/

checkpolicy (8) Linux Manual Page

ByLinux Manual Posted on Updated on

checkpolicy – SELinux policy compiler

Synopsis

checkpolicy [-b] [-C] [-d] [-M] [-c policyvers] [-o output_file] [input_file]

Description

This manual page describes the checkpolicy command. checkpolicy is a program that checks and compiles a SELinux security policy configuration into a binary representation that can be loaded into the kernel. If no input file name is specified, checkpolicy will attempt to read from policy.conf or policy, depending on whether the -b flag is specified.

Options

-b,–binary

Read an existing binary policy file rather than a source policy.conf file.

-C,–cil

Write CIL policy file rather than binary policy file.

-d,–debug

Enter debug mode after loading the policy.

-M,–mls

Enable the MLS policy when checking and compiling the policy.

-o,–output filename

Write a binary policy file to the specified filename.

-c policyvers

Specify the policy version, defaults to the latest.

-t,–target

Specify the target platform (selinux or xen).

-U,–handle-unknown <action>

Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).

-V,–version

Show version information.

-h,–help

Show usage information.

See Also

SELinux documentation at http://www.nsa.gov/research/selinux, especially "Configuring the SELinux Policy".

Author

This manual page was written by Arpad Magosanyi <mag [at] bunuel.tii.matav.hu>, and edited by Stephen Smalley <sds [at] epoch.ncsc.mil>. The program was written by Stephen Smalley <sds [at] epoch.ncsc.mil>.

Leave a Reply

Your email address will not be published. Required fields are marked *