avc_cleanup - Linux


The avc_cleanup command is used to reclaim space occupied by AVC (Access Vector Cache) databases. It removes unused entries from the database, reducing its size and improving performance.


avc_cleanup [-h] [-f]


  • -h: Display help and usage information.
  • -f: Force cleanup, even if the database contains active entries. Use this option with caution.


To perform a standard cleanup, run:


To force cleanup, even if active entries are present, use:

avc_cleanup -f

Common Issues

Error: avc_cleanup: warning: database has active entries.

This error occurs when trying to cleanup the database while active entries are present. Use the -f option to force cleanup.


avc_cleanup can be integrated into scripts or automated tasks to periodically reclaim space occupied by the AVC database. For example:


# Run avc_cleanup once a day at midnight
0 0 * * * /usr/sbin/avc_cleanup

Related Commands

  • avctester: Manage and test AVC policies.
  • semodule: Manage SELinux policies.

For more information on AVC and SELinux, refer to the official SELinux User’s Guide.