2014-08-26 12:02:58 +00:00
|
|
|
SELinux Common Intermediate Language (CIL) Compiler
|
|
|
|
|
|
|
|
INTRODUCTION
|
|
|
|
|
|
|
|
The SELinux CIL Compiler is a compiler that converts the CIL language as
|
|
|
|
described on the CIL design wiki into a kernel binary policy file.
|
|
|
|
Please see the CIL Design Wiki at:
|
|
|
|
http://github.com/SELinuxProject/cil/wiki/
|
|
|
|
for more information about the goals and features on the CIL language.
|
|
|
|
|
|
|
|
DEPENDENCIES
|
|
|
|
|
|
|
|
gcc >= 4.5.1
|
2015-03-31 14:17:01 +00:00
|
|
|
libsepol >= 2.4
|
2014-08-26 12:02:58 +00:00
|
|
|
|
|
|
|
|
|
|
|
BUILD STEPS
|
|
|
|
|
|
|
|
Run "make" with one of the following targets:
|
|
|
|
|
|
|
|
make
|
2015-03-31 14:17:01 +00:00
|
|
|
Build the CIL compiler (secilc).
|
2014-08-26 12:02:58 +00:00
|
|
|
|
2015-03-31 14:17:01 +00:00
|
|
|
make test
|
|
|
|
Pass a sample policy to test with the compiler.
|
2014-08-26 12:02:58 +00:00
|
|
|
|
2015-03-31 14:17:01 +00:00
|
|
|
make install
|
|
|
|
Install the secilc compiler and man page to disk.
|
2014-08-26 12:02:58 +00:00
|
|
|
|
|
|
|
make clean
|
2015-03-31 14:17:01 +00:00
|
|
|
Remove temporary build files.
|
|
|
|
|
|
|
|
make man
|
|
|
|
Build the secilc man page.
|
2014-08-26 12:02:58 +00:00
|
|
|
|
|
|
|
make bare
|
2015-03-31 14:17:01 +00:00
|
|
|
Remove temporary build files and compile binaries.
|
2014-08-26 12:02:58 +00:00
|
|
|
|
|
|
|
|
|
|
|
USAGE
|
|
|
|
|
|
|
|
Execute 'secilc' with any number of CIL files as arguments. A binary policy and
|
|
|
|
file_contexts file will be created.
|
|
|
|
|
|
|
|
Use the '--help' option for more details.
|
|
|
|
|
|
|
|
|
|
|
|
DOCUMENTATION
|
|
|
|
|
|
|
|
There is a Docbook CIL Reference Guide in the docs directory, to build
|
|
|
|
this in HTML and PDF format change to the docs directory and run:
|
|
|
|
make html pdf
|
|
|
|
|
|
|
|
There is also an secilc man page that can be built with:
|
|
|
|
make man
|
|
|
|
|
|
|
|
The documents will be located in the docs/html, docs/pdf and docs/man8
|
|
|
|
directories.
|
|
|
|
|
|
|
|
To build the html and manpage the xmlto package is required.
|
|
|
|
To build the pdf document the xmlto and dblatex packages are required.
|
|
|
|
|
|
|
|
|
|
|
|
KNOWN ISSUES
|
|
|
|
|
|
|
|
- Blocks inside of macros causes undefined behavior
|
|
|
|
|
|
|
|
- Policy must be well formed. For example, invalid usage of
|
|
|
|
sensitivities/categories/levels may create an unloaded binary
|
|
|
|
|
|
|
|
- Recursive limits are not handled
|