Update cheatsheets

tldr/linux/audit2allow

@@ -5,22 +5,39 @@ source: https://github.com/tldr-pages/tldr.git
 ---
 # audit2allow
 
-> Create an SELinux local policy module to allow rules based on denied operations found in logs.
-> Note: Use audit2allow with caution. Always review the generated policy before applying it, as it may allow excessive access.
+> Generate SELinux policy allow rules from audit logs.
+> Part of the `policycoreutils-python-utils` package.
+> See also: `audit2why`, `ausearch`, `semodule`.
 > More information: <https://manned.org/audit2allow>.
 
-- Generate a local policy to allow access for all denied services:
+- Generate allow rules from recent audit denials and display them:
 
-`sudo audit2allow {{[-a|--all]}} -M {{local_policy_name}}`
+`sudo audit2allow {{[-a|--all]}}`
 
-- Generate a local policy module to grant access to a specific process/service/command from the audit logs:
+- Generate allow rules from a specific audit log file:
 
-`sudo grep {{apache2}} /var/log/audit/audit.log | sudo audit2allow -M {{local_policy_name}}`
+`sudo audit2allow {{[-i|--input]}} {{path/to/audit.log}}`
 
-- Inspect and review the Type Enforcement (.te) file for a local policy:
+- Generate a policy module from recent audit denials:
 
-`vim {{local_policy_name}}.te`
+`sudo audit2allow {{[-a|--all]}} {{[-M|--module]}} {{module_name}}`
 
-- Install a local policy module:
+- Explain why SELinux denials occurred (same as `audit2why`):
 
-`sudo semodule {{[-i|--install]}} {{local_policy_name}}.pp`
+`sudo audit2allow {{[-a|--all]}} --why`
+
+- Display detailed information around generated messages:
+
+`sudo audit2allow {{[-a|--all]}} {{[-e|--explain]}}`
+
+- Use installed macros to generate a reference policy:
+
+`sudo audit2allow {{[-a|--all]}} {{[-R|--reference]}}`
+
+- Generate allow rules for a specific service:
+
+`sudo ausearch {{[-m|--message]}} avc {{[-c|--comm]}} {{service_name}} | audit2allow {{[-M|--module]}} {{policy_name}}`
+
+- Enable verbose output mode:
+
+`sudo audit2allow {{[-a|--all]}} {{[-v|--verbose]}}`

tldr/linux/audit2why

@@ -0,0 +1,27 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# audit2why
+
+> Explain SELinux denials from audit logs.
+> Part of the `policycoreutils-python-utils` package.
+> See also: `audit2allow`, `ausearch`, `sealert`.
+> More information: <https://manned.org/audit2why>.
+
+- Explain the most recent SELinux denial:
+
+`sudo audit2why`
+
+- Explain SELinux denials from a specific audit log file:
+
+`sudo audit2why {{[-i|--input]}} {{path/to/audit.log}}`
+
+- Explain all SELinux denials from the audit log:
+
+`sudo ausearch {{[-m|--message]}} avc | audit2why`
+
+- Explain denials for a specific service:
+
+`sudo ausearch {{[-m|--message]}} avc {{[-c|--comm]}} {{service_name}} | audit2why`

tldr/linux/chcat

@@ -0,0 +1,35 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# chcat
+
+> Change SELinux security category for files.
+> Categories provide an additional level of access control based on MCS (Multi-Category Security).
+> See also: `chcon`, `semanage`.
+> More information: <https://manned.org/chcat>.
+
+- List all available categories:
+
+`sudo chcat {{[-L|--list]}}`
+
+- Add a category to a file:
+
+`sudo chcat +{{CategoryName}} {{path/to/file}}`
+
+- Remove a category from a file:
+
+`sudo chcat -- -{{CategoryName}} {{path/to/file}}`
+
+- Set specific categories for a file (replacing existing ones):
+
+`sudo chcat {{CategoryName1,CategoryName2,...}} {{path/to/file}}`
+
+- Display the categories of a file:
+
+`ls {{[-Z|--context]}} {{path/to/file}}`
+
+- Remove all categories from a file:
+
+`sudo chcat {{[-d|--delete]}} {{path/to/file}}`

tldr/linux/darling

@@ -12,9 +12,9 @@ source: https://github.com/tldr-pages/tldr.git
 
 `darling shell {{uname}}`
 
-- Run a specific program in the current path with arguments:
+- Run a specific program with arguments:
 
-`darling shell {{./program}} {{program_argument_1 program_argument_2 ...}}`
+`darling shell {{path/to/program}} {{program_argument_1 program_argument_2 ...}}`
 
 - Open a macOS shell:
 

tldr/linux/debman

@@ -18,4 +18,4 @@ source: https://github.com/tldr-pages/tldr.git
 
 - Read a man page in a `.deb` [f]ile:
 
-`debman -f {{path/to/filename.deb}} {{command}}`
+`debman -f {{path/to/file.deb}} {{command}}`

tldr/linux/gcrane-completion

@@ -6,7 +6,7 @@ source: https://github.com/tldr-pages/tldr.git
 # gcrane completion
 
 > Generate the autocompletion script for gcrane for the specified shell.
-> The available shells are `bash`, `fish`, `powershell`, and `zsh`.
+> The available shells are Bash, fish, PowerShell, and Zsh.
 > More information: <https://github.com/google/go-containerregistry/blob/main/cmd/gcrane/README.md>.
 
 - Generate the autocompletion script for your shell:
@@ -17,7 +17,7 @@ source: https://github.com/tldr-pages/tldr.git
 
 `gcrane completion {{shell_name}} --no-descriptions`
 
-- Load completions in your current shell session (bash/zsh):
+- Load completions in your current shell session (Bash/Zsh):
 
 `source <(gcrane completion bash/zsh)`
 
@@ -25,11 +25,11 @@ source: https://github.com/tldr-pages/tldr.git
 
 `gcrane completion fish | source`
 
-- Load completions for every new session (bash):
+- Load completions for every new session (Bash):
 
 `gcrane completion bash > /etc/bash_completion.d/gcrane`
 
-- Load completions for every new session (zsh):
+- Load completions for every new session (Zsh):
 
 `gcrane completion zsh > "${fpath[1]}/_gcrane"`
 

tldr/linux/ip-rule

@@ -38,4 +38,4 @@ source: https://github.com/tldr-pages/tldr.git
 
 - Restore all rules from a file:
 
-`sudo ip {{[ru|rule]}} {{[r|restore]}} < {{path/to/ip_rules.dat}}`
+`sudo ip < {{path/to/ip_rules.dat}} {{[ru|rule]}} {{[r|restore]}}`

tldr/linux/jobs

@@ -6,7 +6,7 @@ source: https://github.com/tldr-pages/tldr.git
 # jobs
 
 > Shell builtin for viewing information about processes spawned by the current shell.
-> Options other than `-l` and `-p` are exclusive to `bash`.
+> Options other than `-l` and `-p` are exclusive to Bash.
 > More information: <https://www.gnu.org/software/bash/manual/bash.html#index-jobs>.
 
 - View jobs spawned by the current shell:

tldr/linux/lxc-profile

@@ -22,7 +22,7 @@ source: https://github.com/tldr-pages/tldr.git
 
 - Edit a specific profile importing the configuration values from a file:
 
-`lxc profile edit {{profile_name}} < {{config.yaml}}`
+`lxc < {{config.yaml}} profile edit {{profile_name}}`
 
 - Launch a new container with specific profiles:
 

tldr/linux/mhwd

@@ -5,7 +5,7 @@ source: https://github.com/tldr-pages/tldr.git
 ---
 # mhwd
 
-> Manjaro Hardware Detection utility  .
+> Manjaro Hardware Detection utility.
 > More information: <https://wiki.manjaro.org/index.php/Manjaro_Hardware_Detection_Overview>.
 
 - List available drivers:

tldr/linux/nixos-container

@@ -14,7 +14,7 @@ source: https://github.com/tldr-pages/tldr.git
 
 - Create a NixOS container with a specific configuration file:
 
-`sudo nixos-container create {{container_name}} --config-file {{nix_config_file_path}}`
+`sudo nixos-container create {{container_name}} --config-file {{path/to/nix_config_file}}`
 
 - Start, stop, terminate, or destroy a specific container:
 

tldr/linux/pct-exec

@@ -12,7 +12,7 @@ source: https://github.com/tldr-pages/tldr.git
 
 `pct {{[ex|exec]}} {{100}} {{command}}`
 
-- Open a bash shell in a container:
+- Open a Bash shell in a container:
 
 `pct {{[ex|exec]}} {{100}} bash`
 

tldr/linux/pulseaudio-ctl

@@ -0,0 +1,41 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# pulseaudio-ctl
+
+> Control PulseAudio volume.
+> More information: <https://github.com/graysky2/pulseaudio-ctl>.
+
+- Increase volume by 5%:
+
+`pulseaudio-ctl up`
+
+- Increase volume by a specific amount:
+
+`pulseaudio-ctl up {{amount}}`
+
+- Decrease volume by 5%:
+
+`pulseaudio-ctl down`
+
+- Decrease volume by a specific amount:
+
+`pulseaudio-ctl down {{amount}}`
+
+- Set volume to a specific percentage:
+
+`pulseaudio-ctl set {{percentage}}`
+
+- Set volume to a specific percentage if the current volume is higher than the provided value:
+
+`pulseaudio-ctl atmost {{percentage}}`
+
+- Toggle mute:
+
+`pulseaudio-ctl mute`
+
+- Toggle microphone mute:
+
+`pulseaudio-ctl mute-input`

tldr/linux/scrun

@@ -0,0 +1,41 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# scrun
+
+> An OCI runtime proxy for Slurm that runs containers as jobs.
+> More information: <https://slurm.schedmd.com/scrun.html>.
+
+- Create a new container with a specific ID:
+
+`scrun create {{container_id}}`
+
+- Start a previously created container:
+
+`scrun start {{container_id}}`
+
+- Query the state of a container:
+
+`scrun state {{container_id}}`
+
+- Send a signal to a container (default: SIGTERM):
+
+`scrun kill {{container_id}}`
+
+- Send a specific signal to a container:
+
+`scrun kill {{container_id}} {{SIGKILL}}`
+
+- Delete a container and release its resources:
+
+`scrun delete {{container_id}}`
+
+- Enable debug logging:
+
+`scrun {{create|start|kill|delete}} {{container_id}} --debug`
+
+- Display version:
+
+`scrun --version`

tldr/linux/sesearch

@@ -0,0 +1,35 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# sesearch
+
+> Search SELinux policy rules.
+> Part of the `setools` package.
+> See also: `seinfo`, `semodule`.
+> More information: <https://manned.org/sesearch>.
+
+- Search for all allow rules:
+
+`sesearch --allow`
+
+- Search for rules related to a specific type:
+
+`sesearch --allow {{[-t|--target]}} {{type_name}}`
+
+- Search for rules related to a specific source type:
+
+`sesearch --allow {{[-s|--source]}} {{source_type}}`
+
+- Search for rules that allow a specific class and permission:
+
+`sesearch --allow {{[-c|--class]}} {{class_name}} {{[-p|--perm]}} {{permission}}`
+
+- Search for rules with a specific target type and class:
+
+`sesearch --allow {{[-t|--target]}} {{type_name}} {{[-c|--class]}} {{class_name}}`
+
+- Display more detailed information about matched rules:
+
+`sesearch --allow {{[-t|--target]}} {{type_name}} {{[-v|--verbose]}}`

tldr/linux/sfdisk

@@ -14,7 +14,7 @@ source: https://github.com/tldr-pages/tldr.git
 
 - Restore a partition layout:
 
-`sudo sfdisk {{path/to/device}} < {{path/to/file.dump}}`
+`sudo sfdisk < {{path/to/file.dump}} {{path/to/device}}`
 
 - Set the type of a partition:
 

tldr/linux/sqfstar

@@ -10,7 +10,7 @@ source: https://github.com/tldr-pages/tldr.git
 
 - Create a squashfs filesystem (compressed using `gzip` by default) from an uncompressed tar archive:
 
-`sqfstar {{filesystem.squashfs}} < {{archive.tar}}`
+`sqfstar < {{archive.tar}} {{filesystem.squashfs}}`
 
 - Create a squashfs filesystem from a tar archive compressed with `gzip`, and [comp]ress the filesystem using a specific algorithm:
 

tldr/linux/systemctl-exit

@@ -16,6 +16,6 @@ source: https://github.com/tldr-pages/tldr.git
 
 `systemctl exit {{code}} --user`
 
-- Ask the container’s service manager to exit (equivalent of `systemctl poweroff` if not in a container):
+- Ask the container's service manager to exit (equivalent of `systemctl poweroff` if not in a container):
 
 `systemctl exit`

tldr/linux/unzipsfx

@@ -22,7 +22,7 @@ source: https://github.com/tldr-pages/tldr.git
 
 - Print content of a file in the self-extracting binary without extraction:
 
-`{{./path/to/binary}} -c {{path/to/filename}}`
+`{{./path/to/binary}} -c {{path/to/file}}`
 
 - Print comments on Zip archive in the self-extracting binary: