48 lines
1.7 KiB
Diff
48 lines
1.7 KiB
Diff
From 1718f0b89648a0bf77578b05c0924daa14a7ca18 Mon Sep 17 00:00:00 2001
|
|
From: Vit Mojzis <vmojzis@redhat.com>
|
|
Date: Thu, 1 Jun 2023 16:39:14 +0200
|
|
Subject: [PATCH] checkpolicy: Add examples to man pages
|
|
|
|
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
|
|
---
|
|
checkpolicy/checkpolicy.8 | 15 +++++++++++++--
|
|
1 file changed, 13 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
|
|
index 2984c238..7843569b 100644
|
|
--- a/checkpolicy/checkpolicy.8
|
|
+++ b/checkpolicy/checkpolicy.8
|
|
@@ -12,8 +12,8 @@ command.
|
|
.PP
|
|
.B checkpolicy
|
|
is a program that checks and compiles a SELinux security policy configuration
|
|
-into a binary representation that can be loaded into the kernel. If no
|
|
-input file name is specified,
|
|
+into a binary representation that can be loaded into the kernel.
|
|
+If no input file name is specified,
|
|
.B checkpolicy
|
|
will attempt to read from policy.conf or policy, depending on whether the \-b
|
|
flag is specified.
|
|
@@ -64,6 +64,17 @@ Show version information.
|
|
.B \-h,\-\-help
|
|
Show usage information.
|
|
|
|
+.SH EXAMPLE
|
|
+.nf
|
|
+Generate policy.conf based on the system policy
|
|
+# checkpolicy -b -M -F /etc/selinux/targeted/policy/policy.33 -o policy.conf
|
|
+Recompile system policy so that unknown permissions are denied (uses policy.conf from ^^).
|
|
+Note that binary policy extension represents its version, which is subject to change
|
|
+# checkpolicy -M -U deny -o /etc/selinux/targeted/policy/policy.33 policy.conf
|
|
+# load_policy
|
|
+Generate CIL representation of current system policy
|
|
+# checkpolicy -b -M -C /etc/selinux/targeted/policy/policy.33 -o policy.out
|
|
+
|
|
.SH "SEE ALSO"
|
|
SELinux Reference Policy documentation at https://github.com/SELinuxProject/refpolicy/wiki
|
|
|
|
--
|
|
2.40.0
|
|
|