1CHECKPOLICY(8) System Manager's Manual CHECKPOLICY(8)
2
3
4
6 checkpolicy - SELinux policy compiler
7
9 checkpolicy [-b] [-d] [-M] [-c policyvers] [-o output_file]
10 [input_file]
11
13 This manual page describes the checkpolicy command.
14
15 checkpolicy is a program that checks and compiles a SELinux security
16 policy configuration into a binary representation that can be loaded
17 into the kernel. If no input file name is specified, checkpolicy will
18 attempt to read from policy.conf or policy, depending on whether the -b
19 flag is specified.
20
21
23 -b,--binary
24 Read an existing binary policy file rather than a source pol‐
25 icy.conf file.
26
27 -d,--debug
28 Enter debug mode after loading the policy.
29
30 -M,--mls
31 Enable the MLS policy when checking and compiling the policy.
32
33 -o,--output filename
34 Write a binary policy file to the specified filename.
35
36 -c policyvers
37 Specify the policy version, defaults to the latest.
38
39 -t,--target
40 Specify the target platform (selinux or xen).
41
42 -U,--handle-unknown <action>
43 Specify how the kernel should handle unknown classes or permis‐
44 sions (deny, allow or reject).
45
46 -V,--version
47 Show version information.
48
49 -h,--help
50 Show usage information.
51
52
54 SELinux documentation at http://www.nsa.gov/selinux, especially "Con‐
55 figuring the SELinux Policy".
56
57
58
60 This manual page was written by Arpad Magosanyi
61 <mag@bunuel.tii.matav.hu>, and edited by Stephen Smalley
62 <sds@epoch.ncsc.mil>. The program was written by Stephen Smalley
63 <sds@epoch.ncsc.mil>.
64
65
66
67 CHECKPOLICY(8)