2005-10-10 21:02:49 +00:00
|
|
|
1) Reference Policy make targets:
|
|
|
|
|
|
|
|
General Make targets:
|
|
|
|
|
|
|
|
install-src Install the policy sources into
|
|
|
|
/etc/selinux/NAME/src/policy, where NAME is defined in
|
|
|
|
the Makefile. If not defined, the TYPE, as defined in
|
|
|
|
the Makefile, is used. The default NAME is refpolicy.
|
|
|
|
A pre-existing source policy will be moved to
|
|
|
|
/etc/selinux/NAME/src/policy.bak.
|
|
|
|
|
|
|
|
conf Regenerate policy.xml, and update/create modules.conf
|
|
|
|
and booleans.conf. This should be done after adding
|
|
|
|
or removing modules, or after running the bare target.
|
|
|
|
If the configuration files exist, their settings will
|
|
|
|
be preserved. This must be ran on policy sources that
|
|
|
|
are checked out from the CVS repository before they can
|
|
|
|
be used.
|
|
|
|
|
|
|
|
clean Delete all temporary files, compiled policies,
|
|
|
|
and file_contexts. Configuration files are left intact.
|
|
|
|
|
|
|
|
bare Do the clean make target and also delete configuration
|
|
|
|
files, web page documentation, and policy.xml.
|
|
|
|
|
|
|
|
html Regenerate policy.xml and create web page documentation
|
|
|
|
in the doc/html directory.
|
|
|
|
|
|
|
|
Make targets specific to modular (loadable modules) policies:
|
|
|
|
|
|
|
|
base Compile and package the base module. This is the
|
|
|
|
default target for modular policies.
|
|
|
|
|
|
|
|
modules Compile and package all Reference Policy modules
|
|
|
|
configured to be built as loadable modules.
|
|
|
|
|
|
|
|
MODULENAME.pp Compile and package the MODULENAME Reference Policy
|
|
|
|
module.
|
|
|
|
|
|
|
|
Make targets specific to monolithic policies:
|
|
|
|
|
|
|
|
policy Compile a policy locally for development and testing.
|
|
|
|
This is the default target for monolithic policies.
|
|
|
|
|
|
|
|
install Compile and install the policy and file contexts.
|
|
|
|
|
|
|
|
load Compile and install the policy and file contexts, then
|
|
|
|
load the policy.
|
|
|
|
|
|
|
|
enableaudit Remove all dontaudit rules from policy.conf.
|
|
|
|
|
|
|
|
relabel Relabel the filesystem.
|
|
|
|
|
|
|
|
checklabels Check the labels on the filesystem, and report when
|
|
|
|
a file would be relabeled, but do not change its label.
|
|
|
|
|
|
|
|
restorelabels Relabel the filesystem and report each file that is
|
|
|
|
relabeled.
|
2005-10-17 20:00:33 +00:00
|
|
|
|
|
|
|
2) Reference Policy Directories
|
|
|
|
All directories relative to the root of the Reference Policy sources directory.
|
|
|
|
|
|
|
|
config/appconfig-* Application configuration files for all configurations
|
|
|
|
of the Reference Policy (targeted/strict with or without
|
|
|
|
MLS or MCS). These are used by SELinux-aware programs.
|
|
|
|
|
|
|
|
config/local.users The file read by load policy for adding SELinux users
|
|
|
|
to the policy on the fly.
|
|
|
|
|
|
|
|
doc/html/* This contains the contents of the in-policy XML
|
|
|
|
documentation, presented in web page form.
|
|
|
|
|
|
|
|
doc/policy.dtd The doc/policy.xml file is validated against this DTD.
|
|
|
|
|
|
|
|
doc/policy.xml This file is generated/updated by the conf and html make
|
|
|
|
targets. It contains the complete XML documentation
|
|
|
|
included in the policy.
|
|
|
|
|
|
|
|
doc/templates/* Templates used for documentation web pages.
|
|
|
|
|
|
|
|
policy/booleans.conf This file is generated/updated by the conf make target.
|
|
|
|
It contains the booleans in the policy, and their
|
|
|
|
default values. If tunables are implemented as
|
|
|
|
booleans, tunables will also be included. This file
|
|
|
|
will be installed as the /etc/selinux/NAME/booleans
|
|
|
|
file.
|
|
|
|
|
|
|
|
policy/constraints This file defines additional constraints on permissions
|
|
|
|
in the form of boolean expressions that must be
|
|
|
|
satisfied in order for specified permissions to be
|
|
|
|
granted. These constraints are used to further refine
|
|
|
|
the type enforcement rules and the role allow rules.
|
|
|
|
Typically, these constraints are used to restrict
|
|
|
|
changes in user identity or role to certain domains.
|
|
|
|
|
|
|
|
policy/global_booleans This file defines all booleans that have a global scope,
|
|
|
|
their default value, and documentation.
|
|
|
|
|
|
|
|
policy/global_tunables This file defines all tunables that have a global scope,
|
|
|
|
their default value, and documentation.
|
|
|
|
|
|
|
|
policy/mcs The multi-category security (MCS) configuration.
|
|
|
|
|
|
|
|
policy/mls The multi-level security (MLS) configuration.
|
|
|
|
|
|
|
|
policy/flask/initial_sids This file has declarations for each initial SID.
|
|
|
|
|
|
|
|
policy/flask/security_classes This file has declarations for each security class.
|
|
|
|
|
|
|
|
policy/flask/access_vectors This file defines the access vectors. Common
|
|
|
|
prefixes for access vectors may be defined at the
|
|
|
|
beginning of the file. After the common prefixes are
|
|
|
|
defined, an access vector may be defined for each
|
|
|
|
security class.
|
|
|
|
|
|
|
|
policy/modules/* Each directory represents a layer in Reference Policy
|
|
|
|
all of the modules are contained in one of these layers.
|
|
|
|
|
|
|
|
policy/modules.conf This file contains a listing of available modules, and
|
|
|
|
how they will be used when building Reference Policy. To
|
|
|
|
prevent a module from being used, set the module to
|
|
|
|
"off". For monolithic policies, modules set to "base"
|
|
|
|
and "module" will be included in the policy. For
|
|
|
|
modular policies, modules set to "base" will be included
|
|
|
|
in the base module; those set to "module" will be
|
|
|
|
compiled as individual loadable modules.
|
|
|
|
|
|
|
|
policy/support/* Support macros.
|
|
|
|
|
|
|
|
support/* Scripts and other tools used to help build the policy.
|