[go: up one dir, main page]

File: secilc.8.xml

package info (click to toggle)
secilc 3.8.1-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 664 kB
  • sloc: ansic: 704; xml: 460; makefile: 149
file content (138 lines) | stat: -rw-r--r-- 7,183 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">

<refentry>
   <refentryinfo>
      <author>
         <firstname>Richard</firstname><surname>Haines</surname><contrib></contrib>
      </author>
   </refentryinfo>

   <refmeta>
      <refentrytitle>SECILC</refentrytitle>
      <manvolnum>8</manvolnum>
      <refmiscinfo class="date">18 February 2015</refmiscinfo>
      <refmiscinfo class="source">secilc</refmiscinfo>
      <refmiscinfo class="manual">SELinux CIL Compiler</refmiscinfo>
   </refmeta>
   <refnamediv id="name">
      <refname>secilc</refname>
      <refpurpose>invoke the SELinux Common Intermediate Language (CIL) Compiler</refpurpose>
   </refnamediv>

   <refsynopsisdiv id="synopsis">
      <cmdsynopsis>
        <command>secilc</command>
          <arg choice="opt" rep="repeat"><replaceable>OPTION</replaceable></arg>
          <arg choice="plain"><replaceable>file</replaceable></arg>
      </cmdsynopsis>
   </refsynopsisdiv>

   <refsect1 id="description"><title>DESCRIPTION</title>
      <para><emphasis role="italic">secilc</emphasis> invokes the CIL compiler with the specified <emphasis role="italic">argument</emphasis>s to build a kernel binary policy. A <emphasis role="bold">file_contexts</emphasis> file will also be built as described in the <emphasis role="bold">FILE FORMAT</emphasis> section of <citerefentry><refentrytitle>file_contexts</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
   </refsect1>

   <refsect1 id="options"><title>OPTIONS</title>
      <variablelist>
         <varlistentry>
            <term><option>-o, --output=&lt;file></option></term>
            <listitem><para>Write binary policy to <emphasis role="italic">file</emphasis> (default: policy.<emphasis role="italic">version</emphasis>)</para></listitem>
         </varlistentry>

         <varlistentry>
            <term><option>-f, --filecontext=&lt;file></option></term>
            <listitem><para>Write file contexts to <emphasis role="italic">file</emphasis> (default: <emphasis role="bold">file_contexts</emphasis>)</para></listitem>
         </varlistentry>

         <varlistentry>
            <term><option>-t, --target=&lt;type></option></term>
            <listitem><para>Specify target architecture. May be <emphasis role="bold">selinux</emphasis> or <emphasis role="bold">xen</emphasis> (default: <emphasis role="bold">selinux</emphasis>)</para></listitem>
         </varlistentry>

         <varlistentry>
            <term><option>-M, --mls true|false</option></term>
            <listitem><para>Build an mls policy. Must be <emphasis role="bold">true</emphasis> or <emphasis role="bold">false</emphasis>. This will override the <emphasis role="bold">(mls <emphasis role="italic">boolean</emphasis></emphasis><emphasis role="bold">)</emphasis> statement if present in the policy.</para></listitem>
         </varlistentry>

         <varlistentry>
            <term><option>-c, --policyvers=&lt;version></option></term>
            <listitem><para>Build a binary policy with a given <emphasis role="italic">version</emphasis> (default: depends on the systems SELinux policy <emphasis role="italic">version</emphasis>, see <citerefentry><refentrytitle>sestatus</refentrytitle><manvolnum>8</manvolnum></citerefentry>)</para></listitem>
         </varlistentry>

         <varlistentry>
            <term><option>-U, --handle-unknown=&lt;action></option></term>
            <listitem><para>How to handle unknown classes or permissions. May be <emphasis role="bold">deny</emphasis>, <emphasis role="bold">allow</emphasis>, or <emphasis role="bold">reject</emphasis> (default: <emphasis role="bold">deny</emphasis>). This will override the <emphasis role="bold">(handleunknown <emphasis role="italic">action</emphasis></emphasis><emphasis role="bold">)</emphasis> statement if present in the policy.</para></listitem>
         </varlistentry>

         <varlistentry>
            <term><option>-D, --disable-dontaudit</option></term>
            <listitem><para>Do not add <emphasis role="bold">dontaudit</emphasis> rules to the binary policy.</para></listitem>
         </varlistentry>

         <varlistentry>
            <term><option>-P, --preserve-tunables</option></term>
            <listitem><para>Treat tunables as booleans.</para></listitem>
         </varlistentry>

         <varlistentry>
            <term><option>-Q, --qualified-names</option></term>
            <listitem><para>Allow names containing dots (qualified names). Blocks, blockinherits, blockabstracts, and in-statements will not be allowed.</para></listitem>
         </varlistentry>

         <varlistentry>
            <term><option>-m, --multiple-decls</option></term>
            <listitem><para>Allow some statements to be re-declared.</para></listitem>
         </varlistentry>

         <varlistentry>
            <term><option>-N, --disable-neverallow</option></term>
            <listitem><para>Do not check <emphasis role="bold">neverallow</emphasis> rules.</para></listitem>
         </varlistentry>

         <varlistentry>
            <term><option>-G, --expand-generated</option></term>
            <listitem><para>Expand and remove auto-generated attributes</para></listitem>
         </varlistentry>

         <varlistentry>
            <term><option>-X, --attrs-size &lt;size></option></term>
            <listitem><para>Expand type attributes with fewer than <emphasis role="bold">&lt;SIZE></emphasis> members.</para></listitem>
         </varlistentry>

         <varlistentry>
            <term><option>-O, --optimize</option></term>
            <listitem><para>Optimize final policy (remove redundant rules).</para></listitem>
         </varlistentry>

         <varlistentry>
            <term><option>-v, --verbose</option></term>
            <listitem><para>Increment verbosity level.</para></listitem>
         </varlistentry>

         <varlistentry>
            <term><option>-h, --help</option></term>
            <listitem><para>Display usage information.</para></listitem>
         </varlistentry>
      </variablelist>
   </refsect1>

   <refsect1 id="see_also"><title>SEE ALSO</title>
      <para>
      <simplelist type="inline">
         <member><citerefentry>
            <refentrytitle>file_contexts</refentrytitle>
            <manvolnum>5</manvolnum>
         </citerefentry></member>
         <member><citerefentry>
            <refentrytitle>sestatus</refentrytitle>
            <manvolnum>8</manvolnum>
         </citerefentry></member>
      </simplelist>
      </para>
      <para>HTML documentation describing the CIL language statements is available starting with <emphasis role="italic">docs/html/index.html</emphasis>.</para>
      <para>PDF documentation describing the CIL language statements is available at: <emphasis role="italic">docs/pdf/CIL_Reference_Guide.pdf</emphasis>.</para>
      <para>There is a CIL Design Wiki at: <ulink url="http://github.com/SELinuxProject/cil/wiki"></ulink> that describes the goals and features of the CIL language.</para>
   </refsect1>
</refentry>