|
rpm-build |
631a05 |
.TH CHECKMODULE 8
|
|
rpm-build |
631a05 |
.SH NAME
|
|
rpm-build |
631a05 |
checkmodule \- SELinux policy module compiler
|
|
rpm-build |
631a05 |
.SH SYNOPSIS
|
|
rpm-build |
631a05 |
.B checkmodule
|
|
rpm-build |
631a05 |
.I "[\-h] [\-b] [\-C] [\-m] [\-M] [\-U handle_unknown ] [\-V] [\-o output_file] [input_file]"
|
|
rpm-build |
631a05 |
.SH "DESCRIPTION"
|
|
rpm-build |
631a05 |
This manual page describes the
|
|
rpm-build |
631a05 |
.BR checkmodule
|
|
rpm-build |
631a05 |
command.
|
|
rpm-build |
631a05 |
.PP
|
|
rpm-build |
631a05 |
.B checkmodule
|
|
rpm-build |
631a05 |
is a program that checks and compiles a SELinux security policy module
|
|
rpm-build |
631a05 |
into a binary representation. It can generate either a base policy
|
|
rpm-build |
631a05 |
module (default) or a non-base policy module (\-m option); typically,
|
|
rpm-build |
631a05 |
you would build a non-base policy module to add to an existing module
|
|
rpm-build |
631a05 |
store that already has a base module provided by the base policy. Use
|
|
rpm-build |
631a05 |
semodule_package to combine this module with its optional file
|
|
rpm-build |
631a05 |
contexts to create a policy package, and then use semodule to install
|
|
rpm-build |
631a05 |
the module package into the module store and load the resulting policy.
|
|
rpm-build |
631a05 |
|
|
rpm-build |
631a05 |
.SH OPTIONS
|
|
rpm-build |
631a05 |
.TP
|
|
rpm-build |
631a05 |
.B \-b,\-\-binary
|
|
rpm-build |
631a05 |
Read an existing binary policy module file rather than a source policy
|
|
rpm-build |
631a05 |
module file. This option is a development/debugging aid.
|
|
rpm-build |
631a05 |
.TP
|
|
rpm-build |
631a05 |
.B \-C,\-\-cil
|
|
rpm-build |
631a05 |
Write CIL policy file rather than binary policy file.
|
|
rpm-build |
631a05 |
.TP
|
|
rpm-build |
631a05 |
.B \-h,\-\-help
|
|
rpm-build |
631a05 |
Print usage.
|
|
rpm-build |
631a05 |
.TP
|
|
rpm-build |
631a05 |
.B \-m
|
|
rpm-build |
631a05 |
Generate a non-base policy module.
|
|
rpm-build |
631a05 |
.TP
|
|
rpm-build |
631a05 |
.B \-M,\-\-mls
|
|
rpm-build |
631a05 |
Enable the MLS/MCS support when checking and compiling the policy module.
|
|
rpm-build |
631a05 |
.TP
|
|
rpm-build |
631a05 |
.B \-V,\-\-version
|
|
rpm-build |
631a05 |
Show policy versions created by this program. Note that you cannot currently build older versions.
|
|
rpm-build |
631a05 |
.TP
|
|
rpm-build |
631a05 |
.B \-o,\-\-output filename
|
|
rpm-build |
631a05 |
Write a binary policy module file to the specified filename.
|
|
rpm-build |
631a05 |
Otherwise, checkmodule will only check the syntax of the module source file
|
|
rpm-build |
631a05 |
and will not generate a binary module at all.
|
|
rpm-build |
631a05 |
.TP
|
|
rpm-build |
631a05 |
.B \-U,\-\-handle-unknown <action>
|
|
rpm-build |
631a05 |
Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
|
|
rpm-build |
631a05 |
|
|
rpm-build |
631a05 |
.SH EXAMPLE
|
|
rpm-build |
631a05 |
.nf
|
|
rpm-build |
631a05 |
# Build a MLS/MCS-enabled non-base policy module.
|
|
rpm-build |
631a05 |
$ checkmodule \-M \-m httpd.te \-o httpd.mod
|
|
rpm-build |
631a05 |
.fi
|
|
rpm-build |
631a05 |
|
|
rpm-build |
631a05 |
.SH "SEE ALSO"
|
|
rpm-build |
631a05 |
.B semodule(8), semodule_package(8)
|
|
rpm-build |
631a05 |
SELinux documentation at http://www.nsa.gov/research/selinux,
|
|
rpm-build |
631a05 |
especially "Configuring the SELinux Policy".
|
|
rpm-build |
631a05 |
|
|
rpm-build |
631a05 |
|
|
rpm-build |
631a05 |
.SH AUTHOR
|
|
rpm-build |
631a05 |
This manual page was copied from the checkpolicy man page
|
|
rpm-build |
631a05 |
written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
|
|
rpm-build |
631a05 |
and edited by Dan Walsh <dwalsh@redhat.com>.
|
|
rpm-build |
631a05 |
The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
|