Remove references to "typealias", "categoryalias", and
sensitivityalias" as valid parameter kinds, because they are not.
Add "string" as a valid parameter kind.
Add a note that "categoryset", "level", "levelrange",
"classpermission", and "ipaddr" can be named or anonymous.
Add a note that "type", "role", and "user" can be used for attributes.
Add a note that "type", "sensitivity" and "category" can be used for
aliases.
Add a note that "string" and "name" can be used for filenames in
typetransition rules and paths in filecon rules.
Signed-off-by: James Carter <jwcart2@gmail.com>
Update the CIL documentation for the in-statement processing and
duplicate macro and block declarations with block inheritance.
Duplicate macro and block declarations are allowed if they occur as
the result of block inheritance. Document the fact that inherited
macros are overridden by any macros already declared in a
namespace and that declaring a block in a namespace that will
inherit a block with the same name can be used to allow in-statements
to be used on the block.
The new in-statement syntax still supports the old syntax but adds
the ability to specify whether the in-statement should be resolved
before or after block inheritance is resolved.
Signed-off-by: James Carter <jwcart2@gmail.com>
The listing of the order was in the macro section, but it belongs
in the call section.
Move the listing of the order to the call section and provide a
better explanation.
Signed-off-by: James Carter <jwcart2@gmail.com>
Update the documentation for macros, booleans, booleanifs, tunables,
tunableifs, blocks, blockabstracts, blockinherits, and optionals to
tell where these statements can be used and, for those that have
blocks, what statements are not allowed in them.
Signed-off-by: James Carter <jwcart2@gmail.com>
Also fixes the occasional missing brackets as higlighted by my editor,
however the individual examples where not reviewed much closer.
secilc was chosen as language name because the compiler is named secilc
and outside of SELinux the name cil is less searchable and could lead to
confusion.
Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
Some features where dropped or change since the docs were last updated.
Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Converting to github markdown allows for easier integration with the
SELinux project wiki and viewing of documentation directly on github without
creating PDFs or reading through DocBook XML.
The conversion of DocBook to github markdown would not format tables or
keyword links properly. By maintaining the documentation in github
markdown in the repository, the content is well formatted with a table of
contents when viewing in the github wiki or in the repository.
The migration from DocBook to github markdown was done using Pandoc and
manual fixups. Mappings of CIL keywords to headings that were lost in the DocBook
conversion were added back. An introduction and design philosphy was
also pulled from the SELinux project wiki to provide more cohesion
to the current documentation.
Running make will now convert the github markdown into PDF and HTML.
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>