1<?xml version="1.0" encoding="UTF-8"?>
2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML//EN"
3               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4
5<refentry>
6   <refentryinfo>
7      <author>
8         <firstname>Richard</firstname><surname>Haines</surname><contrib></contrib>
9      </author>
10   </refentryinfo>
11
12   <refmeta>
13      <refentrytitle>SECILC</refentrytitle>
14      <manvolnum>8</manvolnum>
15      <refmiscinfo class="date">18 February 2015</refmiscinfo>
16      <refmiscinfo class="source">secilc</refmiscinfo>
17      <refmiscinfo class="manual">SELinux CIL Compiler</refmiscinfo>
18   </refmeta>
19   <refnamediv id="name">
20      <refname>secilc</refname>
21      <refpurpose>invoke the SELinux Common Intermediate Language (CIL) Compiler</refpurpose>
22   </refnamediv>
23
24   <refsynopsisdiv id="synopsis">
25      <cmdsynopsis>
26        <command>secilc</command>
27          <arg choice="opt" rep="repeat"><replaceable>OPTION</replaceable></arg>
28          <arg choice="plain"><replaceable>file</replaceable></arg>
29      </cmdsynopsis>
30   </refsynopsisdiv>
31
32   <refsect1 id="description"><title>DESCRIPTION</title>
33      <para><emphasis role="italic">secilc</emphasis> invokes the CIL compiler with the specified <emphasis role="italic">argument</emphasis>s to build a kernel binary policy. A <emphasis role="bold">file_contexts</emphasis> file will also be built as described in the <emphasis role="bold">FILE FORMAT</emphasis> section of <citerefentry><refentrytitle>file_contexts</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
34   </refsect1>
35
36   <refsect1 id="options"><title>OPTIONS</title>
37      <variablelist>
38         <varlistentry>
39            <term><option>-o, --output=&lt;file></option></term>
40            <listitem><para>Write binary policy to <emphasis role="italic">file</emphasis> (default: policy.<emphasis role="italic">version</emphasis>)</para></listitem>
41         </varlistentry>
42
43         <varlistentry>
44            <term><option>-f, --filecontext=&lt;file></option></term>
45            <listitem><para>Write file contexts to <emphasis role="italic">file</emphasis> (default: <emphasis role="bold">file_contexts</emphasis>)</para></listitem>
46         </varlistentry>
47
48         <varlistentry>
49            <term><option>-t, --target=&lt;type></option></term>
50            <listitem><para>Specify target architecture. May be <emphasis role="bold">selinux</emphasis> or <emphasis role="bold">xen</emphasis> (default: <emphasis role="bold">selinux</emphasis>)</para></listitem>
51         </varlistentry>
52
53         <varlistentry>
54            <term><option>-M, --mls true|false</option></term>
55            <listitem><para>Build an mls policy. Must be <emphasis role="bold">true</emphasis> or <emphasis role="bold">false</emphasis>. This will override the <emphasis role="bold">(mls <emphasis role="italic">boolean</emphasis></emphasis><emphasis role="bold">)</emphasis> statement if present in the policy.</para></listitem>
56         </varlistentry>
57
58         <varlistentry>
59            <term><option>-c, --policyvers=&lt;version></option></term>
60            <listitem><para>Build a binary policy with a given <emphasis role="italic">version</emphasis> (default: depends on the systems SELinux policy <emphasis role="italic">version</emphasis>, see <citerefentry><refentrytitle>sestatus</refentrytitle><manvolnum>8</manvolnum></citerefentry>)</para></listitem>
61         </varlistentry>
62
63         <varlistentry>
64            <term><option>-U, --handle-unknown=&lt;action></option></term>
65            <listitem><para>How to handle unknown classes or permissions. May be <emphasis role="bold">deny</emphasis>, <emphasis role="bold">allow</emphasis>, or <emphasis role="bold">reject</emphasis> (default: <emphasis role="bold">deny</emphasis>). This will override the <emphasis role="bold">(handleunknown <emphasis role="italic">action</emphasis></emphasis><emphasis role="bold">)</emphasis> statement if present in the policy.</para></listitem>
66         </varlistentry>
67
68         <varlistentry>
69            <term><option>-D, --disable-dontaudit</option></term>
70            <listitem><para>Do not add <emphasis role="bold">dontaudit</emphasis> rules to the binary policy.</para></listitem>
71         </varlistentry>
72
73         <varlistentry>
74            <term><option>-P, --preserve-tunables</option></term>
75            <listitem><para>Treat tunables as booleans.</para></listitem>
76         </varlistentry>
77
78         <varlistentry>
79            <term><option>-m, --multiple-decls</option></term>
80            <listitem><para>Allow some statements to be re-declared.</para></listitem>
81         </varlistentry>
82
83         <varlistentry>
84            <term><option>-N, --disable-neverallow</option></term>
85            <listitem><para>Do not check <emphasis role="bold">neverallow</emphasis> rules.</para></listitem>
86         </varlistentry>
87
88         <varlistentry>
89            <term><option>-G, --expand-generated</option></term>
90            <listitem><para>Expand and remove auto-generated attributes</para></listitem>
91         </varlistentry>
92
93         <varlistentry>
94            <term><option>-X, --attrs-size &lt;size></option></term>
95            <listitem><para>Expand type attributes with fewer than <emphasis role="bold">&lt;SIZE></emphasis> members.</para></listitem>
96         </varlistentry>
97
98         <varlistentry>
99            <term><option>-O, --optimize</option></term>
100            <listitem><para>Optimize final policy (remove redundant rules).</para></listitem>
101         </varlistentry>
102
103         <varlistentry>
104            <term><option>-v, --verbose</option></term>
105            <listitem><para>Increment verbosity level.</para></listitem>
106         </varlistentry>
107
108         <varlistentry>
109            <term><option>-h, --help</option></term>
110            <listitem><para>Display usage information.</para></listitem>
111         </varlistentry>
112      </variablelist>
113   </refsect1>
114
115   <refsect1 id="see_also"><title>SEE ALSO</title>
116      <para>
117      <simplelist type="inline">
118         <member><citerefentry>
119            <refentrytitle>file_contexts</refentrytitle>
120            <manvolnum>5</manvolnum>
121         </citerefentry></member>
122         <member><citerefentry>
123            <refentrytitle>sestatus</refentrytitle>
124            <manvolnum>8</manvolnum>
125         </citerefentry></member>
126      </simplelist>
127      </para>
128      <para>HTML documentation describing the CIL language statements is available starting with <emphasis role="italic">docs/html/index.html</emphasis>.</para>
129      <para>PDF documentation describing the CIL language statements is available at: <emphasis role="italic">docs/pdf/CIL_Reference_Guide.pdf</emphasis>.</para>
130      <para>There is a CIL Design Wiki at: <ulink url="http://github.com/SELinuxProject/cil/wiki"></ulink> that describes the goals and features of the CIL language.</para>
131   </refsect1>
132</refentry>
133
134