fapolicyd-cli - Fapolicyd CLI Tool
The fapolicyd command line utility is a tool to tell the daemon
that it needs to update the trust database. Normally, the daemon learns that
the trust database needs updating because it uses a dnf plugin to inform it.
However, you may install an rpm by hand and it can't see that a system
package was installed or updated. Or perhaps the admin updates the
fapolicyd.trust file and would like the changes to take effect immediately.
In either of these cases, you would need to tell the daemon that it needs to
do an update by running this command.
- -h, --help
- Prints a list of command line options.
- --check-config
- Opens fapolicyd.conf and parses it to see if there are any syntax errors
in the file.
- --check-path
- Check the PATH environmental variable against the trustdb to look for file
not in the trustdb which could cause problems at run time.
- --check-status
- Dump the daemon's internal performance statistics.
- --check-trustdb
- Check the trustdb against the files on disk to look for mismatches that
will cause problems at run time.
- --check-watch_fs
- Check the mounted file systems against the watch_fs daemon config entry to
determine if any file systems need to be added to the configuration.
- -d, --delete-db
- Deletes the trust database. Normally this never needs to be done. But if
for some reason the trust database becomes corrupted, then the only method
of recovery is to run this command.
- -D, --dump-db
- Dumps the trust db contents for inspection. This will print the original
trust source, path, file size, and SHA256 sum of the file as known by the
trust source the entry came from.
- -f, --file add|delete|update
[path]
- Manage the file trust database.
- add
- This command adds the file given by path to the trust database. It gets
the size and calculates the required SHA256 hash. If the path is a
directory, it will walk the directory tree to the bottom and add every
regular file that it finds. By default, the path is appended to the end of
the fapolicyd.trust file.
- delete
- This command deletes all entries that match from the trust database. It
will try to match multiple entries so that entire directories can be
deleted in one command. To ensure that you only match a directory and not
a partial name, be sure to end with '/'.
- update
- This command updates the size and hash of any matching paths in the file
trust database. If no path is given, then all files are updated. If an
argument is passed, then only matching paths get updated. If the intent is
to match against a directory, ensure that it ends with '/'.
- --trust-file
trust-file-name
- Use after file option. Makes every command of file option
operate on a single trust file named trust-file-name that is
located inside trust.d directory. If a trust file with such a name does
not exist inside trust.d directory, it is created.
- -t, --ftype
/path/to/file
- Prints the mime type of the file given. A full path must be specified.
This command is intended to help get the ftype parameter of rules correct
by seeing how fapolicyd will classify it. Fapolicyd may differ from the
file command.
- -l, --list
- Prints a listing of the fapolicyd rules file with a rule number to aid in
troubleshooting or understanding of the debug messages.
- -u, --update
- Notifies fapolicyd to perform an update of the trust database.
fapolicyd(8), fapolicyd.rules(5),
fapolicyd.trust(5), and fapolicyd.conf(5)