2) Reference Policy Build Options (build.conf)
-TYPE String. Available options are strict, targeted,
- strict-mls, targeted-mls, strict-mcs, and targeted-mcs.
- This sets the policy type as strict or targeted, and
- optionally enables multi-leve security (MLS) or
+TYPE String. Available options are standard, mls, and mcs.
+ For a type enforcement only system, set standard.
+ This optionally enables multi-level security (MLS) or
multi-category security (MCS) features. This option
- controls strict_policy, targeted_policy, enable_mls,
- and enable_mcs policy blocks.
+ controls enable_mls, and enable_mcs policy blocks.
NAME String (optional). Sets the name of the policy; the
NAME is used when installing files to e.g.,
This option controls direct_sysadm_daemon policy
blocks.
-POLY Boolean. If set, policy for polyinstantiated
- directories will be enabled. This option controls
- enable_polyinstantiation policy blocks.
-
OUTPUT_POLICY Integer. Set the version of the policy created when
building a monolithic policy. This option has no effect
on modular policy.
+UNK_PERMS String. Set the kernel behavior for handling of
+ permissions defined in the kernel but missing from the
+ policy. The permissions can either be allowed, denied,
+ or the policy loading can be rejected.
+
+UBAC Boolean. If set, the SELinux user will be used
+ additionally for approximate role separation.
+
+MLS_SENS Integer. Set the number of sensitivities in the MLS
+ policy. Ignored on standard and MCS policies.
+
+MLS_CATS Integer. Set the number of categories in the MLS
+ policy. Ignored on standard and MCS policies.
+
+MCS_CATS Integer. Set the number of categories in the MCS
+ policy. Ignored on standard and MLS policies.
+
QUIET Boolean. If set, the build system will only display
status messages and error messages. This option has no
effect on policy.
Rules.monolithic Makefile rules specific to building monolithic policies.
build.conf Options which influence the building of the policy,
- such as the policy type (strict, targeted, etc.)
- and distribution.
+ such as the policy type and distribution.
config/appconfig-* Application configuration files for all configurations
of the Reference Policy (targeted/strict with or without