1CHECKMODULE(8)              System Manager's Manual             CHECKMODULE(8)
2
3
4

NAME

6       checkmodule - SELinux policy module compiler
7

SYNOPSIS

9       checkmodule [-h] [-b] [-C] [-m] [-M] [-U handle_unknown ] [-V] [-o out‐
10       put_file] [input_file]
11

DESCRIPTION

13       This manual page describes the checkmodule command.
14
15       checkmodule is a program that checks and compiles  a  SELinux  security
16       policy  module  into a binary representation.  It can generate either a
17       base policy module (default) or a non-base policy module  (-m  option);
18       typically, you would build a non-base policy module to add to an exist‐
19       ing module store that already has a base module provided  by  the  base
20       policy.   Use semodule_package to combine this module with its optional
21       file contexts to create a policy package,  and  then  use  semodule  to
22       install the module package into the module store and load the resulting
23       policy.
24
25

OPTIONS

27       -b,--binary
28              Read an existing binary policy module file rather than a  source
29              policy module file.  This option is a development/debugging aid.
30
31       -C,--cil
32              Write CIL policy file rather than binary policy file.
33
34       -h,--help
35              Print usage.
36
37       -m     Generate a non-base policy module.
38
39       -M,--mls
40              Enable  the MLS/MCS support when checking and compiling the pol‐
41              icy module.
42
43       -V,--version
44              Show policy versions created by this program.
45
46       -o,--output filename
47              Write a binary policy module file  to  the  specified  filename.
48              Otherwise,  checkmodule will only check the syntax of the module
49              source file and will not generate a binary module at all.
50
51       -U,--handle-unknown <action>
52              Specify how the kernel should handle unknown classes or  permis‐
53              sions (deny, allow or reject).
54
55       -c policyvers
56              Specify the policy version, defaults to the latest.
57
58

EXAMPLE

60       # Build a MLS/MCS-enabled non-base policy module.
61       $ checkmodule -M -m httpd.te -o httpd.mod
62
63

SEE ALSO

65       semodule(8), semodule_package(8) SELinux Reference Policy documentation
66       at https://github.com/SELinuxProject/refpolicy/wiki
67
68
69

AUTHOR

71       This manual page was copied from the checkpolicy man  page  written  by
72       Arpad  Magosanyi  <mag@bunuel.tii.matav.hu>,  and  edited  by Dan Walsh
73       <dwalsh@redhat.com>.   The  program  was  written  by  Stephen  Smalley
74       <sds@tycho.nsa.gov>.
75
76
77
78                                                                CHECKMODULE(8)
Impressum