Selinux grammar

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
Line 11: Line 11:
 
are used for things that can be replaced by some user specified text. They will
 
are used for things that can be replaced by some user specified text. They will
 
also be surrounded with < and > signs to make them clearly different from keywords.
 
also be surrounded with < and > signs to make them clearly different from keywords.
 +
 +
Any item in [ square brackets ] is an optional item. Items with a * after them
 +
can be repeated zero or more times. Parenthesis are used to group items that can
 +
be repeated.
  
 
A file must contain either a ''base_policy'' or a ''module_policy''.
 
A file must contain either a ''base_policy'' or a ''module_policy''.
  
''module_policy'' = '''module''' '''''<identifier>''''' '''''<version_identifier>''''' '';''
+
''module_policy'' = '''module''' '''''<identifier>''''' '''''<version_identifier>''''' '';''  ''next''

Revision as of 13:00, 17 October 2008

This is my attempt at documenting the policy grammar that is accepted by checkpolicy.

Comments start with a # character and continue to the end of the line.

Keywords can be in all uppercase or all lowercase.

Convention followed in this document: Items in bold are literal, they must appear in the policy file exactly as written. Items in bold italics are used for things that can be replaced by some user specified text. They will also be surrounded with < and > signs to make them clearly different from keywords.

Any item in [ square brackets ] is an optional item. Items with a * after them can be repeated zero or more times. Parenthesis are used to group items that can be repeated.

A file must contain either a base_policy or a module_policy.

module_policy = module <identifier> <version_identifier> ; next