secilc(8) invoke the SELinux Common Intermediate Language (CIL) Compiler

SYNOPSIS

secilc [OPTION...] file

DESCRIPTION

secilc

invokes the CIL compiler with the specified arguments to build a kernel binary policy. A file_contexts file will also be built as described in the FILE FORMAT section of file_contexts(5).

OPTIONS

-o, --output=<file>

Write binary policy to file (default: policy.version)

-f, --filecontext=<file>

Write file contexts to file (default: file_contexts)

-t, --target=<type>

Specify target architecture. May be selinux or xen (default: selinux)

-M, --mls true|false

Build an mls policy. Must be true or false. This will override the (mls boolean) statement if present in the policy.

-c, --policyvers=<version>

Build a binary policy with a given version (default: depends on the systems SELinux policy version, see sestatus(8))

-U, --handle-unknown=<action>

How to handle unknown classes or permissions. May be deny, allow, or reject (default: deny). This will override the (handleunknown action) statement if present in the policy.

-D, --disable-dontaudit

Do not add dontaudit rules to the binary policy.

-P, --preserve-tunables

Treat tunables as booleans.

-N, --disable-neverallow

Do not check neverallow rules.

-v, --verbose

Increment verbosity level.

-h, --help

Display usage information.

AUTHOR

Richard Haines