Steve Lawrence | b19eafb | 2014-08-26 08:02:58 -0400 | [diff] [blame] | 1 | <?xml version="1.0" encoding="UTF-8"?> |
| 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML//EN" |
| 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
| 4 | |
| 5 | <refentry> |
| 6 | <refentryinfo> |
| 7 | <author> |
| 8 | <firstname>Richard</firstname><surname>Haines</surname><contrib></contrib> |
| 9 | </author> |
| 10 | </refentryinfo> |
| 11 | |
| 12 | <refmeta> |
| 13 | <refentrytitle>SECILC</refentrytitle> |
| 14 | <manvolnum>8</manvolnum> |
Richard Haines | c2c2bd3 | 2015-02-25 14:00:04 +0000 | [diff] [blame] | 15 | <refmiscinfo class="date">18 February 2015</refmiscinfo> |
Steve Lawrence | b19eafb | 2014-08-26 08:02:58 -0400 | [diff] [blame] | 16 | <refmiscinfo class="source">secilc</refmiscinfo> |
| 17 | <refmiscinfo class="manual">SELinux CIL Compiler</refmiscinfo> |
| 18 | </refmeta> |
| 19 | <refnamediv id="name"> |
| 20 | <refname>secilc</refname> |
| 21 | <refpurpose>invoke the SELinux Common Intermediate Language (CIL) Compiler</refpurpose> |
| 22 | </refnamediv> |
| 23 | |
| 24 | <refsynopsisdiv id="synopsis"> |
| 25 | <cmdsynopsis> |
| 26 | <command>secilc</command> |
| 27 | <arg choice="opt" rep="repeat"><replaceable>OPTION</replaceable></arg> |
| 28 | <arg choice="plain"><replaceable>file</replaceable></arg> |
| 29 | </cmdsynopsis> |
| 30 | </refsynopsisdiv> |
| 31 | |
| 32 | <refsect1 id="description"><title>DESCRIPTION</title> |
| 33 | <para><emphasis role="italic">secilc</emphasis> invokes the CIL compiler with the specified <emphasis role="italic">argument</emphasis>s to build a kernel binary policy. A <emphasis role="bold">file_contexts</emphasis> file will also be built as described in the <emphasis role="bold">FILE FORMAT</emphasis> section of <citerefentry><refentrytitle>file_contexts</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> |
| 34 | </refsect1> |
| 35 | |
| 36 | <refsect1 id="options"><title>OPTIONS</title> |
Richard Haines | c2c2bd3 | 2015-02-25 14:00:04 +0000 | [diff] [blame] | 37 | <variablelist> |
| 38 | <varlistentry> |
| 39 | <term><option>-o, --output=<file></option></term> |
| 40 | <listitem><para>Write binary policy to <emphasis role="italic">file</emphasis> (default: policy.<emphasis role="italic">version</emphasis>)</para></listitem> |
| 41 | </varlistentry> |
Steve Lawrence | b19eafb | 2014-08-26 08:02:58 -0400 | [diff] [blame] | 42 | |
Richard Haines | c2c2bd3 | 2015-02-25 14:00:04 +0000 | [diff] [blame] | 43 | <varlistentry> |
| 44 | <term><option>-f, --filecontext=<file></option></term> |
| 45 | <listitem><para>Write file contexts to <emphasis role="italic">file</emphasis> (default: <emphasis role="bold">file_contexts</emphasis>)</para></listitem> |
| 46 | </varlistentry> |
Steve Lawrence | b19eafb | 2014-08-26 08:02:58 -0400 | [diff] [blame] | 47 | |
Richard Haines | c2c2bd3 | 2015-02-25 14:00:04 +0000 | [diff] [blame] | 48 | <varlistentry> |
| 49 | <term><option>-t, --target=<type></option></term> |
| 50 | <listitem><para>Specify target architecture. May be <emphasis role="bold">selinux</emphasis> or <emphasis role="bold">xen</emphasis> (default: <emphasis role="bold">selinux</emphasis>)</para></listitem> |
| 51 | </varlistentry> |
Steve Lawrence | b19eafb | 2014-08-26 08:02:58 -0400 | [diff] [blame] | 52 | |
Richard Haines | c2c2bd3 | 2015-02-25 14:00:04 +0000 | [diff] [blame] | 53 | <varlistentry> |
| 54 | <term><option>-M, --mls true|false</option></term> |
| 55 | <listitem><para>Build an mls policy. Must be <emphasis role="bold">true</emphasis> or <emphasis role="bold">false</emphasis>. This will override the <emphasis role="bold">(mls <emphasis role="italic">boolean</emphasis></emphasis><emphasis role="bold">)</emphasis> statement if present in the policy.</para></listitem> |
| 56 | </varlistentry> |
Steve Lawrence | b19eafb | 2014-08-26 08:02:58 -0400 | [diff] [blame] | 57 | |
Richard Haines | c2c2bd3 | 2015-02-25 14:00:04 +0000 | [diff] [blame] | 58 | <varlistentry> |
| 59 | <term><option>-c, --policyvers=<version></option></term> |
| 60 | <listitem><para>Build a binary policy with a given <emphasis role="italic">version</emphasis> (default: depends on the systems SELinux policy <emphasis role="italic">version</emphasis>, see <citerefentry><refentrytitle>sestatus</refentrytitle><manvolnum>8</manvolnum></citerefentry>)</para></listitem> |
| 61 | </varlistentry> |
Steve Lawrence | b19eafb | 2014-08-26 08:02:58 -0400 | [diff] [blame] | 62 | |
Richard Haines | c2c2bd3 | 2015-02-25 14:00:04 +0000 | [diff] [blame] | 63 | <varlistentry> |
| 64 | <term><option>-U, --handle-unknown=<action></option></term> |
| 65 | <listitem><para>How to handle unknown classes or permissions. May be <emphasis role="bold">deny</emphasis>, <emphasis role="bold">allow</emphasis>, or <emphasis role="bold">reject</emphasis> (default: <emphasis role="bold">deny</emphasis>). This will override the <emphasis role="bold">(handleunknown <emphasis role="italic">action</emphasis></emphasis><emphasis role="bold">)</emphasis> statement if present in the policy.</para></listitem> |
| 66 | </varlistentry> |
Steve Lawrence | b19eafb | 2014-08-26 08:02:58 -0400 | [diff] [blame] | 67 | |
Richard Haines | c2c2bd3 | 2015-02-25 14:00:04 +0000 | [diff] [blame] | 68 | <varlistentry> |
| 69 | <term><option>-D, --disable-dontaudit</option></term> |
| 70 | <listitem><para>Do not add <emphasis role="bold">dontaudit</emphasis> rules to the binary policy.</para></listitem> |
| 71 | </varlistentry> |
Steve Lawrence | b19eafb | 2014-08-26 08:02:58 -0400 | [diff] [blame] | 72 | |
Richard Haines | c2c2bd3 | 2015-02-25 14:00:04 +0000 | [diff] [blame] | 73 | <varlistentry> |
| 74 | <term><option>-P, --preserve-tunables</option></term> |
| 75 | <listitem><para>Treat tunables as booleans.</para></listitem> |
| 76 | </varlistentry> |
Steve Lawrence | b19eafb | 2014-08-26 08:02:58 -0400 | [diff] [blame] | 77 | |
Richard Haines | c2c2bd3 | 2015-02-25 14:00:04 +0000 | [diff] [blame] | 78 | <varlistentry> |
| 79 | <term><option>-N, --disable-neverallow</option></term> |
| 80 | <listitem><para>Do not check <emphasis role="bold">neverallow</emphasis> rules.</para></listitem> |
| 81 | </varlistentry> |
Steve Lawrence | b19eafb | 2014-08-26 08:02:58 -0400 | [diff] [blame] | 82 | |
Richard Haines | c2c2bd3 | 2015-02-25 14:00:04 +0000 | [diff] [blame] | 83 | <varlistentry> |
| 84 | <term><option>-v, --verbose</option></term> |
| 85 | <listitem><para>Increment verbosity level.</para></listitem> |
| 86 | </varlistentry> |
Steve Lawrence | b19eafb | 2014-08-26 08:02:58 -0400 | [diff] [blame] | 87 | |
Richard Haines | c2c2bd3 | 2015-02-25 14:00:04 +0000 | [diff] [blame] | 88 | <varlistentry> |
| 89 | <term><option>-h, --help</option></term> |
| 90 | <listitem><para>Display usage information.</para></listitem> |
| 91 | </varlistentry> |
| 92 | </variablelist> |
Steve Lawrence | b19eafb | 2014-08-26 08:02:58 -0400 | [diff] [blame] | 93 | </refsect1> |
| 94 | |
| 95 | <refsect1 id="see_also"><title>SEE ALSO</title> |
| 96 | <para> |
| 97 | <simplelist type="inline"> |
| 98 | <member><citerefentry> |
| 99 | <refentrytitle>file_contexts</refentrytitle> |
| 100 | <manvolnum>5</manvolnum> |
| 101 | </citerefentry></member> |
| 102 | <member><citerefentry> |
| 103 | <refentrytitle>sestatus</refentrytitle> |
| 104 | <manvolnum>8</manvolnum> |
| 105 | </citerefentry></member> |
| 106 | </simplelist> |
| 107 | </para> |
| 108 | <para>HTML documentation describing the CIL language statements is available starting with <emphasis role="italic">docs/html/index.html</emphasis>.</para> |
| 109 | <para>PDF documentation describing the CIL language statements is available at: <emphasis role="italic">docs/pdf/CIL_Reference_Guide.pdf</emphasis>.</para> |
Richard Haines | c2c2bd3 | 2015-02-25 14:00:04 +0000 | [diff] [blame] | 110 | <para>There is a CIL Design Wiki at: <ulink url="http://github.com/SELinuxProject/cil/wiki"></ulink> that describes the goals and features of the CIL language.</para> |
Steve Lawrence | b19eafb | 2014-08-26 08:02:58 -0400 | [diff] [blame] | 111 | </refsect1> |
| 112 | </refentry> |
| 113 | |