logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

secilc - invoke the SELinux Common Intermediate Language (CIL) Compiler

Contents

Author

RichardHaines

secilc                                             03/16/2025                                          SECILC(8)

Description

secilc invokes the CIL compiler with the specified arguments to build a kernel binary policy. A
       file_contexts file will also be built as described in the FILEFORMAT section of file_contexts(5).

Name

       secilc - invoke the SELinux Common Intermediate Language (CIL) Compiler

Options

-o,--output=<file>
           Write binary policy to file (default: policy.version)

       -f,--filecontext=<file>
           Write file contexts to file (default: file_contexts)

       -t,--target=<type>
           Specify target architecture. May be selinux or xen (default: selinux)

       -M,--mlstrue|false
           Build an mls policy. Must be true or false. This will override the (mlsboolean) statement if present
           in the policy.

       -c,--policyvers=<version>
           Build a binary policy with a given version (default: depends on the systems SELinux policy version,
           see sestatus(8))

       -U,--handle-unknown=<action>
           How to handle unknown classes or permissions. May be deny, allow, or reject (default: deny). This
           will override the (handleunknownaction) statement if present in the policy.

       -D,--disable-dontaudit
           Do not add dontaudit rules to the binary policy.

       -P,--preserve-tunables
           Treat tunables as booleans.

       -Q,--qualified-names
           Allow names containing dots (qualified names). Blocks, blockinherits, blockabstracts, and
           in-statements will not be allowed.

       -m,--multiple-decls
           Allow some statements to be re-declared.

       -N,--disable-neverallow
           Do not check neverallow rules.

       -G,--expand-generated
           Expand and remove auto-generated attributes

       -X,--attrs-size<size>
           Expand type attributes with fewer than <SIZE> members.

       -O,--optimize
           Optimize final policy (remove redundant rules).

       -v,--verbose
           Increment verbosity level.

       -h,--help
           Display usage information.

See Also

file_contexts(5), sestatus(8)

       HTML documentation describing the CIL language statements is available starting with
       docs/html/index.html.

       PDF documentation describing the CIL language statements is available at:
       docs/pdf/CIL_Reference_Guide.pdf.

       There is a CIL Design Wiki at: http://github.com/SELinuxProject/cil/wiki that describes the goals and
       features of the CIL language.

Synopsis

secilc [OPTION...] file

See Also

Man Pages
policy Man Pages
Filing
Filing PNG Icons
Man Pages
secil2conf Man Pages
Man Pages
defaults Man Pages
Language
Language PNG Icons
Installerpedia
deepseek-ai/DeepSeek-OCR Installerpedia
Man Pages
SELinux Man Pages
Binary
Binary PNG Icons
Man Pages
statements Man Pages
← View System admin Category← Back to Security and firewalls🙏  Credits & Acknowledgments