selint - Man Page

selint [OPTIONS] FILE [...]

Perform static code analysis on SELinux policy source.

-c,  --config=CONFIGFILE

Override default config with config specified on command line.  See CONFIGURATION section for config file syntax.

--color=COLOR_OPTION

Configure color output. Options are on, off and auto (the default).

--context=CONTEXT_PATH

Recursively scan CONTEXT_PATH to find additional te and if files to parse, but not scan.  SELint will assume the scanned policy files are intended to be compiled together with the context files. are intended to be compiled together with the context files.  Implies -s.

--debug-parser

Enable debug output for the internal policy parser. Very noisy, useful to debug parsing failures.

-d,  --disable=CHECKID

Disable check with the given ID.

-e,  --enable=CHECKID

Enable check with the given ID.

-E,  --only-enabled

Only run checks that are explicitly enabled with the --enable option.

--full-path

Print full path for files.

-F,  --fail

Exit with a non-zero value if any issue was found.

-h,  --help

Display this menu.

-l,  --level=LEVEL

Only list errors with a severity level at or greater than LEVEL.  Options are C (convention), S (style), W (warning), E (error), F (fatal error).

--scan-hidden-dirs

Scan hidden directories. By default hidden directories (like '.git') are skipped in recursive mode.

-s,  --source

Run in "source mode" to scan a policy source repository that is designed to compile into a full system policy.

-S,  --summary

Display a summary of issues found after running the analysis.

--summary-only

Only display a summary of issues found after running the analysis. Do not show the individual findings.  Implies -S.

-r,  --recursive

Scan recursively and check all SELinux policy files found.

-v,  --verbose

Enable verbose output.

-V,  --version

Show version information and exit.

Report bugs at https://github.com/SELinuxProject/selint/issues

Daniel Burgener <Daniel.Burgener@microsoft.com>