This is the command policygentool that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator
PROGRAM:
NAME
policygentool - Interactive SELinux policy generation tool
SYNOPSIS
policygentool [options] <Module Name> <full path for application binary file>
DESCRIPTION
This tool generate three files for policy development, A Type Enforcement (te) file, a
File Context (fc), and a Interface File(if). Most of the policy rules will be written in
the te file. Use the File Context file to associate file paths with security context.
Use the interface rules to allow other protected domains to interact with the newly
defined domains.
The tool prompts for locations of pidfiles, any logfiles, files in /var/lib, and any init
scripts, and whether any network access is desirable for the application. The tool then
generates the appropriate policy rules for the module. After these files have been
generated, the make files for the appropriate SELinux policy, namely,
/usr/share/selinux/refpolicy-targeted/include/Makefile or /usr/share/selinux/refpolicy-
strict/include/Makefile can be used to compile the SELinux policy policy package. The
resulting policy package can be loaded using semodule.
# /usr/bin/policygentool myapp /usr/bin/myapp
# cat >Makefile
> HEADERDIR:=/usr/share/selinux/refpolicy-targeted/include
> include $(HEADERDIR)/Makefile
> ^D
# make
# semodule -l myapp.pp
# restorecon -R -v /usr/bin/myapp "all files defined in myapp.fc"
# setenforce 0
# /etc/init.d/myapp start
# audit2allow -R -i /var/log/audit/audit.log
OPTIONS
-h, --help
Print a short usage message.
Use policygentool online using onworks.net services
