avc_init - Linux
Overview
avc_init is a utility to initialize the AppArmor policy engine and its data structures. It reads the policy configuration files and populates the access vector cache.
Syntax
avc_init [-v] [-i] [-f] [-s] [-t] [-w] [-h] [-C <config_file>]
Options/Flags
- -v: Verbose output.
- -i: Ignore and continue if errors occur while reading policy configuration files.
- -f: Force initialization, even if the policy is not marked as ‘enforce’ mode.
- -s: Skip initialization if the policy is already running.
- -t: Run the test suite.
- -w: Warn and continue if errors occur while reading policy configuration files.
- -h: Display help.
- -C <config_file>: Specify a custom configuration file.
Examples
Initialize the AppArmor policy engine:
avc_init
Initialize the policy engine and ignore errors:
avc_init -i
Initialize the policy engine and run the test suite:
avc_init -t
Common Issues
Error: avc: unable to initialize policy engine
- Ensure that the AppArmor module is loaded into the kernel.
- Check that the policy configuration files are readable by the
avc_init
process.
Warning: avc: some policy files not found
- The missing policy files may not be required for your system. You can use the
-i
option to ignore these warnings.
Integration
avc_init
is used by the AppArmor daemon to initialize the policy engine. It can also be used by scripts or other programs to re-initialize the policy engine after making changes to the policy configuration files.
Related Commands
- apparmor_parser: Parses AppArmor policy files.
- apparmor_status: Displays the status of the AppArmor policy engine.