CHECKPOLICY

Section: Maintenance Commands (8) Local index Up

NAME

checkpolicy - SELinux policy compiler

SYNOPSIS

checkpolicy [-b] [-d] [-M] [-c policyvers] [-o output_file] [input_file]

DESCRIPTION

This manual page describes the checkpolicy command.

checkpolicy is a program that checks and compiles a SELinux security policy configuration into a binary representation that can be loaded into the kernel. If no input file name is specified, checkpolicy will attempt to read from policy.conf or policy, depending on whether the -b flag is specified.

OPTIONS

-b,--binary: Read an existing binary policy file rather than a source policy.conf file.
-d,--debug: Enter debug mode after loading the policy.
-M,--mls: Enable the MLS policy when checking and compiling the policy.
-o,--output filename: Write a binary policy file to the specified filename.
-c policyvers: Specify the policy version, defaults to the latest.
-t,--target: Specify the target platform (selinux or xen).
-U,--handle-unknown <action>: Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
-V,--version: Show version information.
-h,--help: Show usage information.

AUTHOR

This manual page was written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>, and edited by Stephen Smalley <sds@epoch.ncsc.mil>. The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.

This document was created by man2html, using the manual pages.
Time: 22:01:25 GMT, April 16, 2011