Provided by: selinux-policy-dev_2.20230929-1_all bug

NAME

       policygentool - Interactive SELinux policy generation tool

SYNOPSIS

       policygentool [options] <Module Name> <full path for application binary file>

DESCRIPTION

       This  tool  generate  three  files for policy development, A Type Enforcement (te) file, a
       File Context (fc), and a Interface File(if).  Most of the policy rules will be written  in
       the  te  file.   Use  the File Context file to associate file paths with security context.
       Use the interface rules to allow other  protected  domains  to  interact  with  the  newly
       defined domains.

       The  tool prompts for locations of pidfiles, any logfiles, files in /var/lib, and any init
       scripts, and whether any network access is desirable for the application.  The  tool  then
       generates  the  appropriate  policy  rules  for  the  module.  After these files have been
       generated,   the   make   files   for   the   appropriate    SELinux    policy,    namely,
       /usr/share/selinux/refpolicy-targeted/include/Makefile   or  /usr/share/selinux/refpolicy-
       strict/include/Makefile can be used to compile the SELinux  policy  policy  package.   The
       resulting policy package can be loaded using semodule.

         # /usr/bin/policygentool myapp /usr/bin/myapp
         # cat >Makefile
         > HEADERDIR:=/usr/share/selinux/refpolicy-targeted/include
         > include $(HEADERDIR)/Makefile
         > ^D
         # make
         # semodule -l myapp.pp
         # restorecon -R -v /usr/bin/myapp "all files defined in myapp.fc"
         # setenforce 0
         # /etc/init.d/myapp start
         # audit2allow -R -i /var/log/audit/audit.log

OPTIONS

       -h, --help
              Print a short usage message.

FILES

       myapp.te, myapp.if, myapp.fc.

SEE ALSO

       semodule(8), check_policy(8), load_policy(8).

BUGS

       None known.

AUTHOR

       This  manual  page  was  written by Manoj Srivastava <srivasta@debian.org>, for the Debian
       GNU/Linux system.