A Linux administrator is troubleshooting a monitoring agent that is constantly triggering SELinux AVC messages. After confirming the access is legitimate, the administrator runs the following command to generate a custom policy module:
This produces the files mon_agent.pp and mon_agent.te in the working directory. To apply the new policy module immediately and ensure it remains in effect after future reboots-without altering the system's current enforcing mode-which command should the administrator run next?
The audit2allow -M option builds a loadable binary policy package that ends with the .pp extension. SELinux policy packages are installed into the module store with the semodule utility. Using semodule -i mon_agent.pp loads the package, rebuilds the system policy, and stores the module so it is automatically loaded each time the system boots.
The other choices are incorrect:
semanage -i is not a valid option for importing policy packages; semanage manages SELinux settings such as ports, booleans, and file contexts, not modules.
audit2allow -i is not a valid command syntax and cannot install a module.
setenforce 0 merely switches the system to permissive mode and does nothing to incorporate the new module.
Therefore, semodule -i mon_agent.pp is the correct action.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the `semodule` command do in SELinux?
Open an interactive chat with Bash
What is the purpose of the `.pp` and `.te` files generated by `audit2allow`?
Open an interactive chat with Bash
What is the difference between `setenforce` and permanently installing a policy module?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Troubleshooting
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access