| .TH CHECKMODULE 8 |
| .SH NAME |
| checkmodule \- SELinux policy module compiler |
| .SH SYNOPSIS |
| .B checkmodule |
| .I "[-h] [-b] [-m] [-M] [-U handle_unknown ] [-V] [-o output_file] [input_file]" |
| .SH "DESCRIPTION" |
| This manual page describes the |
| .BR checkmodule |
| command. |
| .PP |
| .B checkmodule |
| is a program that checks and compiles a SELinux security policy module |
| into a binary representation. It can generate either a base policy |
| module (default) or a non-base policy module (-m option); typically, |
| you would build a non-base policy module to add to an existing module |
| store that already has a base module provided by the base policy. Use |
| semodule_package to combine this module with its optional file |
| contexts to create a policy package, and then use semodule to install |
| the module package into the module store and load the resulting policy. |
| |
| .SH OPTIONS |
| .TP |
| .B \-b,\-\-binary |
| Read an existing binary policy module file rather than a source policy |
| module file. This option is a development/debugging aid. |
| .TP |
| .B \-h,\-\-help |
| Print usage. |
| .TP |
| .B \-m |
| Generate a non-base policy module. |
| .TP |
| .B \-M,\-\-mls |
| Enable the MLS/MCS support when checking and compiling the policy module. |
| .TP |
| .B \-V,\-\-version |
| Show policy versions created by this program |
| .TP |
| .B \-o,\-\-output filename |
| Write a binary policy module file to the specified filename. |
| Otherwise, checkmodule will only check the syntax of the module source file |
| and will not generate a binary module at all. |
| .TP |
| .B \-U,\-\-handle-unknown <action> |
| Specify how the kernel should handle unknown classes or permissions (deny, allow or reject). |
| |
| .SH EXAMPLE |
| .nf |
| # Build a MLS/MCS-enabled non-base policy module. |
| $ checkmodule -M -m httpd.te -o httpd.mod |
| .fi |
| |
| .SH "SEE ALSO" |
| .B semodule(8), semodule_package(8) |
| SELinux documentation at http://www.nsa.gov/selinux, |
| especially "Configuring the SELinux Policy". |
| |
| |
| .SH AUTHOR |
| This manual page was copied from the checkpolicy man page |
| written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>, |
| and edited by Dan Walsh <dwalsh@redhat.com>. |
| The program was written by Stephen Smalley <sds@epoch.ncsc.mil>. |