1CHECKMODULE(8)              System Manager's Manual             CHECKMODULE(8)
2
3
4

NAME

6       checkmodule - SELinux policy module compiler
7

SYNOPSIS

9       checkmodule  [-h]  [-b]  [-m]  [-M]  [-U handle_unknown ] [-V] [-o out‐
10       put_file] [input_file]
11

DESCRIPTION

13       This manual page describes the checkmodule command.
14
15       checkmodule is a program that checks and compiles  a  SELinux  security
16       policy  module  into a binary representation.  It can generate either a
17       base policy module (default) or a non-base policy module  (-m  option);
18       typically, you would build a non-base policy module to add to an exist‐
19       ing module store that already has a base module provided  by  the  base
20       policy.   Use semodule_package to combine this module with its optional
21       file contexts to create a policy package,  and  then  use  semodule  to
22       install the module package into the module store and load the resulting
23       policy.
24
25

OPTIONS

27       -b,--binary
28              Read an existing binary policy module file rather than a  source
29              policy module file.  This option is a development/debugging aid.
30
31       -h,--help
32              Print usage.
33
34       -m     Generate a non-base policy module.
35
36       -M,--mls
37              Enable  the MLS/MCS support when checking and compiling the pol‐
38              icy module.
39
40       -V,--version
41               Show policy versions created by this program
42
43       -o,--output filename
44              Write a binary policy module file  to  the  specified  filename.
45              Otherwise,  checkmodule will only check the syntax of the module
46              source file and will not generate a binary module at all.
47
48       -U,--handle-unknown <action>
49              Specify how the kernel should handle unknown classes or  permis‐
50              sions (deny, allow or reject).
51
52

EXAMPLE

54       # Build a MLS/MCS-enabled non-base policy module.
55       $ checkmodule -M -m httpd.te -o httpd.mod
56
57

SEE ALSO

59       semodule(8),     semodule_package(8)     SELinux    documentation    at
60       http://www.nsa.gov/selinux, especially "Configuring  the  SELinux  Pol‐
61       icy".
62
63
64

AUTHOR

66       This  manual  page  was copied from the checkpolicy man page written by
67       Arpad Magosanyi <mag@bunuel.tii.matav.hu>,  and  edited  by  Dan  Walsh
68       <dwalsh@redhat.com>.   The  program  was  written  by  Stephen  Smalley
69       <sds@epoch.ncsc.mil>.
70
71
72
73                                                                CHECKMODULE(8)
Impressum