]>
Commit | Line | Data |
---|---|---|
fedd3caf CP |
1 | 1) Reference Policy make targets: |
2 | ||
3 | General Make targets: | |
4 | ||
5 | install-src Install the policy sources into | |
6 | /etc/selinux/NAME/src/policy, where NAME is defined in | |
7 | the Makefile. If not defined, the TYPE, as defined in | |
8 | the Makefile, is used. The default NAME is refpolicy. | |
9 | A pre-existing source policy will be moved to | |
10 | /etc/selinux/NAME/src/policy.bak. | |
11 | ||
12 | conf Regenerate policy.xml, and update/create modules.conf | |
13 | and booleans.conf. This should be done after adding | |
14 | or removing modules, or after running the bare target. | |
15 | If the configuration files exist, their settings will | |
16 | be preserved. This must be ran on policy sources that | |
17 | are checked out from the CVS repository before they can | |
18 | be used. | |
19 | ||
20 | clean Delete all temporary files, compiled policies, | |
21 | and file_contexts. Configuration files are left intact. | |
22 | ||
23 | bare Do the clean make target and also delete configuration | |
24 | files, web page documentation, and policy.xml. | |
25 | ||
26 | html Regenerate policy.xml and create web page documentation | |
27 | in the doc/html directory. | |
28 | ||
29 | Make targets specific to modular (loadable modules) policies: | |
30 | ||
31 | base Compile and package the base module. This is the | |
32 | default target for modular policies. | |
33 | ||
34 | modules Compile and package all Reference Policy modules | |
35 | configured to be built as loadable modules. | |
36 | ||
37 | MODULENAME.pp Compile and package the MODULENAME Reference Policy | |
38 | module. | |
39 | ||
c767b14c CP |
40 | all Compile and package the base module and all Reference |
41 | Policy modules configured to be built as loadable | |
42 | modules. | |
43 | ||
44 | install Compile, package, and install the base module and | |
45 | Reference Policy modules configured to be built as | |
46 | loadable modules. | |
47 | ||
48 | load Compile, package, and install the base module and | |
49 | Reference Policy modules configured to be built as | |
50 | loadable modules, then insert them into the module | |
51 | store. | |
52 | ||
fedd3caf CP |
53 | Make targets specific to monolithic policies: |
54 | ||
55 | policy Compile a policy locally for development and testing. | |
56 | This is the default target for monolithic policies. | |
57 | ||
58 | install Compile and install the policy and file contexts. | |
59 | ||
60 | load Compile and install the policy and file contexts, then | |
61 | load the policy. | |
62 | ||
63 | enableaudit Remove all dontaudit rules from policy.conf. | |
64 | ||
65 | relabel Relabel the filesystem. | |
66 | ||
67 | checklabels Check the labels on the filesystem, and report when | |
68 | a file would be relabeled, but do not change its label. | |
69 | ||
70 | restorelabels Relabel the filesystem and report each file that is | |
71 | relabeled. | |
97749e2a | 72 | |
8e0ef1f9 | 73 | 2) Reference Policy Files and Directories |
97749e2a CP |
74 | All directories relative to the root of the Reference Policy sources directory. |
75 | ||
8e0ef1f9 CP |
76 | Makefile General rules for building the policy. |
77 | ||
35bb02ab CP |
78 | Rules.modular Makefile rules specific to building loadable module |
79 | policies. | |
8e0ef1f9 | 80 | |
35bb02ab | 81 | Rules.monolithic Makefile rules specific to building monolithic policies. |
8e0ef1f9 CP |
82 | |
83 | build.conf Options which influence the building of the policy, | |
84 | such as the policy type (strict, targeted, etc.) | |
85 | and distribution. | |
86 | ||
97749e2a CP |
87 | config/appconfig-* Application configuration files for all configurations |
88 | of the Reference Policy (targeted/strict with or without | |
89 | MLS or MCS). These are used by SELinux-aware programs. | |
90 | ||
91 | config/local.users The file read by load policy for adding SELinux users | |
92 | to the policy on the fly. | |
93 | ||
94 | doc/html/* This contains the contents of the in-policy XML | |
95 | documentation, presented in web page form. | |
96 | ||
97 | doc/policy.dtd The doc/policy.xml file is validated against this DTD. | |
98 | ||
99 | doc/policy.xml This file is generated/updated by the conf and html make | |
100 | targets. It contains the complete XML documentation | |
101 | included in the policy. | |
102 | ||
103 | doc/templates/* Templates used for documentation web pages. | |
104 | ||
105 | policy/booleans.conf This file is generated/updated by the conf make target. | |
106 | It contains the booleans in the policy, and their | |
107 | default values. If tunables are implemented as | |
108 | booleans, tunables will also be included. This file | |
109 | will be installed as the /etc/selinux/NAME/booleans | |
110 | file. | |
111 | ||
112 | policy/constraints This file defines additional constraints on permissions | |
113 | in the form of boolean expressions that must be | |
114 | satisfied in order for specified permissions to be | |
115 | granted. These constraints are used to further refine | |
116 | the type enforcement rules and the role allow rules. | |
117 | Typically, these constraints are used to restrict | |
118 | changes in user identity or role to certain domains. | |
119 | ||
120 | policy/global_booleans This file defines all booleans that have a global scope, | |
121 | their default value, and documentation. | |
122 | ||
123 | policy/global_tunables This file defines all tunables that have a global scope, | |
124 | their default value, and documentation. | |
125 | ||
97749e2a CP |
126 | policy/flask/initial_sids This file has declarations for each initial SID. |
127 | ||
128 | policy/flask/security_classes This file has declarations for each security class. | |
129 | ||
130 | policy/flask/access_vectors This file defines the access vectors. Common | |
131 | prefixes for access vectors may be defined at the | |
132 | beginning of the file. After the common prefixes are | |
133 | defined, an access vector may be defined for each | |
134 | security class. | |
135 | ||
35bb02ab CP |
136 | policy/mcs The multi-category security (MCS) configuration. |
137 | ||
138 | policy/mls The multi-level security (MLS) configuration. | |
139 | ||
97749e2a CP |
140 | policy/modules/* Each directory represents a layer in Reference Policy |
141 | all of the modules are contained in one of these layers. | |
142 | ||
143 | policy/modules.conf This file contains a listing of available modules, and | |
144 | how they will be used when building Reference Policy. To | |
145 | prevent a module from being used, set the module to | |
146 | "off". For monolithic policies, modules set to "base" | |
147 | and "module" will be included in the policy. For | |
148 | modular policies, modules set to "base" will be included | |
149 | in the base module; those set to "module" will be | |
150 | compiled as individual loadable modules. | |
151 | ||
152 | policy/support/* Support macros. | |
153 | ||
35bb02ab CP |
154 | policy/users This file defines the users included in the policy. |
155 | ||
97749e2a | 156 | support/* Scripts and other tools used to help build the policy. |