1CHECKMODULE(8)              System Manager's Manual             CHECKMODULE(8)
2
3
4

NAME

6       checkmodule - SELinux policy module compiler
7

SYNOPSIS

9       checkmodule  [-h] [-b] [-c policy_version] [-C] [-E] [-m] [-M] [-U han‐
10       dle_unknown] [-V] [-o output_file] [input_file]
11

DESCRIPTION

13       This manual page describes the checkmodule command.
14
15       checkmodule is a program that checks and compiles  a  SELinux  security
16       policy  module  into a binary representation.  It can generate either a
17       base policy module (default) or a non-base policy module  (-m  option);
18       typically, you would build a non-base policy module to add to an exist‐
19       ing module store that already has a base module provided  by  the  base
20       policy.   Use  semodule_package(8)  to combine this module with its op‐
21       tional file contexts to create a policy package, and  then  use  semod‐
22       ule(8) to install the module package into the module store and load the
23       resulting policy.
24
25

OPTIONS

27       -b,--binary
28              Read an existing binary policy module file rather than a  source
29              policy module file.  This option is a development/debugging aid.
30
31       -C,--cil
32              Write CIL policy file rather than binary policy file.
33
34       -E,--werror
35              Treat warnings as errors
36
37       -h,--help
38              Print usage.
39
40       -m     Generate a non-base policy module.
41
42       -M,--mls
43              Enable  the MLS/MCS support when checking and compiling the pol‐
44              icy module.
45
46       -V,--version
47              Show policy versions created by this program.
48
49       -o,--output filename
50              Write a binary policy module file  to  the  specified  filename.
51              Otherwise,  checkmodule will only check the syntax of the module
52              source file and will not generate a binary module at all.
53
54       -U,--handle-unknown <action>
55              Specify how the kernel should handle unknown classes or  permis‐
56              sions (deny, allow or reject).
57
58       -c policyvers
59              Specify the policy version, defaults to the latest.
60
61

EXAMPLE

63       # Build a MLS/MCS-enabled non-base policy module.
64       $ checkmodule -M -m httpd.te -o httpd.mod
65
66

SEE ALSO

68       semodule(8), semodule_package(8) SELinux Reference Policy documentation
69       at https://github.com/SELinuxProject/refpolicy/wiki
70
71
72

AUTHOR

74       This manual page was copied from the checkpolicy man  page  written  by
75       Árpád  Magosányi  <mag@bunuel.tii.matav.hu>,  and  edited  by Dan Walsh
76       <dwalsh@redhat.com>.   The  program  was  written  by  Stephen  Smalley
77       <sds@tycho.nsa.gov>.
78
79
80
81                                                                CHECKMODULE(8)
Impressum