ea175157dd
Added "-G, --expand_generated" option to specify that all automatically generated attributes should be expanded and removed. Added "-X, --expand_size <SIZE>" option to specify which attributes are expanded when building a kernel policy. All attributes that have less types assigned to it than SIZE will be expanded when writing AV rules. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
123 lines
6.3 KiB
XML
123 lines
6.3 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
|
|
|
<refentry>
|
|
<refentryinfo>
|
|
<author>
|
|
<firstname>Richard</firstname><surname>Haines</surname><contrib></contrib>
|
|
</author>
|
|
</refentryinfo>
|
|
|
|
<refmeta>
|
|
<refentrytitle>SECILC</refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
<refmiscinfo class="date">18 February 2015</refmiscinfo>
|
|
<refmiscinfo class="source">secilc</refmiscinfo>
|
|
<refmiscinfo class="manual">SELinux CIL Compiler</refmiscinfo>
|
|
</refmeta>
|
|
<refnamediv id="name">
|
|
<refname>secilc</refname>
|
|
<refpurpose>invoke the SELinux Common Intermediate Language (CIL) Compiler</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv id="synopsis">
|
|
<cmdsynopsis>
|
|
<command>secilc</command>
|
|
<arg choice="opt" rep="repeat"><replaceable>OPTION</replaceable></arg>
|
|
<arg choice="plain"><replaceable>file</replaceable></arg>
|
|
</cmdsynopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1 id="description"><title>DESCRIPTION</title>
|
|
<para><emphasis role="italic">secilc</emphasis> invokes the CIL compiler with the specified <emphasis role="italic">argument</emphasis>s to build a kernel binary policy. A <emphasis role="bold">file_contexts</emphasis> file will also be built as described in the <emphasis role="bold">FILE FORMAT</emphasis> section of <citerefentry><refentrytitle>file_contexts</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id="options"><title>OPTIONS</title>
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><option>-o, --output=<file></option></term>
|
|
<listitem><para>Write binary policy to <emphasis role="italic">file</emphasis> (default: policy.<emphasis role="italic">version</emphasis>)</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>-f, --filecontext=<file></option></term>
|
|
<listitem><para>Write file contexts to <emphasis role="italic">file</emphasis> (default: <emphasis role="bold">file_contexts</emphasis>)</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>-t, --target=<type></option></term>
|
|
<listitem><para>Specify target architecture. May be <emphasis role="bold">selinux</emphasis> or <emphasis role="bold">xen</emphasis> (default: <emphasis role="bold">selinux</emphasis>)</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>-M, --mls true|false</option></term>
|
|
<listitem><para>Build an mls policy. Must be <emphasis role="bold">true</emphasis> or <emphasis role="bold">false</emphasis>. This will override the <emphasis role="bold">(mls <emphasis role="italic">boolean</emphasis></emphasis><emphasis role="bold">)</emphasis> statement if present in the policy.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>-c, --policyvers=<version></option></term>
|
|
<listitem><para>Build a binary policy with a given <emphasis role="italic">version</emphasis> (default: depends on the systems SELinux policy <emphasis role="italic">version</emphasis>, see <citerefentry><refentrytitle>sestatus</refentrytitle><manvolnum>8</manvolnum></citerefentry>)</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>-U, --handle-unknown=<action></option></term>
|
|
<listitem><para>How to handle unknown classes or permissions. May be <emphasis role="bold">deny</emphasis>, <emphasis role="bold">allow</emphasis>, or <emphasis role="bold">reject</emphasis> (default: <emphasis role="bold">deny</emphasis>). This will override the <emphasis role="bold">(handleunknown <emphasis role="italic">action</emphasis></emphasis><emphasis role="bold">)</emphasis> statement if present in the policy.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>-D, --disable-dontaudit</option></term>
|
|
<listitem><para>Do not add <emphasis role="bold">dontaudit</emphasis> rules to the binary policy.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>-P, --preserve-tunables</option></term>
|
|
<listitem><para>Treat tunables as booleans.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>-N, --disable-neverallow</option></term>
|
|
<listitem><para>Do not check <emphasis role="bold">neverallow</emphasis> rules.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>-G, --expand-generated</option></term>
|
|
<listitem><para>Expand and remove auto-generated attributes</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>-X, --attrs-size <size></option></term>
|
|
<listitem><para>Expand type attributes with fewer than <emphasis role="bold"><SIZE></emphasis> members.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>-v, --verbose</option></term>
|
|
<listitem><para>Increment verbosity level.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>-h, --help</option></term>
|
|
<listitem><para>Display usage information.</para></listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1 id="see_also"><title>SEE ALSO</title>
|
|
<para>
|
|
<simplelist type="inline">
|
|
<member><citerefentry>
|
|
<refentrytitle>file_contexts</refentrytitle>
|
|
<manvolnum>5</manvolnum>
|
|
</citerefentry></member>
|
|
<member><citerefentry>
|
|
<refentrytitle>sestatus</refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
</citerefentry></member>
|
|
</simplelist>
|
|
</para>
|
|
<para>HTML documentation describing the CIL language statements is available starting with <emphasis role="italic">docs/html/index.html</emphasis>.</para>
|
|
<para>PDF documentation describing the CIL language statements is available at: <emphasis role="italic">docs/pdf/CIL_Reference_Guide.pdf</emphasis>.</para>
|
|
<para>There is a CIL Design Wiki at: <ulink url="http://github.com/SELinuxProject/cil/wiki"></ulink> that describes the goals and features of the CIL language.</para>
|
|
</refsect1>
|
|
</refentry>
|
|
|