CHECKPOLICY(8) System Manager's Manual CHECKPOLICY(8)
checkpolicy - SELinux policy compiler
checkpolicy [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] [-c policyvers] [-o output_file|-] [-S] [-t target_platform (selinux,xen)] [-V] [input_file]
This manual page describes the checkpolicy command. checkpolicy is a program that checks and compiles a SELinux security policy configuration into a binary representation that can be loaded into the kernel. If no input file name is specified, checkpolicy will attempt to read from policy.conf or policy, depending on whether the -b flag is specified.
-b,--binary Read an existing binary policy file rather than a source policy.conf file. -F,--conf Write policy.conf file rather than binary policy file. Can only be used with binary policy file. -C,--cil Write CIL policy file rather than binary policy file. -d,--debug Enter debug mode after loading the policy. -U,--handle-unknown <action> Specify how the kernel should handle unknown classes or permissions (deny, allow or reject). -M,--mls Enable the MLS policy when checking and compiling the policy. -c policyvers Specify the policy version, defaults to the latest. -o,--output filename Write a policy file (binary, policy.conf, or CIL policy) to the specified filename. If - is given as filename, write it to standard output. -S,--sort Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc. -t,--target Specify the target platform (selinux or xen). -O,--optimize Optimize the final kernel policy (remove redundant rules). -E,--werror Treat warnings as errors -V,--version Show version information. -h,--help Show usage information.
SELinux Reference Policy documentation at https://github.com/SELinuxProject/refpolicy/wiki
This manual page was written by Árpád Magosányi <firstname.lastname@example.org>, and edited by Stephen Smalley <email@example.com>. The program was written by Stephen Smalley <firstname.lastname@example.org>.
This page is part of the selinux (Security-Enhanced Linux user- space libraries and tools) project. Information about the project can be found at ⟨https://github.com/SELinuxProject/selinux/wiki⟩. If you have a bug report for this manual page, see ⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩. This page was obtained from the project's upstream Git repository ⟨https://github.com/SELinuxProject/selinux⟩ on 2021-08-27. (At that time, the date of the most recent commit that was found in the repository was 2021-08-23.) If you discover any rendering problems in this HTML version of the page, or you believe there is a better or more up-to-date source for the page, or you have corrections or improvements to the information in this COLOPHON (which is not part of the original manual page), send a mail to email@example.com CHECKPOLICY(8)
Pages that refer to this page: restorecon(8), setfiles(8)