avc_init - Linux

Overview

avc_init is a utility to initialize the AppArmor policy engine and its data structures. It reads the policy configuration files and populates the access vector cache.

Syntax

avc_init [-v] [-i] [-f] [-s] [-t] [-w] [-h] [-C <config_file>]

Options/Flags

• -v: Verbose output.
• -i: Ignore and continue if errors occur while reading policy configuration files.
• -f: Force initialization, even if the policy is not marked as ‘enforce’ mode.
• -s: Skip initialization if the policy is already running.
• -t: Run the test suite.
• -w: Warn and continue if errors occur while reading policy configuration files.
• -h: Display help.
• -C <config_file>: Specify a custom configuration file.

Examples

Initialize the AppArmor policy engine:

avc_init

Initialize the policy engine and ignore errors:

avc_init -i

Initialize the policy engine and run the test suite:

avc_init -t

Common Issues

Error: avc: unable to initialize policy engine

• Ensure that the AppArmor module is loaded into the kernel.
• Check that the policy configuration files are readable by the avc_init process.

Warning: avc: some policy files not found

• The missing policy files may not be required for your system. You can use the -i option to ignore these warnings.

Integration

avc_init is used by the AppArmor daemon to initialize the policy engine. It can also be used by scripts or other programs to re-initialize the policy engine after making changes to the policy configuration files.

Related Commands

• apparmor_parser: Parses AppArmor policy files.
• apparmor_status: Displays the status of the AppArmor policy engine.