1CHECKPOLICY(8) System Manager's Manual CHECKPOLICY(8)
2
3
4
6 checkpolicy - SELinux policy compiler
7
9 checkpolicy [-b[F]] [-C] [-d] [-M] [-c policyvers] [-o output_file]
10 [input_file]
11
13 This manual page describes the checkpolicy command.
14
15 checkpolicy is a program that checks and compiles a SELinux security
16 policy configuration into a binary representation that can be loaded
17 into the kernel. If no input file name is specified, checkpolicy will
18 attempt to read from policy.conf or policy, depending on whether the -b
19 flag is specified.
20
21
23 -b,--binary
24 Read an existing binary policy file rather than a source pol‐
25 icy.conf file.
26
27 -C,--cil
28 Write CIL policy file rather than binary policy file.
29
30 -d,--debug
31 Enter debug mode after loading the policy.
32
33 -F,--conf
34 Write policy.conf file rather than binary policy file. Can only
35 be used with binary policy file.
36
37 -M,--mls
38 Enable the MLS policy when checking and compiling the policy.
39
40 -o,--output filename
41 Write a binary policy file to the specified filename.
42
43 -c policyvers
44 Specify the policy version, defaults to the latest.
45
46 -t,--target
47 Specify the target platform (selinux or xen).
48
49 -U,--handle-unknown <action>
50 Specify how the kernel should handle unknown classes or permis‐
51 sions (deny, allow or reject).
52
53 -V,--version
54 Show version information.
55
56 -h,--help
57 Show usage information.
58
59
61 SELinux documentation at http://www.nsa.gov/research/selinux, espe‐
62 cially "Configuring the SELinux Policy".
63
64
65
67 This manual page was written by Arpad Magosanyi
68 <mag@bunuel.tii.matav.hu>, and edited by Stephen Smalley
69 <sds@tycho.nsa.gov>. The program was written by Stephen Smalley
70 <sds@tycho.nsa.gov>.
71
72
73
74 CHECKPOLICY(8)