代码拉取完成,页面将自动刷新
[TOC]
This document describes how to use the commands in secPaver package.
pav is the client process of secPaver. It provides a command-line interface for users to use secPaver.
pavd is the server process of secPaver that manages the data resources, processes client requests, and returns processing results.
The format of secPaver command is:
pav [options] OBJECT SUMCOMMAND [SUBCOMMAND_ARGUMENTS]
pavd [options]
where the options indicate global parameters, OBJECT indicates the managed object of the command, SUMCOMMAND indicates the subcommand supported by the managed object, and SUBCOMMAND_ARGUMENTS indicates the subcommand parameter.
pav -s /var/run/secpaver/pavd.sock project list
[PARM] indicates an optional parameter, and <PARM> indicates a required parameter.The global parameters of pav include help information, version query, and connection configurations.
Description:
Print the help information。
Format:
pav --help
Description:
Print pav version.
Format:
pav --version
Description:
Specify the Unix socket file used by grpc connection. The default value is /var/run/secpaver/pavd.sock.
Format:
pav --socket <PATH>
Description:
Manage the policy generator plugin.
Format:
pav engine SUBCOMMAND
Supported subcommands:
Description:
List all loaded policy generator plugins.
Format:
pav engine list
Parameters:
None
Example:
# pav engine list
Name Desc
selinux selinux policy generate engine
Description:
List the details of one loaded policy generator plugin.
Format:
pav engine info <ENGINE>
Parameters:
| Parameter | Description |
|---|---|
| ENGINE | Name of loaded policy generator plugin |
Example:
# pav engine info selinux
Attribute Value
Name selinux
Desc selinux policy generate engine
Description:
Manage the projects stored in secPaver server.
Format:
pav project SUBCOMMAND
Supported subcommands:
Description:
Create a template project.
Format:
pav project create <NAME> <PATH>
Parameters:
| Parameter | Description |
|---|---|
| NAME | Project name |
| PATH | Local path for the created project |
Example:
# pav project create demo /root
create demo template project at /root/demo
# tree /root/demo/
/root/demo/
├── resources.json
├── selinux.json
├── specs
│ └── module_demo.json
└── pav.proj
1 directory, 4 files
Description:
List all projects stored in secPaver server.
Format:
pav project list
Parameters:
None
Example:
# pav project list
Name Version
demo 1.0
Description:
List details of a specified project stored in secPaver server.
Format:
pav project info <PROJECT>
Parameters:
| Parameter | Description |
|---|---|
| PROJECT | Name of the project on server side |
Example:
# pav project info demo
Attribute Value
name demo
resource file resources.json
spec files specs/module_demo.json
Description:
Import a project file (zip format) to secPaver server.
Format:
pav project import [-f] <FILE>
Parameters:
| Parameter | Description |
|---|---|
| --force, -f | Overwrite import |
| FILE | Project zip file |
Example:
# pav project import demo.zip
[info]: Finish importing demo project
Description:
Export a given project as a .zip file from the server side.
Format:
pav project export [-f] <PROJECT> <PATH>
Parameters:
| Parameter | Description |
|---|---|
| --force, -f | Overwrite export |
| PROJECT | Name of the project on server side |
| PATH | Export path |
Example:
# pav project export demo .
Finish exporting: export_demo.zip
Description:
Delete a specified project stored in secPaver server.
Format:
pav project delete <PROJECT>
Parameters:
| Parameter | Description |
|---|---|
| PROJECT | Name of the project on server side |
Example:
# pav project delete demo
[info]: Finish deleting demo project
Description:
Build a project and generate policy based on specified engine. The project can be one on the secPaver server, or one specified by a local path.
Format:
pav project build --engine <ENGINE> <-d PATH | -r PROJECT>
Parameters:
| Parameter | Description |
|---|---|
| --engine ENGINE | Specify the policy generator plugin |
| -d PATH | path for local project |
| -r PROJECT | Name of project stored in secPaver server |
Example:
# pav project build -d ./demo --engine selinux
[info]: Finish building demo project
# pav project build -r demo --engine selinux
[info]: Finish building demo project
Description:
Manage the generated policies.
Format:
pav policy SUBCOMMAND
Supported subcommands:
Description:
List all generated policies.
Format:
pav policy list
Parameters:
None
Example:
# pav policy list
Name Status
demo_selinux disable
Description:
Install a generated policy.
Format:
pav policy install <POLICY>
Parameters:
| Parameter | Description |
|---|---|
| POLICY | Name of the policy on server side |
Example:
# pav policy install demo_selinux
[info]: install SELinux policy module
[info]: start to restore file context
[info]: Finish installing policy
Description:
Uninstall a generated policy.
Format:
pav policy uninstall <POLICY>
Parameters:
| Parameter | Description |
|---|---|
| POLICY | Name of the policy on server side |
Example:
# pav policy uninstall demo_selinux
[info]: uninstall SELinux policy module
[info]: restore file context
[info]: Finish uninstalling policy uninstalling
Description:
Export a generated policy to a zip file.
Format:
pav policy export [-f] <POLICY> <PATH>
Parameters:
| Parameter | Description |
|---|---|
| --force, -f | Overwrite export |
| POLICY | Name of the policy on server side |
| PATH | Export path |
Example:
# pav policy export demo_selinux .
Finish exporting: export_demo_selinux.zip
Description:
Delete policy from server side.
Format:
pav policy delete <POLICY>
Parameters:
| Parameter | Description |
|---|---|
| POLICY | Name of the policy on server side |
Example:
# pav policy delete demo_selinux
[info]: Finish deleting policy
The global parameters of pavd include help information, version query, and basic configurations.
Description:
Print help information.
Format:
pavd --help
Description:
Print pavd version.
Format:
pavd --version
Description:
Specified config file, the default value is /etc/secpaver/pavd/config.json.
Format:
pavd --config <FILE>
Description:
Grpc socket file path, the default value is /var/run/secpaver/pavd.sock.
Format:
pavd --socket <PATH>
Description:
Specifies the log level (values could be one of debug, info, warn, error, fatal, panic); It can be specified in the config file. If it is not specified in the config file, it defaults to "info" level.
Format:
pavd --log-level <LEVEL>
Description:
After secPaver is installed, the pavd service process can be managed through the systemd command.
Format:
Start pavd service:
systemctl start pavd
Stop pavd service:
systemctl stop pavd
Query pavd service status:
systemctl status pavd
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。