######################################## # # Policy build options # # Policy version # By default, checkpolicy will create the highest # version policy it supports. Setting this will # override the version. This only has an # effect for monolithic policies. #OUTPUT_POLICY = 18 # Policy Type # standard, mls, mcs TYPE = standard # Policy Name # If set, this will be used as the policy # name. Otherwise the policy type will be # used for the name. NAME = refpolicy # Distribution # Some distributions have portions of policy # for programs or configurations specific to the # distribution. Setting this will enable options # for the distribution. # redhat, gentoo, debian, suse, and rhel4 are current options. # Fedora users should enable redhat. #DISTRO = redhat # Unknown Permissions Handling # The behavior for handling permissions defined in the # kernel but missing from the policy. The permissions # can either be allowed, denied, or the policy loading # can be rejected. # allow, deny, and reject are current options. UNK_PERMS = deny # Direct admin init # Setting this will allow sysadm to directly # run init scripts, instead of requring run_init. # This is a build option, as role transitions do # not work in conditional policy. DIRECT_INITRC = n # Systemd # Setting this will configure systemd as the init system. SYSTEMD = n # Build monolithic policy. Putting y here # will build a monolithic policy. MONOLITHIC = n # User-based access control (UBAC) # Enable UBAC for role separations. UBAC = y # Custom build options. This field enables custom # build options. Putting foo here will enable # build option blocks named foo. Options should be # separated by spaces. CUSTOM_BUILDOPT = # Number of MLS Sensitivities # The sensitivities will be s0 to s(MLS_SENS-1). # Dominance will be in increasing numerical order # with s0 being lowest. MLS_SENS = 16 # Number of MLS Categories # The categories will be c0 to c(MLS_CATS-1). MLS_CATS = 1024 # Number of MCS Categories # The categories will be c0 to c(MLS_CATS-1). MCS_CATS = 1024 # Set this to y to only display status messages # during build. QUIET = n # Set this to treat warnings as errors. WERROR = n