|
HTML rendering created 2024-06-26 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|
|
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLE | SEE ALSO | AUTHOR | COLOPHON |
|
|
|
CHECKMODULE(8) System Manager's Manual CHECKMODULE(8)
checkmodule - SELinux policy module compiler
checkmodule [-h] [-b] [-c policy_version] [-C] [-E] [-m] [-M] [-U
handle_unknown] [-V] [-o output_file] [input_file]
This manual page describes the checkmodule command.
checkmodule is a program that checks and compiles a SELinux
security policy module into a binary representation. It can
generate either a base policy module (default) or a non-base
policy module (-m option); typically, you would build a non-base
policy module to add to an existing module store that already has
a base module provided by the base policy. Use
semodule_package(8) to combine this module with its optional file
contexts to create a policy package, and then use semodule(8) to
install the module package into the module store and load the
resulting policy.
-b,--binary
Read an existing binary policy module file rather than a
source policy module file. This option is a
development/debugging aid.
-C,--cil
Write CIL policy file rather than binary policy file.
-E,--werror
Treat warnings as errors
-h,--help
Print usage.
-m Generate a non-base policy module.
-M,--mls
Enable the MLS/MCS support when checking and compiling the
policy module.
-V,--version
Show policy versions created by this program.
-o,--output filename
Write a binary policy module file to the specified
filename. Otherwise, checkmodule will only check the
syntax of the module source file and will not generate a
binary module at all.
-U,--handle-unknown <action>
Specify how the kernel should handle unknown classes or
permissions (deny, allow or reject).
-c policyvers
Specify the policy version, defaults to the latest.
# Build a MLS/MCS-enabled non-base policy module.
$ checkmodule -M -m httpd.te -o httpd.mod
semodule(8), semodule_package(8) SELinux Reference Policy
documentation at https://github.com/SELinuxProject/refpolicy/wiki
This manual page was copied from the checkpolicy man page written
by Árpád Magosányi <mag@bunuel.tii.matav.hu>, and edited by Dan
Walsh <dwalsh@redhat.com>. The program was written by Stephen
Smalley <sds@tycho.nsa.gov>.
This page is part of the selinux (Security-Enhanced Linux user-
space libraries and tools) project. Information about the
project can be found at
⟨https://github.com/SELinuxProject/selinux/wiki⟩. If you have a
bug report for this manual page, see
⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩.
This page was obtained from the project's upstream Git repository
⟨https://github.com/SELinuxProject/selinux⟩ on 2024-06-14. (At
that time, the date of the most recent commit that was found in
the repository was 2023-05-11.) If you discover any rendering
problems in this HTML version of the page, or you believe there
is a better or more up-to-date source for the page, or you have
corrections or improvements to the information in this COLOPHON
(which is not part of the original manual page), send a mail to
man-pages@man7.org
CHECKMODULE(8)
Pages that refer to this page: semodule(8)
|
HTML rendering created 2024-06-26 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|