The CIL compiler, secilc, is now able to create MLS, MCS, and non-MLS binary
policies from a slightly modified version of Refpolicy that has been converted
to CIL.
Anyone interested in trying CIL out can do the following:
1) Clone the CIL compiler and cilpolicy
git clone https://jwcarter@xxxxxxxxxxxxx/jwcarter/secilc.git
git clone https://jwcarter@xxxxxxxxxxxxx/jwcarter/cilpolicy.git
2) Build secilc
cd secilc
make
cd ..
3) Build cilpolicy
./secilc/secilc `cat cilpolicy/LISTING`
To build an MLS policy:
Edit "cilpolicy/mls_declarations" and change "(tunable enable_mls false)" to
"(tunable enable_mls true)"
Build the MLS policy: ./secilc/secilc -M `cat cilpolicy/LISTING`
MCS is similar.
Anyone interested in trying to create their own CIL policy from Refpolicy can
clone the Flask Policy Parser (fpp) from bitbucket and follow the instructions
in the README. To clone fpp:
git clone https://jwcarter@xxxxxxxxxxxxx/jwcarter/fpp.git
--
James Carter <jwcart2@xxxxxxxxxxxxx>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
