debian man page for policygentool

POLICYGENTOOL(1)					      Debian GNU/Linux manual						  POLICYGENTOOL(1)

NAME
       policygentool - Interactive SELinux policy generation tool

SYNOPSIS
       policygentool [options] <Module Name> <full path for application binary file>

DESCRIPTION
       This  tool  generate three files for policy development, A Type Enforcement (te) file, a File Context (fc), and a Interface File(if).  Most
       of the policy rules will be written in the te file.  Use the File Context file to associate file paths  with  security  context.   Use  the
       interface rules to allow other protected domains to interact with the newly defined domains.

       The tool prompts for locations of pidfiles, any logfiles, files in /var/lib, and any init scripts, and whether any network access is desir-
       able for the application. The tool then generates the appropriate policy rules for the module.  After these files have been generated,  the
       make files for the appropriate SELinux policy, namely, /usr/share/selinux/refpolicy-targeted/include/Makefile or /usr/share/selinux/refpol-
       icy-strict/include/Makefile can be used to compile the SELinux policy policy package.  The resulting policy package  can  be  loaded  using
       semodule.

	 # /usr/bin/policygentool myapp /usr/bin/myapp
	 # cat >Makefile
	 > HEADERDIR:=/usr/share/selinux/refpolicy-targeted/include
	 > include $(HEADERDIR)/Makefile
	 > ^D
	 # make
	 # semodule -l myapp.pp
	 # restorecon -R -v /usr/bin/myapp "all files defined in myapp.fc"
	 # setenforce 0
	 # /etc/init.d/myapp start
	 # audit2allow -R -i /var/log/audit/audit.log

OPTIONS
       -h, --help
	      Print a short usage message.

FILES
       myapp.te, myapp.if, myapp.fc.

SEE ALSO
       semodule(8), check_policy(8), load_policy(8).

BUGS
       None known.

AUTHOR
       This manual page was written by Manoj Srivastava <srivasta@debian.org>, for the Debian GNU/Linux system.

Debian								    Feb 27 2007 						  POLICYGENTOOL(1)