SELint - Perform static source code analysis on SELinux policy
source files
selint [OPTIONS] FILE [...]
Perform static code analysis on SELinux policy source.
- -c,
--config=CONFIGFILE
- Override default config with config specified on command line. See
CONFIGURATION section for config file syntax.
- --color=COLOR_OPTION
- Configure color output. Options are on, off and auto (the default).
- --context=CONTEXT_PATH
- Recursively scan CONTEXT_PATH to find additional te and if files to parse,
but not scan. SELint will assume the scanned policy files are intended to
be compiled together with the context files. are intended to be compiled
together with the context files. Implies -s.
- --debug-parser
- Enable debug output for the internal policy parser. Very noisy, useful to
debug parsing failures.
- -d,
--disable=CHECKID
- Disable check with the given ID.
- -e,
--enable=CHECKID
- Enable check with the given ID.
- -E,
--only-enabled
- Only run checks that are explicitly enabled with the --enable
option.
- -F, --fail
- Exit with a non-zero value if any issue was found.
- -h, --help
- Display this menu.
- -l,
--level=LEVEL
- Only list errors with a severity level at or greater than LEVEL. Options
are C (convention), S (style), W (warning), E (error), F (fatal
error).
- --scan-hidden-dirs
- Scan hidden directories. By default hidden directories (like '.git') are
skipped in recursive mode.
- -s, --source
- Run in "source mode" to scan a policy source repository that is
designed to compile into a full system policy.
- -S, --summary
- Display a summary of issues found after running the analysis.
- --summary-only
- Only display a summary of issues found after running the analysis. Do not
show the individual findings. Implies -S.
- -r,
--recursive
- Scan recursively and check all SELinux policy files found.
- -v, --verbose
- Enable verbose output.
- -V, --version
- Show version information and exit.
Report bugs at
https://github.com/TresysTechnology/selint/issues
Daniel Burgener <Daniel.Burgener@microsoft.com>