checkmodule - SELinux policy module compiler
checkmodule [-h] [-b] [-c policy_version] [-C] [-E] [-m] [-M] [-U
handle_unknown] [-V] [-o output_file] [input_file]
This manual page describes the
checkmodule command.
checkmodule is a program that checks and compiles a SELinux security
policy module into a binary representation. It can generate either a base
policy module (default) or a non-base policy module (-m option); typically,
you would build a non-base policy module to add to an existing module store
that already has a base module provided by the base policy. Use
semodule_package(8) to combine this module with its optional file
contexts to create a policy package, and then use
semodule(8) to
install the module package into the module store and load the resulting
policy.
- -b,--binary
- Read an existing binary policy module file rather than a
source policy module file. This option is a development/debugging
aid.
- -C,--cil
- Write CIL policy file rather than binary policy file.
- -E,--werror
- Treat warnings as errors
- -h,--help
- Print usage.
- -m
- Generate a non-base policy module.
- -M,--mls
- Enable the MLS/MCS support when checking and compiling the
policy module.
- -V,--version
- Show policy versions created by this program.
- -o,--output filename
- Write a binary policy module file to the specified
filename. Otherwise, checkmodule will only check the syntax of the module
source file and will not generate a binary module at all.
- -U,--handle-unknown <action>
- Specify how the kernel should handle unknown classes or
permissions (deny, allow or reject).
- -c policyvers
- Specify the policy version, defaults to the latest.
# Build a MLS/MCS-enabled non-base policy module.
$ checkmodule -M -m httpd.te -o httpd.mod
semodule(8),
semodule_package(8) SELinux Reference Policy documentation
at
https://github.com/SELinuxProject/refpolicy/wiki
This manual page was copied from the checkpolicy man page written by
Árpád Magosányi <
[email protected]>, and
edited by Dan Walsh <
[email protected]>. The program was written by
Stephen Smalley <
[email protected]>.