Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 1 | .TH CHECKPOLICY 8 |
| 2 | .SH NAME |
| 3 | checkpolicy \- SELinux policy compiler |
| 4 | .SH SYNOPSIS |
| 5 | .B checkpolicy |
James Carter | b1d9456 | 2015-04-01 10:05:04 -0400 | [diff] [blame] | 6 | .I "[\-b] [\-C] [\-d] [\-M] [\-c policyvers] [\-o output_file] [input_file]" |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 7 | .br |
| 8 | .SH "DESCRIPTION" |
| 9 | This manual page describes the |
| 10 | .BR checkpolicy |
| 11 | command. |
| 12 | .PP |
| 13 | .B checkpolicy |
| 14 | is a program that checks and compiles a SELinux security policy configuration |
| 15 | into a binary representation that can be loaded into the kernel. If no |
| 16 | input file name is specified, checkpolicy will attempt to read from |
Laurent Bigonville | f074bb3 | 2013-05-10 14:45:18 +0200 | [diff] [blame] | 17 | policy.conf or policy, depending on whether the \-b flag is specified. |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 18 | |
| 19 | .SH OPTIONS |
| 20 | .TP |
Guido Trentalancia | bf57d23 | 2009-11-02 18:14:28 +0100 | [diff] [blame] | 21 | .B \-b,\-\-binary |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 22 | Read an existing binary policy file rather than a source policy.conf file. |
| 23 | .TP |
James Carter | b1d9456 | 2015-04-01 10:05:04 -0400 | [diff] [blame] | 24 | .B \-C,\-\-cil |
| 25 | Write CIL policy file rather than binary policy file. |
| 26 | .TP |
Guido Trentalancia | bf57d23 | 2009-11-02 18:14:28 +0100 | [diff] [blame] | 27 | .B \-d,\-\-debug |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 28 | Enter debug mode after loading the policy. |
| 29 | .TP |
Guido Trentalancia | bf57d23 | 2009-11-02 18:14:28 +0100 | [diff] [blame] | 30 | .B \-M,\-\-mls |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 31 | Enable the MLS policy when checking and compiling the policy. |
| 32 | .TP |
Guido Trentalancia | bf57d23 | 2009-11-02 18:14:28 +0100 | [diff] [blame] | 33 | .B \-o,\-\-output filename |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 34 | Write a binary policy file to the specified filename. |
| 35 | .TP |
| 36 | .B \-c policyvers |
| 37 | Specify the policy version, defaults to the latest. |
Guido Trentalancia | bf57d23 | 2009-11-02 18:14:28 +0100 | [diff] [blame] | 38 | .TP |
| 39 | .B \-t,\-\-target |
| 40 | Specify the target platform (selinux or xen). |
| 41 | .TP |
| 42 | .B \-U,\-\-handle-unknown <action> |
| 43 | Specify how the kernel should handle unknown classes or permissions (deny, allow or reject). |
| 44 | .TP |
| 45 | .B \-V,\-\-version |
| 46 | Show version information. |
| 47 | .TP |
| 48 | .B \-h,\-\-help |
| 49 | Show usage information. |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 50 | |
| 51 | .SH "SEE ALSO" |
Dan Walsh | 18e3a8d | 2012-01-16 12:09:43 -0500 | [diff] [blame] | 52 | SELinux documentation at http://www.nsa.gov/research/selinux, |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 53 | especially "Configuring the SELinux Policy". |
| 54 | |
| 55 | |
| 56 | .SH AUTHOR |
| 57 | This manual page was written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>, |
| 58 | and edited by Stephen Smalley <sds@epoch.ncsc.mil>. |
| 59 | The program was written by Stephen Smalley <sds@epoch.ncsc.mil>. |