1 <?xml version="1.0" encoding="UTF-8"?> 2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML//EN" 3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> 4 5 <refentry> 6 <refentryinfo> 7 <author> 8 <firstname>Richard</firstname><surname>Haines</surname><contrib></contrib> 9 </author> 10 </refentryinfo> 11 12 <refmeta> 13 <refentrytitle>SECILC</refentrytitle> 14 <manvolnum>8</manvolnum> 15 <refmiscinfo class="date">18 February 2015</refmiscinfo> 16 <refmiscinfo class="source">secilc</refmiscinfo> 17 <refmiscinfo class="manual">SELinux CIL Compiler</refmiscinfo> 18 </refmeta> 19 <refnamediv id="name"> 20 <refname>secilc</refname> 21 <refpurpose>invoke the SELinux Common Intermediate Language (CIL) Compiler</refpurpose> 22 </refnamediv> 23 24 <refsynopsisdiv id="synopsis"> 25 <cmdsynopsis> 26 <command>secilc</command> 27 <arg choice="opt" rep="repeat"><replaceable>OPTION</replaceable></arg> 28 <arg choice="plain"><replaceable>file</replaceable></arg> 29 </cmdsynopsis> 30 </refsynopsisdiv> 31 32 <refsect1 id="description"><title>DESCRIPTION</title> 33 <para><emphasis role="italic">secilc</emphasis> invokes the CIL compiler with the specified <emphasis role="italic">argument</emphasis>s to build a kernel binary policy. A <emphasis role="bold">file_contexts</emphasis> file will also be built as described in the <emphasis role="bold">FILE FORMAT</emphasis> section of <citerefentry><refentrytitle>file_contexts</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> 34 </refsect1> 35 36 <refsect1 id="options"><title>OPTIONS</title> 37 <variablelist> 38 <varlistentry> 39 <term><option>-o, --output=<file></option></term> 40 <listitem><para>Write binary policy to <emphasis role="italic">file</emphasis> (default: policy.<emphasis role="italic">version</emphasis>)</para></listitem> 41 </varlistentry> 42 43 <varlistentry> 44 <term><option>-f, --filecontext=<file></option></term> 45 <listitem><para>Write file contexts to <emphasis role="italic">file</emphasis> (default: <emphasis role="bold">file_contexts</emphasis>)</para></listitem> 46 </varlistentry> 47 48 <varlistentry> 49 <term><option>-t, --target=<type></option></term> 50 <listitem><para>Specify target architecture. May be <emphasis role="bold">selinux</emphasis> or <emphasis role="bold">xen</emphasis> (default: <emphasis role="bold">selinux</emphasis>)</para></listitem> 51 </varlistentry> 52 53 <varlistentry> 54 <term><option>-M, --mls true|false</option></term> 55 <listitem><para>Build an mls policy. Must be <emphasis role="bold">true</emphasis> or <emphasis role="bold">false</emphasis>. This will override the <emphasis role="bold">(mls <emphasis role="italic">boolean</emphasis></emphasis><emphasis role="bold">)</emphasis> statement if present in the policy.</para></listitem> 56 </varlistentry> 57 58 <varlistentry> 59 <term><option>-c, --policyvers=<version></option></term> 60 <listitem><para>Build a binary policy with a given <emphasis role="italic">version</emphasis> (default: depends on the systems SELinux policy <emphasis role="italic">version</emphasis>, see <citerefentry><refentrytitle>sestatus</refentrytitle><manvolnum>8</manvolnum></citerefentry>)</para></listitem> 61 </varlistentry> 62 63 <varlistentry> 64 <term><option>-U, --handle-unknown=<action></option></term> 65 <listitem><para>How to handle unknown classes or permissions. May be <emphasis role="bold">deny</emphasis>, <emphasis role="bold">allow</emphasis>, or <emphasis role="bold">reject</emphasis> (default: <emphasis role="bold">deny</emphasis>). This will override the <emphasis role="bold">(handleunknown <emphasis role="italic">action</emphasis></emphasis><emphasis role="bold">)</emphasis> statement if present in the policy.</para></listitem> 66 </varlistentry> 67 68 <varlistentry> 69 <term><option>-D, --disable-dontaudit</option></term> 70 <listitem><para>Do not add <emphasis role="bold">dontaudit</emphasis> rules to the binary policy.</para></listitem> 71 </varlistentry> 72 73 <varlistentry> 74 <term><option>-P, --preserve-tunables</option></term> 75 <listitem><para>Treat tunables as booleans.</para></listitem> 76 </varlistentry> 77 78 <varlistentry> 79 <term><option>-N, --disable-neverallow</option></term> 80 <listitem><para>Do not check <emphasis role="bold">neverallow</emphasis> rules.</para></listitem> 81 </varlistentry> 82 83 <varlistentry> 84 <term><option>-v, --verbose</option></term> 85 <listitem><para>Increment verbosity level.</para></listitem> 86 </varlistentry> 87 88 <varlistentry> 89 <term><option>-h, --help</option></term> 90 <listitem><para>Display usage information.</para></listitem> 91 </varlistentry> 92 </variablelist> 93 </refsect1> 94 95 <refsect1 id="see_also"><title>SEE ALSO</title> 96 <para> 97 <simplelist type="inline"> 98 <member><citerefentry> 99 <refentrytitle>file_contexts</refentrytitle> 100 <manvolnum>5</manvolnum> 101 </citerefentry></member> 102 <member><citerefentry> 103 <refentrytitle>sestatus</refentrytitle> 104 <manvolnum>8</manvolnum> 105 </citerefentry></member> 106 </simplelist> 107 </para> 108 <para>HTML documentation describing the CIL language statements is available starting with <emphasis role="italic">docs/html/index.html</emphasis>.</para> 109 <para>PDF documentation describing the CIL language statements is available at: <emphasis role="italic">docs/pdf/CIL_Reference_Guide.pdf</emphasis>.</para> 110 <para>There is a CIL Design Wiki at: <ulink url="http://github.com/SELinuxProject/cil/wiki"></ulink> that describes the goals and features of the CIL language.</para> 111 </refsect1> 112 </refentry> 113 114
