was installed or updated. Or perhaps the admin updates
17 the fapolicyd.trust file and would like the changes to take effect im‐
18 mediately. In either of these cases, you would need to tell the daemon
19 that it needs to do an update by running this command.
20
22 -h, --help
23 Prints a list of command line options.
24 --check-config
26 Opens fapolicyd.conf and parses it to see if there are any syn‐
27 tax errors in the file.
28 --check-path
30 Check the PATH environmental variable against the trustdb to
31 look for file not in the trustdb which could cause problems at
32 run time.
33 --check-status
35 Dump the daemon's internal performance statistics.
36 --check-trustdb
38 Check the trustdb against the files on disk to look for mis‐
39 matches that will cause problems at run time.
40 --check-watch_fs
42 Check the mounted file systems against the watch_fs daemon con‐
43 fig entry to determine if any file systems need to be added to
44 the configuration.
45 -d, --delete-db
47 Deletes the trust database. Normally this never needs to be
48 done. But if for some reason the trust database becomes cor‐
49 rupted, then the only method of recovery is to run this command.
50 -D, --dump-db
52 Dumps the trust db contents for inspection. This will print the
53 original trust source, path, file size, and SHA256 sum of the
54 file as known by the trust source the entry came from.
55 -f, --file add|delete|update [path]
57 Manage the file trust database.
58 add This command adds the file given by path to the
60 trust database. It gets the size and calculates the
61 required SHA256 hash. If the path is a directory, it
62 will walk the directory tree to the bottom and add
63 every regular file that it finds. By default, the
64 path is appended to the end of the fapolicyd.trust
65 file.
66 delete This command deletes all entries that match from the
68 trust database. It will try to match multiple en‐
69 tries so that entire directories can be deleted in
70 one command. To ensure that you only match a direc‐
71 tory and not a partial name, be sure to end with
72 '/'.
73 update This command updates the size and hash of any match‐
75 ing paths in the file trust database. If no path is
76 given, then all files are updated. If an argument is
77 passed, then only matching paths get updated. If the
78 intent is to match against a directory, ensure that
79 it ends with '/'.
80 --trust-file trust-file-name
82 Use after file option. Makes every command of file option oper‐
83 ate on a single trust file named trust-file-name that is located
84 inside trust.d directory. If a trust file with such a name does
85 not exist inside trust.d directory, it is created.
86 -t, --ftype /path/to/file
88 Prints the mime type of the file given. A full path must be
89 specified. This command is intended to help get the ftype param‐
90 eter of rules correct by seeing how fapolicyd will classify it.
91 Fapolicyd may differ from the file command.
92 -l, --list
94 Prints a listing of the fapolicyd rules file with a rule number
95 to aid in troubleshooting or understanding of the debug mes‐
96 sages.
97 -u, --update
99 Notifies fapolicyd to perform an update of the trust database.
100
102 fapolicyd(8), fapolicyd.rules(5), fapolicyd.trust(5), and fapoli‐
103 cyd.conf(5)
104
107 Zoltan Fridrich
108Red Hat Dec 2021 FAPOLICYD-CLI(1)