oracular (8) secilc.8.gz

Provided by: secilc_3.5-1_amd64 bug

NAME

       secilc - invoke the SELinux Common Intermediate Language (CIL) Compiler

SYNOPSIS

       secilc [OPTION...] file

DESCRIPTION

       secilc invokes the CIL compiler with the specified arguments to build a kernel binary
       policy. A file_contexts file will also be built as described in the FILE FORMAT section of
       file_contexts(5).

OPTIONS

       -o, --output=<file>
           Write binary policy to file (default: policy.version)

       -f, --filecontext=<file>
           Write file contexts to file (default: file_contexts)

       -t, --target=<type>
           Specify target architecture. May be selinux or xen (default: selinux)

       -M, --mls true|false
           Build an mls policy. Must be true or false. This will override the (mls boolean)
           statement if present in the policy.

       -c, --policyvers=<version>
           Build a binary policy with a given version (default: depends on the systems SELinux
           policy version, see sestatus(8))

       -U, --handle-unknown=<action>
           How to handle unknown classes or permissions. May be deny, allow, or reject (default:
           deny). This will override the (handleunknown action) statement if present in the
           policy.

       -D, --disable-dontaudit
           Do not add dontaudit rules to the binary policy.

       -P, --preserve-tunables
           Treat tunables as booleans.

       -Q, --qualified-names
           Allow names containing dots (qualified names). Blocks, blockinherits, blockabstracts,
           and in-statements will not be allowed.

       -m, --multiple-decls
           Allow some statements to be re-declared.

       -N, --disable-neverallow
           Do not check neverallow rules.

       -G, --expand-generated
           Expand and remove auto-generated attributes

       -X, --attrs-size <size>
           Expand type attributes with fewer than <SIZE> members.

       -O, --optimize
           Optimize final policy (remove redundant rules).

       -v, --verbose
           Increment verbosity level.

       -h, --help
           Display usage information.

SEE ALSO

       file_contexts(5), sestatus(8)

       HTML documentation describing the CIL language statements is available starting with
       docs/html/index.html.

       PDF documentation describing the CIL language statements is available at:
       docs/pdf/CIL_Reference_Guide.pdf.

       There is a CIL Design Wiki at: http://github.com/SELinuxProject/cil/wiki that describes
       the goals and features of the CIL language.

AUTHOR

       Richard Haines