1CHECKMODULE(8) System Manager's Manual CHECKMODULE(8)
2
6 checkmodule - SELinux policy module compiler
7
9 checkmodule [-b] [-m] [-M] [-V] [-o output_file] [input_file]
10
12 This manual page describes the checkmodule command.
13 checkmodule is a program that checks and compiles a SELinux security
15 policy module into a binary representation. It can generate either a
16 base policy module (default) or a non-base policy module (-m option);
17 typically, you would build a non-base policy module to add to an exist‐
18 ing module store that already has a base module provided by the base
19 policy. Use semodule_package to combine this module with its optional
20 file contexts to create a policy package, and then use semodule to
21 install the module package into the module store and load the resulting
22 policy.
23
26 -b Read an existing binary policy module file rather than a source
27 policy module file. This option is a development/debugging aid.
28 -m Generate a non-base policy module.
30 -M Enable the MLS/MCS support when checking and compiling the pol‐
32 icy module.
33 -V
35 Show policy versions created by this program
36 -o filename
38 Write a binary policy module file to the specified filename.
39 Otherwise, checkmodule will only check the syntax of the module
40 source file and will not generate a binary module at all.
41
44 # Build a MLS/MCS-enabled non-base policy module.
45 $ checkmodule -M -m httpd.te -o httpd.mod
46
49 semodule(8), semodule_package(8) SELinux documentation at
50 http://www.nsa.gov/selinux, especially "Configuring the SELinux Pol‐
51 icy".
52
56 This manual page was copied from the checkpolicy man page written by
57 Arpad Magosanyi <mag@bunuel.tii.matav.hu>, and edited by Dan Walsh
58 <dwalsh@redhat.com>. The program was written by Stephen Smalley
59 <sds@epoch.ncsc.mil>.
60 CHECKMODULE(8)