CHECKPOLICY

Section: Maintenance Commands (8)
Page Index
 

NAME

checkpolicy - SELinux policy compiler  

SYNOPSIS

checkpolicy [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] [-c policyvers] [-o output_file] [-S] [-t target_platform (selinux,xen)] [-V] [input_file]
 

DESCRIPTION

This manual page describes the checkpolicy command.

checkpolicy is a program that checks and compiles a SELinux security policy configuration into a binary representation that can be loaded into the kernel. If no input file name is specified, checkpolicy will attempt to read from policy.conf or policy, depending on whether the -b flag is specified.

 

OPTIONS

-b,--binary
Read an existing binary policy file rather than a source policy.conf file.
-F,--conf
Write policy.conf file rather than binary policy file. Can only be used with binary policy file.
-C,--cil
Write CIL policy file rather than binary policy file.
-d,--debug
Enter debug mode after loading the policy.
-U,--handle-unknown <action>
Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
-M,--mls
Enable the MLS policy when checking and compiling the policy.
-c policyvers
Specify the policy version, defaults to the latest.
-o,--output filename
Write a binary policy file to the specified filename.
-S,--sort
Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc.
-t,--target
Specify the target platform (selinux or xen).
-V,--version
Show version information.
-h,--help
Show usage information.

 

SEE ALSO

SELinux documentation at http://www.nsa.gov/research/selinux, especially "Configuring the SELinux Policy".

 

AUTHOR

This manual page was written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>, and edited by Stephen Smalley <sds@tycho.nsa.gov>. The program was written by Stephen Smalley <sds@tycho.nsa.gov>.


 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
SEE ALSO
AUTHOR
LinuxReviews : manual page archive : man8