avc_add_callback - Linux


avc_add_callback: A tool for adding callback functions to AVC rules in SELinux. It allows administrators to define custom actions or notifications to be triggered when specific security events occur.


avc_add_callback [-s] [-i] [-e] [-a] [-f] <callback_file_path> [<avc_callback_list>]


  • -s: Silent mode. Suppresses all output except for error messages.
  • -i: Ignore errors. Continues adding callbacks even if some fail.
  • -e: Edit existing callback list. Only adds callbacks that are not already present in the list.
  • -a: Append to the end of the existing callback list.
  • -f: Force add. Overwrites any existing callback list with the new list.
  • <callback_file_path>: Path to the callback definition file.
  • <avc_callback_list>: Space-separated list of AVC callback names to add. If omitted, all callbacks from the file will be added.


Add a single callback from a file:

avc_add_callback -s callback.conf check_file_owner

Add multiple callbacks from a file:

avc_add_callback -e callback.conf check_file_owner check_file_permissions

Append a callback list from a file:

avc_add_callback -a callback.conf

Force overwrite the existing callback list with a new one:

avc_add_callback -f new_callback.conf

Common Issues

  • Ensure that the <callback_file_path> exists and is readable.
  • Verify that the callback names specified in <avc_callback_list> are valid.
  • If -i is not used, failing to add a single callback will halt the entire process.


avc_add_callback can be used with other tools like semanage to manage security policies dynamically. For example, to add a callback that logs all file open attempts, you can use:

semanage permissive -a fcontext
avc_add_callback callback.conf log_file_open

Related Commands

  • avc_remove_callback: Removes callback functions from AVC rules.
  • semanage: SELinux policy management utility.
  • auditctl: Audit rule management tool.