Extending audit2allow to Provide More Restrictive Solutions

The thesis analyzes the role of the audit2allow utility in troubleshooting Security-Enhanced Linux denials and proposes extensions that will provide more restrictive and more secure solutions to the user. Basic concepts of SELinux and SELinux security policy are explained. Situations when audit2allow provides ineffective and insecure solutions are analyzed. Support for generating extended permission access vector rules was implemented. Basic support for checking security labels of files was implemented. Implementation details and testing of both extensions to the audit2allow utility are described.