secilc - Man Page

invoke the SELinux Common Intermediate Language (CIL) Compiler

secilc invokes the CIL compiler with the specified arguments to build a kernel binary policy. A file_contexts file will also be built as described in the FILE FORMAT section of file_contexts(5).

Options

-o, --output=<file>: Write binary policy to file (default: policy.version)
-f, --filecontext=<file>: Write file contexts to file (default: file_contexts)
-t, --target=<type>: Specify target architecture. May be selinux or xen (default: selinux)
-M, --mls true|false: Build an mls policy. Must be true or false. This will override the (mls boolean) statement if present in the policy.
-c, --policyvers=<version>: Build a binary policy with a given version (default: depends on the systems SELinux policy version, see sestatus(8))
-U, --handle-unknown=<action>: How to handle unknown classes or permissions. May be deny, allow, or reject (default: deny). This will override the (handleunknown action) statement if present in the policy.
-D, --disable-dontaudit: Do not add dontaudit rules to the binary policy.
-P, --preserve-tunables: Treat tunables as booleans.
-Q, --qualified-names: Allow names containing dots (qualified names). Blocks, blockinherits, blockabstracts, and in-statements will not be allowed.
-m, --multiple-decls: Allow some statements to be re-declared.
-N, --disable-neverallow: Do not check neverallow rules.
-G, --expand-generated: Expand and remove auto-generated attributes
-X, --attrs-size <size>: Expand type attributes with fewer than <SIZE> members.
-O, --optimize: Optimize final policy (remove redundant rules).
-v, --verbose: Increment verbosity level.
-h, --help: Display usage information.

Author

Richard Haines

Referenced By

secil2conf(8), secil2tree(8).

07/20/2024 SELinux CIL Compiler

secilc - Man Page

Synopsis

Description

Options

See Also

Author

Referenced By