RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux/secilc/docs/cil_network_labeling_statem...

229 lines
7.5 KiB
Markdown
Raw Normal View History

secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 20:13:27 +00:00
Network Labeling Statements
===========================
ipaddr
------
Declares a named IP address in IPv4 or IPv6 format that may be referenced by other CIL statements (i.e. [`netifcon`](cil_network_labeling_statements.md#netifcon)).
Notes:
- CIL statements utilising an IP address may reference a named IP address or use an anonymous address, the examples will show each option.
- IP Addresses may be declared without a previous declaration by enclosing within parentheses e.g. `(127.0.0.1)` or `(::1)`.
**Statement definition:**
secilc/docs: use fenced code blocks for cil examples Also fixes the occasional missing brackets as higlighted by my editor, however the individual examples where not reviewed much closer. secilc was chosen as language name because the compiler is named secilc and outside of SELinux the name cil is less searchable and could lead to confusion. Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
2021-02-10 15:58:52 +00:00
```secil
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 20:13:27 +00:00
(ipaddr ipaddr_id ip_address)
secilc/docs: use fenced code blocks for cil examples Also fixes the occasional missing brackets as higlighted by my editor, however the individual examples where not reviewed much closer. secilc was chosen as language name because the compiler is named secilc and outside of SELinux the name cil is less searchable and could lead to confusion. Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
2021-02-10 15:58:52 +00:00
```
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 20:13:27 +00:00
**Where:**
<table>
<colgroup>
<col width="25%" />
<col width="75%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><code>ipaddr</code></p></td>
<td align="left"><p>The <code>ipaddr</code> keyword.</p></td>
</tr>
<tr class="even">
<td align="left"><p><code>ipaddr_id</code></p></td>
<td align="left"><p>The IP address identifier.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><code>ip_address</code></p></td>
<td align="left"><p>A correctly formatted IP address in IPv4 or IPv6 format.</p></td>
</tr>
</tbody>
</table>
**Example:**
This example declares a named IP address and also passes an 'explicit anonymously declared' IP address to a macro:
secilc/docs: use fenced code blocks for cil examples Also fixes the occasional missing brackets as higlighted by my editor, however the individual examples where not reviewed much closer. secilc was chosen as language name because the compiler is named secilc and outside of SELinux the name cil is less searchable and could lead to confusion. Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
2021-02-10 15:58:52 +00:00
```secil
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 20:13:27 +00:00
(ipaddr netmask_1 255.255.255.0)
secilc/docs: use fenced code blocks for cil examples Also fixes the occasional missing brackets as higlighted by my editor, however the individual examples where not reviewed much closer. secilc was chosen as language name because the compiler is named secilc and outside of SELinux the name cil is less searchable and could lead to confusion. Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
2021-02-10 15:58:52 +00:00
(context netlabel_1 (system.user object_r unconfined.object low_low))
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 20:13:27 +00:00
(call build_nodecon ((192.168.1.64) netmask_1))
(macro build_nodecon ((ipaddr ARG1) (ipaddr ARG2))
(nodecon ARG1 ARG2 netlabel_1))
secilc/docs: use fenced code blocks for cil examples Also fixes the occasional missing brackets as higlighted by my editor, however the individual examples where not reviewed much closer. secilc was chosen as language name because the compiler is named secilc and outside of SELinux the name cil is less searchable and could lead to confusion. Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
2021-02-10 15:58:52 +00:00
```
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 20:13:27 +00:00
netifcon
--------
Label network interface objects (e.g. `eth0`).
**Statement definition:**
secilc/docs: use fenced code blocks for cil examples Also fixes the occasional missing brackets as higlighted by my editor, however the individual examples where not reviewed much closer. secilc was chosen as language name because the compiler is named secilc and outside of SELinux the name cil is less searchable and could lead to confusion. Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
2021-02-10 15:58:52 +00:00
```secil
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 20:13:27 +00:00
(netifcon netif_name netif_context_id packet_context_id)
secilc/docs: use fenced code blocks for cil examples Also fixes the occasional missing brackets as higlighted by my editor, however the individual examples where not reviewed much closer. secilc was chosen as language name because the compiler is named secilc and outside of SELinux the name cil is less searchable and could lead to confusion. Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
2021-02-10 15:58:52 +00:00
```
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 20:13:27 +00:00
**Where:**
<table>
<colgroup>
<col width="25%" />
<col width="75%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><code>netifcon</code></p></td>
<td align="left"><p>The <code>netifcon</code> keyword.</p></td>
</tr>
<tr class="even">
<td align="left"><p><code>netif_name</code></p></td>
<td align="left"><p>The network interface name (e.g. <code>wlan0</code>).</p></td>
</tr>
<tr class="odd">
<td align="left"><p><code>netif_context_id</code></p></td>
<td align="left"><p>The security context to be allocated to the network interface.</p>
<p>A previously declared <code>context</code> identifier or an anonymous security context (<code>user role type levelrange</code>), the range MUST be defined whether the policy is MLS/MCS enabled or not.</p></td>
</tr>
<tr class="even">
<td align="left"><p><code>packet_context_id</code></p></td>
<td align="left"><p>The security context to be allocated to packets. Note that these are defined but currently unused as the <strong><code>iptables</code></strong><code>(8)</code> SECMARK services should be used to label packets.</p>
<p>A previously declared <code>context</code> identifier or an anonymous security context (<code>user role type levelrange</code>), the range MUST be defined whether the policy is MLS/MCS enabled or not.</p></td>
</tr>
</tbody>
</table>
**Examples:**
These examples show named and anonymous [`netifcon`](cil_network_labeling_statements.md#netifcon) statements:
secilc/docs: use fenced code blocks for cil examples Also fixes the occasional missing brackets as higlighted by my editor, however the individual examples where not reviewed much closer. secilc was chosen as language name because the compiler is named secilc and outside of SELinux the name cil is less searchable and could lead to confusion. Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
2021-02-10 15:58:52 +00:00
```secil
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 20:13:27 +00:00
(context context_1 (unconfined.user object_r unconfined.object low_low))
(context context_2 (unconfined.user object_r unconfined.object (systemlow level_2)))
(netifcon eth0 context_1 (unconfined.user object_r unconfined.object levelrange_1))
(netifcon eth1 context_1 (unconfined.user object_r unconfined.object ((s0) level_1)))
(netifcon eth3 context_1 context_2)
secilc/docs: use fenced code blocks for cil examples Also fixes the occasional missing brackets as higlighted by my editor, however the individual examples where not reviewed much closer. secilc was chosen as language name because the compiler is named secilc and outside of SELinux the name cil is less searchable and could lead to confusion. Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
2021-02-10 15:58:52 +00:00
```
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 20:13:27 +00:00
nodecon
-------
Label network address objects that represent IPv4 or IPv6 IP addresses and network masks.
IP Addresses may be declared without a previous declaration by enclosing within parentheses e.g. `(127.0.0.1)` or `(::1)`.
**Statement definition:**
secilc/docs: use fenced code blocks for cil examples Also fixes the occasional missing brackets as higlighted by my editor, however the individual examples where not reviewed much closer. secilc was chosen as language name because the compiler is named secilc and outside of SELinux the name cil is less searchable and could lead to confusion. Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
2021-02-10 15:58:52 +00:00
```secil
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 20:13:27 +00:00
(nodecon subnet_id netmask_id context_id)
secilc/docs: use fenced code blocks for cil examples Also fixes the occasional missing brackets as higlighted by my editor, however the individual examples where not reviewed much closer. secilc was chosen as language name because the compiler is named secilc and outside of SELinux the name cil is less searchable and could lead to confusion. Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
2021-02-10 15:58:52 +00:00
```
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 20:13:27 +00:00
**Where:**
<table>
<colgroup>
<col width="25%" />
<col width="75%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><code>nodecon</code></p></td>
<td align="left"><p>The <code>nodecon</code> keyword.</p></td>
</tr>
<tr class="even">
<td align="left"><p><code>subnet_id</code></p></td>
<td align="left"><p>A previously declared <code>ipaddr</code> identifier, or an anonymous IPv4 or IPv6 formatted address.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><code>netmask_id</code></p></td>
<td align="left"><p>A previously declared <code>ipaddr</code> identifier, or an anonymous IPv4 or IPv6 formatted address.</p></td>
</tr>
<tr class="even">
<td align="left"><p><code>context_id</code></p></td>
<td align="left"><p>A previously declared <code>context</code> identifier or an anonymous security context (<code>user role type levelrange</code>), the range MUST be defined whether the policy is MLS/MCS enabled or not.</p></td>
</tr>
</tbody>
</table>
**Examples:**
These examples show named and anonymous [`nodecon`](cil_network_labeling_statements.md#nodecon) statements:
secilc/docs: use fenced code blocks for cil examples Also fixes the occasional missing brackets as higlighted by my editor, however the individual examples where not reviewed much closer. secilc was chosen as language name because the compiler is named secilc and outside of SELinux the name cil is less searchable and could lead to confusion. Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
2021-02-10 15:58:52 +00:00
```secil
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 20:13:27 +00:00
(context context_1 (unconfined.user object_r unconfined.object low_low))
(context context_2 (unconfined.user object_r unconfined.object (systemlow level_2)))
cil_network_labeling_statements: fixes nodecon examples The order of the subnet and netmask is wrong and also the value of netmask is wrong for single address subnet Use an ipaddr reserved for documentation: https://tools.ietf.org/html/rfc5737 Add ipv6 example: https://tools.ietf.org/html/rfc3849 Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2020-09-08 08:53:29 +00:00
(ipaddr netmask_1 255.255.255.255)
(ipaddr ipv4_1 192.0.2.64)
(nodecon ipv4_1 netmask_1 context_2)
(nodecon (192.0.2.64) (255.255.255.255) context_1)
(nodecon (192.0.2.64) netmask_1 (unconfined.user object_r unconfined.object ((s0) (s0 (c0)))))
(context context_3 (sys.id sys.role my48prefix.node ((s0)(s0))))
(ipaddr netmask_2 ffff:ffff:ffff:0:0:0:0:0)
(ipaddr ipv6_2 2001:db8:1:0:0:0:0:0)
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 20:13:27 +00:00
cil_network_labeling_statements: fixes nodecon examples The order of the subnet and netmask is wrong and also the value of netmask is wrong for single address subnet Use an ipaddr reserved for documentation: https://tools.ietf.org/html/rfc5737 Add ipv6 example: https://tools.ietf.org/html/rfc3849 Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2020-09-08 08:53:29 +00:00
(nodecon ipv6_2 netmask_2 context_3)
(nodecon (2001:db8:1:0:0:0:0:0) (ffff:ffff:ffff:0:0:0:0:0) context_3)
(nodecon (2001:db8:1:0:0:0:0:0) netmask_2 (sys.id sys.role my48prefix.node ((s0)(s0))))
secilc/docs: use fenced code blocks for cil examples Also fixes the occasional missing brackets as higlighted by my editor, however the individual examples where not reviewed much closer. secilc was chosen as language name because the compiler is named secilc and outside of SELinux the name cil is less searchable and could lead to confusion. Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
2021-02-10 15:58:52 +00:00
```
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 20:13:27 +00:00
portcon
-------
selinux: Add support for the SCTP portcon keyword Update libsepol, checkpolicy and the CIL compiler to support the SCTP portcon keyword. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2018-03-11 16:22:55 +00:00
Label a udp, tcp, dccp or sctp port.
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 20:13:27 +00:00
**Statement definition:**
secilc/docs: use fenced code blocks for cil examples Also fixes the occasional missing brackets as higlighted by my editor, however the individual examples where not reviewed much closer. secilc was chosen as language name because the compiler is named secilc and outside of SELinux the name cil is less searchable and could lead to confusion. Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
2021-02-10 15:58:52 +00:00
```secil
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 20:13:27 +00:00
(portcon protocol port|(port_low port_high) context_id)
secilc/docs: use fenced code blocks for cil examples Also fixes the occasional missing brackets as higlighted by my editor, however the individual examples where not reviewed much closer. secilc was chosen as language name because the compiler is named secilc and outside of SELinux the name cil is less searchable and could lead to confusion. Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
2021-02-10 15:58:52 +00:00
```
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 20:13:27 +00:00
**Where:**
<table>
<colgroup>
<col width="25%" />
<col width="75%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><code>portcon</code></p></td>
<td align="left"><p>The <code>portcon</code> keyword.</p></td>
</tr>
<tr class="even">
<td align="left"><p><code>protocol</code></p></td>
selinux: Add support for the SCTP portcon keyword Update libsepol, checkpolicy and the CIL compiler to support the SCTP portcon keyword. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2018-03-11 16:22:55 +00:00
<td align="left"><p>The protocol keyword <code>tcp</code>, <code>udp</code>, <code>dccp</code> or <code>sctp</code>.</p></td>
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 20:13:27 +00:00
</tr>
<tr class="odd">
<td align="left"><p><code>port |</code></p>
<p><code>(port_low port_high)</code></p></td>
<td align="left"><p>A single port to apply the context, or a range of ports.</p>
<p>The entries must consist of numerics <code>[0-9]</code>.</p></td>
</tr>
<tr class="even">
<td align="left"><p><code>context_id</code></p></td>
<td align="left"><p>A previously declared <code>context</code> identifier or an anonymous security context (<code>user role type levelrange</code>), the range MUST be defined whether the policy is MLS/MCS enabled or not.</p></td>
</tr>
</tbody>
</table>
**Examples:**
These examples show named and anonymous [`portcon`](cil_network_labeling_statements.md#portcon) statements:
secilc/docs: use fenced code blocks for cil examples Also fixes the occasional missing brackets as higlighted by my editor, however the individual examples where not reviewed much closer. secilc was chosen as language name because the compiler is named secilc and outside of SELinux the name cil is less searchable and could lead to confusion. Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
2021-02-10 15:58:52 +00:00
```secil
secilc/docs: Convert DocBook documentation into github markdown Converting to github markdown allows for easier integration with the SELinux project wiki and viewing of documentation directly on github without creating PDFs or reading through DocBook XML. The conversion of DocBook to github markdown would not format tables or keyword links properly. By maintaining the documentation in github markdown in the repository, the content is well formatted with a table of contents when viewing in the github wiki or in the repository. The migration from DocBook to github markdown was done using Pandoc and manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook conversion were added back. An introduction and design philosphy was also pulled from the SELinux project wiki to provide more cohesion to the current documentation. Running make will now convert the github markdown into PDF and HTML. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-12-15 20:13:27 +00:00
(portcon tcp 1111 (unconfined.user object_r unconfined.object ((s0) (s0 (c0)))))
(portcon tcp 2222 (unconfined.user object_r unconfined.object levelrange_2))
(portcon tcp 3333 (unconfined.user object_r unconfined.object levelrange_1))
(portcon udp 4444 (unconfined.user object_r unconfined.object ((s0) level_2)))
(portcon tcp (2000 20000) (unconfined.user object_r unconfined.object (systemlow level_3)))
selinux: Add support for portcon dccp protocol This adds CIL and checkpolicy support for the (portcon dccp ...) statement. The kernel already handles name_bind and name_connect permissions for the dccp_socket class. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-04-06 11:44:35 +00:00
(portcon dccp (6840 6880) (unconfined.user object_r unconfined.object ((s0) level_2)))
selinux: Add support for the SCTP portcon keyword Update libsepol, checkpolicy and the CIL compiler to support the SCTP portcon keyword. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2018-03-11 16:22:55 +00:00
(portcon sctp (1024 1035) (unconfined.user object_r unconfined.object ((s0) level_2)))
secilc/docs: use fenced code blocks for cil examples Also fixes the occasional missing brackets as higlighted by my editor, however the individual examples where not reviewed much closer. secilc was chosen as language name because the compiler is named secilc and outside of SELinux the name cil is less searchable and could lead to confusion. Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
2021-02-10 15:58:52 +00:00
```