summaryrefslogtreecommitdiff
path: root/checkmodule.8
diff options
context:
space:
mode:
Diffstat (limited to 'checkmodule.8')
-rw-r--r--checkmodule.864
1 files changed, 64 insertions, 0 deletions
diff --git a/checkmodule.8 b/checkmodule.8
new file mode 100644
index 0000000..54680e3
--- /dev/null
+++ b/checkmodule.8
@@ -0,0 +1,64 @@
+.TH CHECKMODULE 8
+.SH NAME
+checkmodule \- SELinux policy module compiler
+.SH SYNOPSIS
+.B checkmodule
+.I "[-h] [-b] [-m] [-M] [-U handle_unknown ] [-V] [-o output_file] [input_file]"
+.SH "DESCRIPTION"
+This manual page describes the
+.BR checkmodule
+command.
+.PP
+.B checkmodule
+is a program that checks and compiles a SELinux security policy module
+into a binary representation. It can generate either a base policy
+module (default) or a non-base policy module (-m option); typically,
+you would build a non-base policy module to add to an existing module
+store that already has a base module provided by the base policy. Use
+semodule_package to combine this module with its optional file
+contexts to create a policy package, and then use semodule to install
+the module package into the module store and load the resulting policy.
+
+.SH OPTIONS
+.TP
+.B \-b,\-\-binary
+Read an existing binary policy module file rather than a source policy
+module file. This option is a development/debugging aid.
+.TP
+.B \-h,\-\-help
+Print usage.
+.TP
+.B \-m
+Generate a non-base policy module.
+.TP
+.B \-M,\-\-mls
+Enable the MLS/MCS support when checking and compiling the policy module.
+.TP
+.B \-V,\-\-version
+ Show policy versions created by this program
+.TP
+.B \-o,\-\-output filename
+Write a binary policy module file to the specified filename.
+Otherwise, checkmodule will only check the syntax of the module source file
+and will not generate a binary module at all.
+.TP
+.B \-U,\-\-handle-unknown <action>
+Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
+
+.SH EXAMPLE
+.nf
+# Build a MLS/MCS-enabled non-base policy module.
+$ checkmodule -M -m httpd.te -o httpd.mod
+.fi
+
+.SH "SEE ALSO"
+.B semodule(8), semodule_package(8)
+SELinux documentation at http://www.nsa.gov/selinux,
+especially "Configuring the SELinux Policy".
+
+
+.SH AUTHOR
+This manual page was copied from the checkpolicy man page
+written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
+and edited by Dan Walsh <dwalsh@redhat.com>.
+The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 22:27:49 +0000