[selinux-policy: 1447/3172] add info on build options

Thu Oct 7 21:10:25 UTC 2010

commit 75c1c261c169dc9e18f1e03b468837d634ca4484
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue May 16 15:05:40 2006 +0000

    add info on build options

 refpolicy/README |   49 +++++++++++++++++++++++++++++++++++++++++++++++--
 1 files changed, 47 insertions(+), 2 deletions(-)
---

diff --git a/refpolicy/README b/refpolicy/README
index 3bf21ff..9b43465 100644
--- a/refpolicy/README
+++ b/refpolicy/README
@@ -73,7 +73,52 @@ checklabels		Check the labels on the filesystem, and report when
 restorelabels		Relabel the filesystem and report each file that is
 			relabeled.
 
-2) Reference Policy Files and Directories
+
+2) Reference Policy Build Options (build.conf)
+
+TYPE			String.  Available options are strict, targeted,
+			strict-mls, targeted-mls, strict-mcs, and targeted-mcs.
+			This sets the policy type as strict or targeted, and
+			optionally enables multi-leve security (MLS) or
+			multi-category security (MCS) features.  This option
+			controls strict_policy, targeted_policy, enable_mls,
+			and enable_mcs policy blocks.
+
+NAME			String (optional).  Sets the name of the policy; the
+			NAME is used when installing files to e.g.,
+			/etc/selinux/NAME and /usr/share/selinux/NAME.  If not
+			set, the policy type (TYPE) is used.
+
+DISTRO			String (optional).  Enable distribution-specific policy.
+			Available options are redhat, rhel4, gentoo, debian,
+			and suse.  This option controls distro_redhat,
+			distro_rhel4, distro_gentoo, distro_debian, and
+			distro_suse policy blocks.
+
+MONOLITHIC		Boolean.  If set, a monolithic policy is built,
+			otherwise a modular policy is built.
+
+DIRECT_INITRC		Boolean.  If set, sysadm will be allowed to directly
+			run init scripts, instead of requiring the run_init
+			tool.  This is a build option instead of a tunable since
+			role transitions do not work in conditional policy.
+			This option controls direct_sysadm_daemon policy
+			blocks.
+
+POLY			Boolean.  If set, policy for polyinstantiated
+			directories will be enabled.  This option controls
+			enable_polyinstantiation policy blocks.
+
+OUTPUT_POLICY		Integer.  Set the version of the policy created when
+			building a monolithic policy.  This option has no effect
+			on modular policy.
+
+QUIET			Boolean.  If set, the build system will only display
+			status messages and error messages.  This option has no
+			effect on policy.
+
+
+3) Reference Policy Files and Directories
 All directories relative to the root of the Reference Policy sources directory.
 
 Makefile		General rules for building the policy.
@@ -161,4 +206,4 @@ policy/support/*	Support macros.
 
 policy/users		This file defines the users included in the policy.
 
-support/*		Scripts and other tools used to help build the policy.
+support/*		Tools used in the build process.
