Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 1 | .TH CHECKMODULE 8 |
| 2 | .SH NAME |
| 3 | checkmodule \- SELinux policy module compiler |
| 4 | .SH SYNOPSIS |
| 5 | .B checkmodule |
James Carter | b1d9456 | 2015-04-01 10:05:04 -0400 | [diff] [blame] | 6 | .I "[\-h] [\-b] [\-C] [\-m] [\-M] [\-U handle_unknown ] [\-V] [\-o output_file] [input_file]" |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 7 | .SH "DESCRIPTION" |
| 8 | This manual page describes the |
| 9 | .BR checkmodule |
| 10 | command. |
| 11 | .PP |
| 12 | .B checkmodule |
| 13 | is a program that checks and compiles a SELinux security policy module |
| 14 | into a binary representation. It can generate either a base policy |
Laurent Bigonville | f074bb3 | 2013-05-10 14:45:18 +0200 | [diff] [blame] | 15 | module (default) or a non-base policy module (\-m option); typically, |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 16 | you would build a non-base policy module to add to an existing module |
| 17 | store that already has a base module provided by the base policy. Use |
| 18 | semodule_package to combine this module with its optional file |
| 19 | contexts to create a policy package, and then use semodule to install |
| 20 | the module package into the module store and load the resulting policy. |
| 21 | |
| 22 | .SH OPTIONS |
| 23 | .TP |
Guido Trentalancia | bf57d23 | 2009-11-02 18:14:28 +0100 | [diff] [blame] | 24 | .B \-b,\-\-binary |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 25 | Read an existing binary policy module file rather than a source policy |
| 26 | module file. This option is a development/debugging aid. |
| 27 | .TP |
James Carter | b1d9456 | 2015-04-01 10:05:04 -0400 | [diff] [blame] | 28 | .B \-C,\-\-cil |
| 29 | Write CIL policy file rather than binary policy file. |
| 30 | .TP |
Steve Lawrence | 8867e16 | 2010-06-14 14:45:46 -0400 | [diff] [blame] | 31 | .B \-h,\-\-help |
Daniel J Walsh | 36fe4c3 | 2010-06-14 14:44:44 -0400 | [diff] [blame] | 32 | Print usage. |
| 33 | .TP |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 34 | .B \-m |
| 35 | Generate a non-base policy module. |
| 36 | .TP |
Guido Trentalancia | bf57d23 | 2009-11-02 18:14:28 +0100 | [diff] [blame] | 37 | .B \-M,\-\-mls |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 38 | Enable the MLS/MCS support when checking and compiling the policy module. |
| 39 | .TP |
Guido Trentalancia | bf57d23 | 2009-11-02 18:14:28 +0100 | [diff] [blame] | 40 | .B \-V,\-\-version |
Gary Tierney | 4984a75 | 2019-04-17 17:37:30 +0100 | [diff] [blame] | 41 | Show policy versions created by this program. |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 42 | .TP |
Guido Trentalancia | bf57d23 | 2009-11-02 18:14:28 +0100 | [diff] [blame] | 43 | .B \-o,\-\-output filename |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 44 | Write a binary policy module file to the specified filename. |
| 45 | Otherwise, checkmodule will only check the syntax of the module source file |
| 46 | and will not generate a binary module at all. |
Guido Trentalancia | bf57d23 | 2009-11-02 18:14:28 +0100 | [diff] [blame] | 47 | .TP |
| 48 | .B \-U,\-\-handle-unknown <action> |
| 49 | Specify how the kernel should handle unknown classes or permissions (deny, allow or reject). |
Gary Tierney | 4984a75 | 2019-04-17 17:37:30 +0100 | [diff] [blame] | 50 | .TP |
| 51 | .B \-c policyvers |
| 52 | Specify the policy version, defaults to the latest. |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 53 | |
| 54 | .SH EXAMPLE |
| 55 | .nf |
| 56 | # Build a MLS/MCS-enabled non-base policy module. |
Laurent Bigonville | f074bb3 | 2013-05-10 14:45:18 +0200 | [diff] [blame] | 57 | $ checkmodule \-M \-m httpd.te \-o httpd.mod |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 58 | .fi |
| 59 | |
| 60 | .SH "SEE ALSO" |
| 61 | .B semodule(8), semodule_package(8) |
Dan Walsh | 18e3a8d | 2012-01-16 12:09:43 -0500 | [diff] [blame] | 62 | SELinux documentation at http://www.nsa.gov/research/selinux, |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 63 | especially "Configuring the SELinux Policy". |
| 64 | |
| 65 | |
| 66 | .SH AUTHOR |
| 67 | This manual page was copied from the checkpolicy man page |
| 68 | written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>, |
| 69 | and edited by Dan Walsh <dwalsh@redhat.com>. |
Stephen Smalley | 53bb2a1 | 2017-08-17 14:16:06 -0400 | [diff] [blame] | 70 | The program was written by Stephen Smalley <sds@tycho.nsa.gov>. |