sepolicy-generate(8)sepolicy-generate(8)NAMEsepolicy-generate - Generate an initial SELinux policy module template.
SYNOPSIS
sepolicy generate [-h] [-t TYPE] [-n NAME] [-T TEST] [ command | con‐
fineduser ]
DESCRIPTION
Use sepolicy generate to generate an SELinux policy Module. sepolicy
generate will generate 4 files.
Type Enforcing File NAME.te
This file can be used to define all the types rules for a particular
domain.
Interface File NAME.if
This file defines the interfaces for the types generated in the te
file, which can be used by other policy domains.
File Context NAME.fc
This file defines the default file context for the system, it takes the
file types created in the te file and associates file paths to the
types. Tools like restorecon and RPM will use these paths to put down
labels.
RPM Spec File NAME_selinux.spec
This file is an RPM SPEC file that can be used to install the SELinux
policy on to machines and setup the labeling. The spec file also
installs the interface file and a man page describing the policy. You
can use sepolicy manpage -d NAME to generate the man page.
Shell File NAME.sh
This is a helper shell script to compile, install and fix the labeling
on your test system. It will also generate a man page based on the
installed policy, and compile and build an RPM suitable to be installed
on other machines
If a generate is possible, this tool will print out all generate paths
from the source domain to the target domain
OPTIONS-h, --help
Display help message
-t, --type
Specify the type of policy you want to create.
Valid Options:
0 : Standard Init Daemon (Default)
1 : DBUS System Daemon
2 : Internet Services Daemon
3 : Web Application/Script (CGI)
4 : User Application
5 : Sandbox
6 : Minimal Terminal User Role
7 : Minimal X Windows User Role
8 : User Role
9 : Admin User Role
10 : Root Admin User Role
-n, --name
Specify alternate name of policy. The policy will default to the
executable or name specified.
EXAMPLE
> sepolicy generate /usr/sbin/rwhod
Generating Policy for /usr/sbin/rwhod named rwhod
Created the following files in:
rwhod.te # Type Enforcement file
rwhod.if # Interface file
rwhod.fc # File Contexts file
rwhod_selinux.spec # Spec file
rwhod.sh # Setup Script
AUTHOR
This man page was written by Daniel Walsh <dwalsh@redhat.com>
SEE ALSOsepolicy(8), selinux(8)
20121005 sepolicy-generate(8)