forked from SELinuxProject/selint
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathselint.conf
74 lines (61 loc) · 3.5 KB
/
selint.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# This is the configuration file for SELint. The global configuration file
# is the default if no other configuration is provided, but can be overridden
# by user specific and project specific confgurations, or a configuration file
# can be provided on the command line.
# Set the severity level to report. Options are "convention", "style",
# "warning", "error" and "fatal". SELint will report all errors at or above
# the selected level
severity = "convention"
# Check enabling works as follows each step may override the one prior:
# 1. All checks at or above the set severity level are enabled by default
# 2. Checks may be disabled using the "disable" option below
# 3. Checks may be enabled in either normal or source modes using the "enable_normal" and "enable_source" options below
# 4. Checks may be disabled on the command line using the -d option
# 5. Checks may be enabled on the command line using the -e option
# Uncomment and modify to disable selected checks. This can be overridden on
# the command line
disable = { C-001, C-006, W-010, W-011, E-003, E-004 }
# enable description
#enable_normal = { S-002, E-002 }
enable_source = { W-010, W-011, E-003, E-004 }
# Modules.conf location. If you are running SELint in "source mode", you need
# to supply a modules.conf file in order to run all checks. SELint will look
# in the default location of policy/modules.conf from the directory where it
# is run. To use a different path specify it here.
#modules_conf_path = policy/modules.conf
# Users and roles are often not declared in te files like other policy
# constructs. Use the below options to specify valid users and roles that
# SELint should not report as invalid even if they are not found in the
# policy
assume_users = { system_u }
assume_roles = { object_r }
# If you have defined any custom macros for use in fc files, list them here,
# otherwise, SELint will report E-002 on occurrences of them
# custom_fc_macros = { }
# If you have defined any custom simple macros for use in te and if files, list them here,
# otherwise, SELint will report E-010 on occurrences of them
# custom_te_simple_macros = { }
# What ordering standard you would like to apply when running check C-001
# Options are:
# - refpolicy: Follow the refpolicy Style Guide (https://github.com/SELinuxProject/refpolicy/wiki/StyleGuide)
# - refpolicy-light: Similar to refpolicy, but do not distinct base interface calls (except kernel module)
# - refpolicy-lax: (default) Similar to refpolicy, but ignore interface
# and block ordering requirements.
ordering_rules = "refpolicy-lax"
# What ordering in require blocks you would like to apply when running check C-006
# The following six flavors must each be used exactly once:
# attribute, attribute_role, bool, class, role, type
# If unset, this defaults to the following order:
#ordering_requires = { bool, role, attribute_role, attribute, type, class }
ordering_requires = { bool, attribute, attribute_role, type, class, role }
# Whether to check the order (alphabetically) of requires of the same flavor when running check C-006
# If unset, this defaults to true.
ordering_requires_same_flavor = false
# Whether to ignore known false-positives on generated policy files.
# In recursive mode SELint checks all files with known endings, regardless
# if they are source or build generated files, like base.fc .
# Currently the following checks are going to be disabled on build generated
# files:
# S-002: base.fc, all_mods.fc, $MODNAME.mod.fc
# If unset, this defaults to true.
#skip_checking_generated_fcs = true