|
HTML rendering created 2024-06-26 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|
|
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | SEE ALSO | AUTHOR | COLOPHON |
|
|
|
CHECKPOLICY(8) System Manager's Manual CHECKPOLICY(8)
checkpolicy - SELinux policy compiler
checkpolicy [-b[F]] [-C] [-d] [-U handle_unknown
(allow,deny,reject)] [-M] [-c policyvers] [-o output_file|-] [-S]
[-t target_platform (selinux,xen)] [-O] [-E] [-V] [input_file]
This manual page describes the checkpolicy command.
checkpolicy is a program that checks and compiles a SELinux
security policy configuration into a binary representation that
can be loaded into the kernel. If no input file name is
specified, checkpolicy will attempt to read from policy.conf or
policy, depending on whether the -b flag is specified.
-b,--binary
Read an existing binary policy file rather than a source
policy.conf file.
-F,--conf
Write policy.conf file rather than binary policy file. Can
only be used with binary policy file.
-C,--cil
Write CIL policy file rather than binary policy file.
-d,--debug
Enter debug mode after loading the policy.
-U,--handle-unknown <action>
Specify how the kernel should handle unknown classes or
permissions (deny, allow or reject).
-M,--mls
Enable the MLS policy when checking and compiling the
policy.
-c policyvers
Specify the policy version, defaults to the latest.
-o,--output filename
Write a policy file (binary, policy.conf, or CIL policy)
to the specified filename. If - is given as filename,
write it to standard output.
-S,--sort
Sort ocontexts before writing out the binary policy. This
option makes output of checkpolicy consistent with binary
policies created by semanage and secilc.
-t,--target
Specify the target platform (selinux or xen).
-O,--optimize
Optimize the final kernel policy (remove redundant rules).
-E,--werror
Treat warnings as errors
-V,--version
Show version information.
-h,--help
Show usage information.
SELinux Reference Policy documentation at
https://github.com/SELinuxProject/refpolicy/wiki
This manual page was written by Árpád Magosányi
<mag@bunuel.tii.matav.hu>, and edited by Stephen Smalley
<sds@tycho.nsa.gov>. The program was written by Stephen Smalley
<sds@tycho.nsa.gov>.
This page is part of the selinux (Security-Enhanced Linux user-
space libraries and tools) project. Information about the
project can be found at
⟨https://github.com/SELinuxProject/selinux/wiki⟩. If you have a
bug report for this manual page, see
⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩.
This page was obtained from the project's upstream Git repository
⟨https://github.com/SELinuxProject/selinux⟩ on 2024-06-14. (At
that time, the date of the most recent commit that was found in
the repository was 2023-05-11.) If you discover any rendering
problems in this HTML version of the page, or you believe there
is a better or more up-to-date source for the page, or you have
corrections or improvements to the information in this COLOPHON
(which is not part of the original manual page), send a mail to
man-pages@man7.org
CHECKPOLICY(8)
Pages that refer to this page: restorecon(8), setfiles(8)
|
HTML rendering created 2024-06-26 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|