CHECKPOLICY(8)CHECKPOLICY(8)NAMEcheckpolicy - SELinux policy compiler
SYNOPSIScheckpolicy [-b] [-d] [-M] [-U handle_unknown ] [-V] [-c policyvers]
[-o output_file] [input_file]
DESCRIPTION
This manual page describes the checkpolicy command.
checkpolicy is a program that checks and compiles a SELinux security
policy configuration into a binary representation that can be loaded
into the kernel. If no input file name is specified, checkpolicy will
attempt to read from policy.conf or policy, depending on whether the -b
flag is specified.
OPTIONS-b Read an existing binary policy file rather than a source pol‐
icy.conf file.
-d Enter debug mode after loading the policy.
-M Enable the MLS policy when checking and compiling the policy.
-o filename
Write a binary policy file to the specified filename.
-c policyvers
Specify the policy version, defaults to the latest.
-U OPTION
Tells the kernel how to handle unknown classes and permissions,
where OPTION is one of the following:
deny Deny unknown kernel checks
reject Reject loading of policy with unknowns
allow Allow unknown kernel checks
-V Show policy versions created by this program
SEE ALSO
SELinux documentation at http://www.nsa.gov/selinux, especially "Con‐
figuring the SELinux Policy".
AUTHOR
This manual page was written by Arpad Magosanyi
<mag@bunuel.tii.matav.hu>, and edited by Stephen Smalley
<sds@epoch.ncsc.mil>. The program was written by Stephen Smalley
<sds@epoch.ncsc.mil>.
CHECKPOLICY(8)