checkpolicy manpage

Search topic Section

CHECKPOLICY(8)		    System Manager's Manual		CHECKPOLICY(8)

       checkpolicy - SELinux policy compiler

       checkpolicy   [-b]   [-d]   [-M]	  [-c	policyvers]  [-o  output_file]

       This manual page describes the checkpolicy command.

       checkpolicy is a program that checks and compiles  a  SELinux  security
       policy  configuration  into  a binary representation that can be loaded
       into the kernel.	 If no input file name is specified, checkpolicy  will
       attempt to read from policy.conf or policy, depending on whether the -b
       flag is specified.

	      Read an existing binary policy file rather than  a  source  pol-
	      icy.conf file.

	      Enter debug mode after loading the policy.

	      Enable the MLS policy when checking and compiling the policy.

       -o,--output filename
	      Write a binary policy file to the specified filename.

       -c policyvers
	      Specify the policy version, defaults to the latest.

	      Specify the target platform (selinux or xen).

       -U,--handle-unknown <action>
	      Specify  how the kernel should handle unknown classes or permis-
	      sions (deny, allow or reject).

	      Show version information.

	      Show usage information.

       SELinux	documentation  at  http://www.nsa.gov/research/selinux,	 espe-
       cially "Configuring the SELinux Policy".

       This	manual	   page	    was	   written    by    Arpad    Magosanyi
       <mag@bunuel.tii.matav.hu>,    and    edited    by    Stephen    Smalley
       <sds@epoch.ncsc.mil>.   The  program  was  written  by  Stephen Smalley