diff options
Diffstat (limited to 'checkmodule.8')
-rw-r--r-- | checkmodule.8 | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/checkmodule.8 b/checkmodule.8 new file mode 100644 index 0000000..54680e3 --- /dev/null +++ b/checkmodule.8 @@ -0,0 +1,64 @@ +.TH CHECKMODULE 8 +.SH NAME +checkmodule \- SELinux policy module compiler +.SH SYNOPSIS +.B checkmodule +.I "[-h] [-b] [-m] [-M] [-U handle_unknown ] [-V] [-o output_file] [input_file]" +.SH "DESCRIPTION" +This manual page describes the +.BR checkmodule +command. +.PP +.B checkmodule +is a program that checks and compiles a SELinux security policy module +into a binary representation. It can generate either a base policy +module (default) or a non-base policy module (-m option); typically, +you would build a non-base policy module to add to an existing module +store that already has a base module provided by the base policy. Use +semodule_package to combine this module with its optional file +contexts to create a policy package, and then use semodule to install +the module package into the module store and load the resulting policy. + +.SH OPTIONS +.TP +.B \-b,\-\-binary +Read an existing binary policy module file rather than a source policy +module file. This option is a development/debugging aid. +.TP +.B \-h,\-\-help +Print usage. +.TP +.B \-m +Generate a non-base policy module. +.TP +.B \-M,\-\-mls +Enable the MLS/MCS support when checking and compiling the policy module. +.TP +.B \-V,\-\-version + Show policy versions created by this program +.TP +.B \-o,\-\-output filename +Write a binary policy module file to the specified filename. +Otherwise, checkmodule will only check the syntax of the module source file +and will not generate a binary module at all. +.TP +.B \-U,\-\-handle-unknown <action> +Specify how the kernel should handle unknown classes or permissions (deny, allow or reject). + +.SH EXAMPLE +.nf +# Build a MLS/MCS-enabled non-base policy module. +$ checkmodule -M -m httpd.te -o httpd.mod +.fi + +.SH "SEE ALSO" +.B semodule(8), semodule_package(8) +SELinux documentation at http://www.nsa.gov/selinux, +especially "Configuring the SELinux Policy". + + +.SH AUTHOR +This manual page was copied from the checkpolicy man page +written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>, +and edited by Dan Walsh <dwalsh@redhat.com>. +The program was written by Stephen Smalley <sds@epoch.ncsc.mil>. |