[selinux-policy: 753/3172] add more docs
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:09:54 UTC 2010
commit 97749e2a2e6526f3d4c073946ba02eda141237aa
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Oct 17 20:00:33 2005 +0000
add more docs
refpolicy/README | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 72 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/README b/refpolicy/README
index 0896c07..2bbc966 100644
--- a/refpolicy/README
+++ b/refpolicy/README
@@ -56,3 +56,75 @@ checklabels Check the labels on the filesystem, and report when
restorelabels Relabel the filesystem and report each file that is
relabeled.
+
+2) Reference Policy Directories
+All directories relative to the root of the Reference Policy sources directory.
+
+config/appconfig-* Application configuration files for all configurations
+ of the Reference Policy (targeted/strict with or without
+ MLS or MCS). These are used by SELinux-aware programs.
+
+config/local.users The file read by load policy for adding SELinux users
+ to the policy on the fly.
+
+doc/html/* This contains the contents of the in-policy XML
+ documentation, presented in web page form.
+
+doc/policy.dtd The doc/policy.xml file is validated against this DTD.
+
+doc/policy.xml This file is generated/updated by the conf and html make
+ targets. It contains the complete XML documentation
+ included in the policy.
+
+doc/templates/* Templates used for documentation web pages.
+
+policy/booleans.conf This file is generated/updated by the conf make target.
+ It contains the booleans in the policy, and their
+ default values. If tunables are implemented as
+ booleans, tunables will also be included. This file
+ will be installed as the /etc/selinux/NAME/booleans
+ file.
+
+policy/constraints This file defines additional constraints on permissions
+ in the form of boolean expressions that must be
+ satisfied in order for specified permissions to be
+ granted. These constraints are used to further refine
+ the type enforcement rules and the role allow rules.
+ Typically, these constraints are used to restrict
+ changes in user identity or role to certain domains.
+
+policy/global_booleans This file defines all booleans that have a global scope,
+ their default value, and documentation.
+
+policy/global_tunables This file defines all tunables that have a global scope,
+ their default value, and documentation.
+
+policy/mcs The multi-category security (MCS) configuration.
+
+policy/mls The multi-level security (MLS) configuration.
+
+policy/flask/initial_sids This file has declarations for each initial SID.
+
+policy/flask/security_classes This file has declarations for each security class.
+
+policy/flask/access_vectors This file defines the access vectors. Common
+ prefixes for access vectors may be defined at the
+ beginning of the file. After the common prefixes are
+ defined, an access vector may be defined for each
+ security class.
+
+policy/modules/* Each directory represents a layer in Reference Policy
+ all of the modules are contained in one of these layers.
+
+policy/modules.conf This file contains a listing of available modules, and
+ how they will be used when building Reference Policy. To
+ prevent a module from being used, set the module to
+ "off". For monolithic policies, modules set to "base"
+ and "module" will be included in the policy. For
+ modular policies, modules set to "base" will be included
+ in the base module; those set to "module" will be
+ compiled as individual loadable modules.
+
+policy/support/* Support macros.
+
+support/* Scripts and other tools used to help build the policy.
More information about the scm-commits
mailing list