1CHECKPOLICY(8)              System Manager's Manual             CHECKPOLICY(8)
2
3
4

NAME

6       checkpolicy - SELinux policy compiler
7

SYNOPSIS

9       checkpolicy  [-b[F]]  [-C] [-d] [-U handle_unknown (allow,deny,reject)]
10       [-M]  [-c  policyvers]  [-o  output_file|-]  [-S]  [-t  target_platform
11       (selinux,xen)] [-V] [input_file]
12

DESCRIPTION

14       This manual page describes the checkpolicy command.
15
16       checkpolicy  is  a  program that checks and compiles a SELinux security
17       policy configuration into a binary representation that  can  be  loaded
18       into  the kernel.  If no input file name is specified, checkpolicy will
19       attempt to read from policy.conf or policy, depending on whether the -b
20       flag is specified.
21
22

OPTIONS

24       -b,--binary
25              Read  an  existing  binary policy file rather than a source pol‐
26              icy.conf file.
27
28       -F,--conf
29              Write policy.conf file rather than binary policy file. Can  only
30              be used with binary policy file.
31
32       -C,--cil
33              Write CIL policy file rather than binary policy file.
34
35       -d,--debug
36              Enter debug mode after loading the policy.
37
38       -U,--handle-unknown <action>
39              Specify  how the kernel should handle unknown classes or permis‐
40              sions (deny, allow or reject).
41
42       -M,--mls
43              Enable the MLS policy when checking and compiling the policy.
44
45       -c policyvers
46              Specify the policy version, defaults to the latest.
47
48       -o,--output filename
49              Write a policy file (binary, policy.conf, or CIL policy) to  the
50              specified filename. If - is given as filename, write it to stan‐
51              dard output.
52
53       -S,--sort
54              Sort ocontexts before writing out the binary policy. This option
55              makes output of checkpolicy consistent with binary policies cre‐
56              ated by semanage and secilc.
57
58       -t,--target
59              Specify the target platform (selinux or xen).
60
61       -O,--optimize
62              Optimize the final kernel policy (remove redundant rules).
63
64       -E,--werror
65              Treat warnings as errors
66
67       -V,--version
68              Show version information.
69
70       -h,--help
71              Show usage information.
72
73

SEE ALSO

75       SELinux Reference Policy documentation  at  https://github.com/SELinux
76       Project/refpolicy/wiki
77
78
79

AUTHOR

81       This     manual     page     was    written    by    Árpád    Magosányi
82       <mag@bunuel.tii.matav.hu>,    and    edited    by    Stephen    Smalley
83       <sds@tycho.nsa.gov>.   The  program  was  written  by  Stephen  Smalley
84       <sds@tycho.nsa.gov>.
85
86
87
88                                                                CHECKPOLICY(8)
Impressum