3
checkmodule \- SELinux policy module compiler
6
.I "[-b] [-d] [-m] [-M] [-o output_file] [input_file]"
8
This manual page describes the
13
is a program that checks and compiles a SELinux security policy module
14
into a binary representation. It can generate either a base policy
15
module (default) or a non-base policy module (-m option); typically,
16
you would build a non-base policy module to add to an existing module
17
store that already has a base module provided by the base policy. Use
18
semodule_package to combine this module with its optional file
19
contexts to create a policy package, and then use semodule to install
20
the module package into the module store and load the resulting policy.
25
Read an existing binary policy module file rather than a source policy
26
module file. This option is a development/debugging aid.
29
Enter debug mode after loading the policy. This option is a
30
development/debugging aid.
33
Generate a non-base policy module.
36
Enable the MLS/MCS support when checking and compiling the policy module.
39
Write a binary policy module file to the specified filename.
40
Otherwise, checkmodule will only check the syntax of the module source file
41
and will not generate a binary module at all.
45
# Build a MLS/MCS-enabled non-base policy module.
46
$ checkmodule -M -m httpd.te -o httpd.mod
50
.B semodule(8), semodule_package(8)
51
SELinux documentation at http://www.nsa.gov/selinux/docs.html,
52
especially "Configuring the SELinux Policy".
56
This manual page was copied from the checkpolicy man page
57
written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
58
and edited by Dan Walsh <dwalsh@redhat.com>.
59
The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.