diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow
index 5ad9fdb..5435e9d 100644
--- a/policycoreutils/audit2allow/audit2allow
+++ b/policycoreutils/audit2allow/audit2allow
@@ -42,6 +42,8 @@ class AuditToPolicy:
from optparse import OptionParser
parser = OptionParser(version=self.VERSION)
+ parser.add_option("-b", "--boot", action="store_true", dest="boot", default=False,
+ help="audit messages since last boot conflicts with -i")
parser.add_option("-a", "--all", action="store_true", dest="audit", default=False,
help="read input from audit log - conflicts with -i")
parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False,
@@ -83,11 +85,11 @@ class AuditToPolicy:
options, args = parser.parse_args()
# Make -d, -a, and -i conflict
- if options.audit is True:
+ if options.audit is True or options.boot:
if options.input is not None:
- sys.stderr.write("error: --all conflicts with --input\n")
+ sys.stderr.write("error: --all/--boot conflicts with --input\n")
if options.dmesg is True:
- sys.stderr.write("error: --all conflicts with --dmesg\n")
+ sys.stderr.write("error: --all/--boot conflicts with --dmesg\n")
if options.input is not None and options.dmesg is True:
sys.stderr.write("error: --input conflicts with --dmesg\n")
@@ -132,6 +134,12 @@ class AuditToPolicy:
except OSError, e:
sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
sys.exit(1)
+ elif self.__options.boot:
+ try:
+ messages = audit.get_audit_boot_msgs()
+ except OSError, e:
+ sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
+ sys.exit(1)
else:
# This is the default if no input is specified
f = sys.stdin
diff --git a/policycoreutils/audit2allow/audit2allow.1 b/policycoreutils/audit2allow/audit2allow.1
index d9635c2..6178cc8 100644
--- a/policycoreutils/audit2allow/audit2allow.1
+++ b/policycoreutils/audit2allow/audit2allow.1
@@ -38,6 +38,9 @@
.B "\-a" | "\-\-all"
Read input from audit and message log, conflicts with -i
.TP
+.B "\-b" | "\-\-boot"
+Read input from audit messages since last boot conflicts with -i
+.TP
.B "\-d" | "\-\-dmesg"
Read input from output of
.I /bin/dmesg.
diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
index efcc40d..24e308e 100644
--- a/sepolgen/src/sepolgen/audit.py
+++ b/sepolgen/src/sepolgen/audit.py
@@ -23,6 +23,27 @@ import re
# Convenience functions
+def get_audit_boot_msgs():
+ """Obtain all of the avc and policy load messages from the audit
+ log. This function uses ausearch and requires that the current
+ process have sufficient rights to run ausearch.
+
+ Returns:
+ string contain all of the audit messages returned by ausearch.
+ """
+ import subprocess
+ import time
+ fd=open("/proc/uptime", "r")
+ off=float(fd.read().split()[0])
+ fd.close
+ s = time.localtime(time.time() - off)
+ date = time.strftime("%D/%Y", s).split("/")
+ bootdate="%s/%s/%s" % (date[0], date[1], date[3])
+ boottime = time.strftime("%X", s)
+ output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
+ stdout=subprocess.PIPE).communicate()[0]
+ return output
+
def get_audit_msgs():
"""Obtain all of the avc and policy load messages from the audit
log. This function uses ausearch and requires that the current
