2005-12-01 19:04:57 +00:00
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# Policy build options
|
|
|
|
#
|
|
|
|
|
|
|
|
# Policy version
|
|
|
|
# By default, checkpolicy will create the highest
|
|
|
|
# version policy it supports. Setting this will
|
|
|
|
# override the version. This only has an
|
|
|
|
# effect for monolithic policies.
|
2022-03-22 16:51:06 +00:00
|
|
|
#OUTPUT_POLICY = 33
|
2005-12-01 19:04:57 +00:00
|
|
|
|
|
|
|
# Policy Type
|
2007-10-02 16:04:50 +00:00
|
|
|
# standard, mls, mcs
|
|
|
|
TYPE = standard
|
2005-12-01 19:04:57 +00:00
|
|
|
|
|
|
|
# Policy Name
|
|
|
|
# If set, this will be used as the policy
|
|
|
|
# name. Otherwise the policy type will be
|
|
|
|
# used for the name.
|
|
|
|
NAME = refpolicy
|
|
|
|
|
|
|
|
# Distribution
|
|
|
|
# Some distributions have portions of policy
|
|
|
|
# for programs or configurations specific to the
|
|
|
|
# distribution. Setting this will enable options
|
|
|
|
# for the distribution.
|
2006-03-31 14:28:45 +00:00
|
|
|
# redhat, gentoo, debian, suse, and rhel4 are current options.
|
2005-12-01 19:04:57 +00:00
|
|
|
# Fedora users should enable redhat.
|
2005-12-07 14:58:39 +00:00
|
|
|
#DISTRO = redhat
|
2005-12-01 19:04:57 +00:00
|
|
|
|
2007-09-27 13:41:09 +00:00
|
|
|
# Unknown Permissions Handling
|
|
|
|
# The behavior for handling permissions defined in the
|
|
|
|
# kernel but missing from the policy. The permissions
|
|
|
|
# can either be allowed, denied, or the policy loading
|
|
|
|
# can be rejected.
|
|
|
|
# allow, deny, and reject are current options.
|
2014-06-19 14:48:38 +00:00
|
|
|
UNK_PERMS = deny
|
2007-09-27 13:41:09 +00:00
|
|
|
|
2005-12-01 19:04:57 +00:00
|
|
|
# Direct admin init
|
|
|
|
# Setting this will allow sysadm to directly
|
2020-06-05 13:09:56 +00:00
|
|
|
# run init scripts, instead of requiring run_init.
|
2005-12-01 19:04:57 +00:00
|
|
|
# This is a build option, as role transitions do
|
|
|
|
# not work in conditional policy.
|
2007-12-17 19:29:05 +00:00
|
|
|
DIRECT_INITRC = n
|
2005-12-01 19:04:57 +00:00
|
|
|
|
2015-10-20 19:01:23 +00:00
|
|
|
# Systemd
|
|
|
|
# Setting this will configure systemd as the init system.
|
|
|
|
SYSTEMD = n
|
|
|
|
|
2011-02-11 21:07:08 +00:00
|
|
|
# Build monolithic policy. Putting y here
|
|
|
|
# will build a monolithic policy.
|
|
|
|
MONOLITHIC = n
|
2005-12-01 19:04:57 +00:00
|
|
|
|
2008-11-05 16:10:46 +00:00
|
|
|
# User-based access control (UBAC)
|
|
|
|
# Enable UBAC for role separations.
|
|
|
|
UBAC = y
|
|
|
|
|
2010-09-30 18:53:44 +00:00
|
|
|
# Custom build options. This field enables custom
|
|
|
|
# build options. Putting foo here will enable
|
|
|
|
# build option blocks named foo. Options should be
|
|
|
|
# separated by spaces.
|
|
|
|
CUSTOM_BUILDOPT =
|
|
|
|
|
2006-10-04 17:25:34 +00:00
|
|
|
# Number of MLS Sensitivities
|
|
|
|
# The sensitivities will be s0 to s(MLS_SENS-1).
|
|
|
|
# Dominance will be in increasing numerical order
|
|
|
|
# with s0 being lowest.
|
2007-12-17 19:29:05 +00:00
|
|
|
MLS_SENS = 16
|
2006-10-04 17:25:34 +00:00
|
|
|
|
|
|
|
# Number of MLS Categories
|
|
|
|
# The categories will be c0 to c(MLS_CATS-1).
|
2010-06-28 13:04:24 +00:00
|
|
|
MLS_CATS = 1024
|
2006-10-04 17:25:34 +00:00
|
|
|
|
|
|
|
# Number of MCS Categories
|
2024-04-22 05:11:42 +00:00
|
|
|
# The categories will be c0 to c(MCS_CATS-1).
|
2010-06-28 13:04:24 +00:00
|
|
|
MCS_CATS = 1024
|
2006-10-04 17:25:34 +00:00
|
|
|
|
2006-01-26 20:35:55 +00:00
|
|
|
# Set this to y to only display status messages
|
|
|
|
# during build.
|
2007-12-17 19:29:05 +00:00
|
|
|
QUIET = n
|
2017-02-18 15:20:20 +00:00
|
|
|
|
|
|
|
# Set this to treat warnings as errors.
|
|
|
|
WERROR = n
|