policygentool - Interactive SELinux policy generation tool

       This manual page was written by Manoj Srivastava <srivasta@debian.org>, for the Debian GNU/Linux system.

Debian                                             Feb 27 2007                                  POLICYGENTOOL(1)

       None known.

       This tool generate three files for policy development, A Type Enforcement (te) file, a File Context (fc),
       and a Interface File(if).  Most of the policy rules will be written in the te file.  Use the File Context
       file  to  associate  file  paths with security context.  Use the interface rules to allow other protected
       domains to interact with the newly defined domains.

       The tool prompts for locations of pidfiles, any logfiles, files in /var/lib, and any  initscripts,  and
       whether  any  network  access  is  desirable for the application. The tool then generates the appropriate
       policy rules for the module.  After these files have been generated, the make files for  the  appropriate
       SELinux       policy,       namely,       /usr/share/selinux/refpolicy-targeted/include/Makefile       or
       /usr/share/selinux/refpolicy-strict/include/Makefile can be used to compile  the  SELinux  policy  policy
       package.  The resulting policy package can be loaded using semodule.

         # /usr/bin/policygentool myapp /usr/bin/myapp
         # cat >Makefile
         > HEADERDIR:=/usr/share/selinux/refpolicy-targeted/include
         > include $(HEADERDIR)/Makefile
         > ^D
         # make
         # semodule -l myapp.pp
         # restorecon -R -v /usr/bin/myapp "all files defined in myapp.fc"
         # setenforce 0
         # /etc/init.d/myapp start
         # audit2allow -R -i /var/log/audit/audit.log

myapp.te,myapp.if,myapp.fc.

       policygentool - Interactive SELinux policy generation tool

-h,--help
              Print a short usage message.

semodule(8), check_policy(8), load_policy(8).

policygentool[options]<ModuleName><fullpathforapplicationbinaryfile>