1setroubleshootd(8)                                          setroubleshootd(8)
2
3
4

NAME

6       setroubleshootd - setroubleshoot daemon
7
8

SYNOPSIS

10       setroubleshootd [-d] [-f] [-h] [-c config]
11
12

DESCRIPTION

14       This manual page describes the setroubleshootd program.
15
16       setroubleshootd  is  the  dbus  service  in  the setroubleshoot system.
17       setroubleshoot is used to diagnose SELinux denials and attempts to pro‐
18       vide  user  friendly  explanations  for a SELinux denial (e.g. AVC) and
19       recommendations for how one might adjust the system to prevent the  de‐
20       nial in the future.
21
22       In  a  standard  configuration setroubleshoot is composed of two compo‐
23       nents, sealert and setroubleshootd.
24
25       setroubleshootd is a system daemon which runs under setroubleshoot user
26       and  listens  for  audit  events  emitted  from  the  kernel related to
27       SELinux. When the setroubleshootd daemon sees an SELinux AVC denial  it
28       runs  a series of analysis plugins which examine the audit data related
29       to the AVC. It records the results of  the  analysis  and  signals  any
30       clients  which  have  attached to the setroubleshootd daemon that a new
31       alert has been seen.
32
33       setroubleshootd is not persistent and only runs when there are new AVCs
34       to  be  analyzed.  It  is executed using setroubleshootd.service, which
35       also limits its priority and maximum RAM utilization to 1GB,  in  order
36       to help with system responsiveness in case of large amounts of AVCs.
37
38

OPTIONS

40       -f --nofork
41              Do not fork the daemon
42
43       -d --debug
44              Do not exit after 10 seconds of inactivity
45
46       -h --help
47              Show this message
48
49       -c --config
50              section.option=value     set a configuration value
51
52

AUTHOR

54       This man page was written by Dan Walsh <dwalsh@redhat.com>.
55
56

SEE ALSO

58       sealert(8),selinux(8)
59
60
61
62                                   20100520                 setroubleshootd(8)
Impressum