Ubuntu Manpage: fapolicyd-cli - Fapolicyd CLI Tool

NAME

       fapolicyd-cli - Fapolicyd CLI Tool

SYNOPSIS

       fapolicyd-cli [options]

DESCRIPTION

       The  fapolicyd  command  line  utility  is  a  tool  to tell the daemon that it needs to update the trust
       database. Normally, the daemon learns that the trust database needs updating because it uses a dnf plugin
       to inform it. However, you may install an rpm by hand  and  it  can't  see  that  a  system  package  was
       installed or updated. Or perhaps the admin updates the fapolicyd.trust file and would like the changes to
       take  effect immediately. In either of these cases, you would need to tell the daemon that it needs to do
       an update by running this command.

OPTIONS

-h, --help
Prints a list of command line options.

--check-config
Opens fapolicyd.conf and parses it to see if there are any syntax errors in the file.

--check-path
Check the PATH environmental variable against the trustdb to look for file not in the trustdb
which could cause problems at run time.

--check-status
Dump the daemon's internal performance statistics. See also the fapolicyd.conf option
report_interval.

--check-trustdb
Check the trustdb against the files on disk to look for mismatches that will cause problems at run
time.

--check-watch_fs
Check the mounted file systems against the watch_fs daemon config entry to determine if any file
systems need to be added to the configuration.

-d, --delete-db
Deletes the trust database. Normally this never needs to be done. But if for some reason the trust
database becomes corrupted, then the only method of recovery is to run this command.

-D, --dump-db
Dumps the trust db contents for inspection. This will print the original trust source, path, file
size, and SHA256 sum of the file as known by the trust source the entry came from.

-f, --file add|delete|update [path]
Manage the file trust database.

add This command adds the file given by path to the trust database. It gets the size and
calculates the required SHA256 hash. If the path is a directory, it will walk the
directory tree to the bottom and add every regular file that it finds. By default, the
path is appended to the end of the fapolicyd.trust file.

delete This command deletes all entries that match from the trust database. It will try to
match multiple entries so that entire directories can be deleted in one command. To
ensure that you only match a directory and not a partial name, be sure to end with
'/'.

update This command updates the size and hash of any matching paths in the file trust
database. If no path is given, then all files are updated. If an argument is passed,
then only matching paths get updated. If the intent is to match against a directory,
ensure that it ends with '/'.

--trust-file trust-file-name
Use after file option. Makes every command of file option operate on a single trust file named
trust-file-name that is located inside trust.d directory. If a trust file with such a name does
not exist inside trust.d directory, it is created.

-t, --ftype /path/to/file
Prints the mime type of the file given. A full path must be specified. This command is intended to
help get the ftype parameter of rules correct by seeing how fapolicyd will classify it. Fapolicyd
may differ from the file command.

-l, --list
Prints a listing of the fapolicyd rules file with a rule number to aid in troubleshooting or
understanding of the debug messages.

-u, --update
Notifies fapolicyd to perform an update of the trust database.

-r, --reload-rules
Notifies fapolicyd to perform a reload of the rules.

AUTHOR

       Zoltan Fridrich

Red Hat                                             Dec 2021                                    FAPOLICYD-CLI(8)

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

SEE ALSO

AUTHOR