1CHECKMODULE(8) System Manager's Manual CHECKMODULE(8)
2
3
4
6 checkmodule - SELinux policy module compiler
7
9 checkmodule [-h] [-b] [-C] [-m] [-M] [-U handle_unknown ] [-V] [-o out‐
10 put_file] [input_file]
11
13 This manual page describes the checkmodule command.
14
15 checkmodule is a program that checks and compiles a SELinux security
16 policy module into a binary representation. It can generate either a
17 base policy module (default) or a non-base policy module (-m option);
18 typically, you would build a non-base policy module to add to an exist‐
19 ing module store that already has a base module provided by the base
20 policy. Use semodule_package to combine this module with its optional
21 file contexts to create a policy package, and then use semodule to
22 install the module package into the module store and load the resulting
23 policy.
24
25
27 -b,--binary
28 Read an existing binary policy module file rather than a source
29 policy module file. This option is a development/debugging aid.
30
31 -C,--cil
32 Write CIL policy file rather than binary policy file.
33
34 -h,--help
35 Print usage.
36
37 -m Generate a non-base policy module.
38
39 -M,--mls
40 Enable the MLS/MCS support when checking and compiling the pol‐
41 icy module.
42
43 -V,--version
44 Show policy versions created by this program. Note that you
45 cannot currently build older versions.
46
47 -o,--output filename
48 Write a binary policy module file to the specified filename.
49 Otherwise, checkmodule will only check the syntax of the module
50 source file and will not generate a binary module at all.
51
52 -U,--handle-unknown <action>
53 Specify how the kernel should handle unknown classes or permis‐
54 sions (deny, allow or reject).
55
56
58 # Build a MLS/MCS-enabled non-base policy module.
59 $ checkmodule -M -m httpd.te -o httpd.mod
60
61
63 semodule(8), semodule_package(8) SELinux documentation at
64 http://www.nsa.gov/research/selinux, especially "Configuring the
65 SELinux Policy".
66
67
68
70 This manual page was copied from the checkpolicy man page written by
71 Arpad Magosanyi <mag@bunuel.tii.matav.hu>, and edited by Dan Walsh
72 <dwalsh@redhat.com>. The program was written by Stephen Smalley
73 <sds@tycho.nsa.gov>.
74
75
76
77 CHECKMODULE(8)