Grsecurity RBAC policy splitter
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


GRSplit, a small policy splitter for Grsecurity RBAC policies


  • Python 2.7 or greater (Python 3.X supported)

  • A (working) policy file generated by gradm. It has been tested with a policy file generated via gradm-


usage: [-h] [-d DIRECTORY] [-i INCLUDE_PATH] [-b] [-v] policy

a policy splitter for Grsecurity RBAC policies.

positional arguments:
  policy                policy file to be modified

optional arguments:
  -h, --help            show this help message and exit
  -d DIRECTORY, --directory DIRECTORY
                        use existing DIRECTORY as the directory to write files
                        in (default: "/etc/grsec/roles")
  -i INCLUDE_PATH, --include-path INCLUDE_PATH
                        path used in main policy file when including external
                        policy files. (default: "/etc/grsec/roles")
  -b, --suppress-backup
                        suppress backup file creation. (default: false)
  -v, --version         show program's version number and exit	


Grsecurity RBAC policy is usually one single file containing information of every role associated with the system. If you are like me, it's pretty obnoxious to find entries linked to specific roles mixed up with others.

This script simply takes the single policy file, recognises where each role has been defined and created a specific file with the role name. Such file is then included in the main policy file.


Please, be aware that this software has not been extensively tested. It is likely to contain bugs, therefore it's adviced to make a hard copy of the policy file before relying on this script.


This script is released under MIT license. However, if you use this script and you find some further improvements and you want to share that with me, feel free to drop me a line. I'll be glad to hear that.

Fabiano 'elbryan' Francesconi