checkpolicy − SELinux policy compiler
checkpolicy [−b] [−d] [−M] [−c policyvers] [−o output_file] [input_file]
This manual page describes the checkpolicy command.
checkpolicy is a program that checks and compiles a SELinux security policy configuration into a binary representation that can be loaded into the kernel. If no input file name is specified, checkpolicy will attempt to read from policy.conf or policy, depending on whether the −b flag is specified.
−b,−−binary
Read an existing binary policy file rather than a source policy.conf file.
−d,−−debug
Enter debug mode after loading the policy.
−M,−−mls
Enable the MLS policy when checking and compiling the policy.
−o,−−output filename
Write a binary policy file to the specified filename.
−c policyvers
Specify the policy version, defaults to the latest.
−t,−−target
Specify the target platform (selinux or xen).
−U,−−handle-unknown <action>
Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
−V,−−version
Show version information.
−h,−−help
Show usage information.
SELinux documentation at http://www.nsa.gov/research/selinux, especially "Configuring the SELinux Policy".
This manual page was written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>, and edited by Stephen Smalley <sds@epoch.ncsc.mil>. The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.