Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / selinux / refs/tags/fp2-sibon-18.04.1 / . / secilc / secilc.8.xml
blob: 9e2670b19a81021a99a6cd2f0a382d53f1f84456 [file] [log] [blame]
Steve Lawrenceb19eafb2014-08-26 08:02:58 -0400[diff] [blame]1<?xml version="1.0" encoding="UTF-8"?>
2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4
5<refentry>
6 <refentryinfo>
7 <author>
8 <firstname>Richard</firstname><surname>Haines</surname><contrib></contrib>
9 </author>
10 </refentryinfo>
11
12 <refmeta>
13 <refentrytitle>SECILC</refentrytitle>
14 <manvolnum>8</manvolnum>
Richard Hainesc2c2bd32015-02-25 14:00:04 +0000[diff] [blame]15 <refmiscinfo class="date">18 February 2015</refmiscinfo>
Steve Lawrenceb19eafb2014-08-26 08:02:58 -0400[diff] [blame]16 <refmiscinfo class="source">secilc</refmiscinfo>
17 <refmiscinfo class="manual">SELinux CIL Compiler</refmiscinfo>
18 </refmeta>
19 <refnamediv id="name">
20 <refname>secilc</refname>
21 <refpurpose>invoke the SELinux Common Intermediate Language (CIL) Compiler</refpurpose>
22 </refnamediv>
23
24 <refsynopsisdiv id="synopsis">
25 <cmdsynopsis>
26 <command>secilc</command>
27 <arg choice="opt" rep="repeat"><replaceable>OPTION</replaceable></arg>
28 <arg choice="plain"><replaceable>file</replaceable></arg>
29 </cmdsynopsis>
30 </refsynopsisdiv>
31
32 <refsect1 id="description"><title>DESCRIPTION</title>
33 <para><emphasis role="italic">secilc</emphasis> invokes the CIL compiler with the specified <emphasis role="italic">argument</emphasis>s to build a kernel binary policy. A <emphasis role="bold">file_contexts</emphasis> file will also be built as described in the <emphasis role="bold">FILE FORMAT</emphasis> section of <citerefentry><refentrytitle>file_contexts</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
34 </refsect1>
35
36 <refsect1 id="options"><title>OPTIONS</title>
Richard Hainesc2c2bd32015-02-25 14:00:04 +0000[diff] [blame]37 <variablelist>
38 <varlistentry>
39 <term><option>-o, --output=&lt;file></option></term>
40 <listitem><para>Write binary policy to <emphasis role="italic">file</emphasis> (default: policy.<emphasis role="italic">version</emphasis>)</para></listitem>
41 </varlistentry>
Steve Lawrenceb19eafb2014-08-26 08:02:58 -0400[diff] [blame]42
Richard Hainesc2c2bd32015-02-25 14:00:04 +0000[diff] [blame]43 <varlistentry>
44 <term><option>-f, --filecontext=&lt;file></option></term>
45 <listitem><para>Write file contexts to <emphasis role="italic">file</emphasis> (default: <emphasis role="bold">file_contexts</emphasis>)</para></listitem>
46 </varlistentry>
Steve Lawrenceb19eafb2014-08-26 08:02:58 -0400[diff] [blame]47
Richard Hainesc2c2bd32015-02-25 14:00:04 +0000[diff] [blame]48 <varlistentry>
49 <term><option>-t, --target=&lt;type></option></term>
50 <listitem><para>Specify target architecture. May be <emphasis role="bold">selinux</emphasis> or <emphasis role="bold">xen</emphasis> (default: <emphasis role="bold">selinux</emphasis>)</para></listitem>
51 </varlistentry>
Steve Lawrenceb19eafb2014-08-26 08:02:58 -0400[diff] [blame]52
Richard Hainesc2c2bd32015-02-25 14:00:04 +0000[diff] [blame]53 <varlistentry>
54 <term><option>-M, --mls true|false</option></term>
55 <listitem><para>Build an mls policy. Must be <emphasis role="bold">true</emphasis> or <emphasis role="bold">false</emphasis>. This will override the <emphasis role="bold">(mls <emphasis role="italic">boolean</emphasis></emphasis><emphasis role="bold">)</emphasis> statement if present in the policy.</para></listitem>
56 </varlistentry>
Steve Lawrenceb19eafb2014-08-26 08:02:58 -0400[diff] [blame]57
Richard Hainesc2c2bd32015-02-25 14:00:04 +0000[diff] [blame]58 <varlistentry>
59 <term><option>-c, --policyvers=&lt;version></option></term>
60 <listitem><para>Build a binary policy with a given <emphasis role="italic">version</emphasis> (default: depends on the systems SELinux policy <emphasis role="italic">version</emphasis>, see <citerefentry><refentrytitle>sestatus</refentrytitle><manvolnum>8</manvolnum></citerefentry>)</para></listitem>
61 </varlistentry>
Steve Lawrenceb19eafb2014-08-26 08:02:58 -0400[diff] [blame]62
Richard Hainesc2c2bd32015-02-25 14:00:04 +0000[diff] [blame]63 <varlistentry>
64 <term><option>-U, --handle-unknown=&lt;action></option></term>
65 <listitem><para>How to handle unknown classes or permissions. May be <emphasis role="bold">deny</emphasis>, <emphasis role="bold">allow</emphasis>, or <emphasis role="bold">reject</emphasis> (default: <emphasis role="bold">deny</emphasis>). This will override the <emphasis role="bold">(handleunknown <emphasis role="italic">action</emphasis></emphasis><emphasis role="bold">)</emphasis> statement if present in the policy.</para></listitem>
66 </varlistentry>
Steve Lawrenceb19eafb2014-08-26 08:02:58 -0400[diff] [blame]67
Richard Hainesc2c2bd32015-02-25 14:00:04 +0000[diff] [blame]68 <varlistentry>
69 <term><option>-D, --disable-dontaudit</option></term>
70 <listitem><para>Do not add <emphasis role="bold">dontaudit</emphasis> rules to the binary policy.</para></listitem>
71 </varlistentry>
Steve Lawrenceb19eafb2014-08-26 08:02:58 -0400[diff] [blame]72
Richard Hainesc2c2bd32015-02-25 14:00:04 +0000[diff] [blame]73 <varlistentry>
74 <term><option>-P, --preserve-tunables</option></term>
75 <listitem><para>Treat tunables as booleans.</para></listitem>
76 </varlistentry>
Steve Lawrenceb19eafb2014-08-26 08:02:58 -0400[diff] [blame]77
Richard Hainesc2c2bd32015-02-25 14:00:04 +0000[diff] [blame]78 <varlistentry>
79 <term><option>-N, --disable-neverallow</option></term>
80 <listitem><para>Do not check <emphasis role="bold">neverallow</emphasis> rules.</para></listitem>
81 </varlistentry>
Steve Lawrenceb19eafb2014-08-26 08:02:58 -0400[diff] [blame]82
Richard Hainesc2c2bd32015-02-25 14:00:04 +0000[diff] [blame]83 <varlistentry>
84 <term><option>-v, --verbose</option></term>
85 <listitem><para>Increment verbosity level.</para></listitem>
86 </varlistentry>
Steve Lawrenceb19eafb2014-08-26 08:02:58 -0400[diff] [blame]87
Richard Hainesc2c2bd32015-02-25 14:00:04 +0000[diff] [blame]88 <varlistentry>
89 <term><option>-h, --help</option></term>
90 <listitem><para>Display usage information.</para></listitem>
91 </varlistentry>
92 </variablelist>
Steve Lawrenceb19eafb2014-08-26 08:02:58 -0400[diff] [blame]93 </refsect1>
94
95 <refsect1 id="see_also"><title>SEE ALSO</title>
96 <para>
97 <simplelist type="inline">
98 <member><citerefentry>
99 <refentrytitle>file_contexts</refentrytitle>
100 <manvolnum>5</manvolnum>
101 </citerefentry></member>
102 <member><citerefentry>
103 <refentrytitle>sestatus</refentrytitle>
104 <manvolnum>8</manvolnum>
105 </citerefentry></member>
106 </simplelist>
107 </para>
108 <para>HTML documentation describing the CIL language statements is available starting with <emphasis role="italic">docs/html/index.html</emphasis>.</para>
109 <para>PDF documentation describing the CIL language statements is available at: <emphasis role="italic">docs/pdf/CIL_Reference_Guide.pdf</emphasis>.</para>
Richard Hainesc2c2bd32015-02-25 14:00:04 +0000[diff] [blame]110 <para>There is a CIL Design Wiki at: <ulink url="http://github.com/SELinuxProject/cil/wiki"></ulink> that describes the goals and features of the CIL language.</para>
Steve Lawrenceb19eafb2014-08-26 08:02:58 -0400[diff] [blame]111 </refsect1>
112</refentry>
113