NOTE: click here if you get an empty page.


CHECKPOLICY(8)							CHECKPOLICY(8)

NAME

checkpolicy - SELinux policy compiler

SYNOPSIS

checkpolicy [-b] [-d] [-M] [-U handle_unknown ] [-V] [-c policyvers] [-o output_file] [input_file]

DESCRIPTION

This manual page describes the checkpolicy command. checkpolicy is a program that checks and compiles a SELinux security policy configuration into a binary representation that can be loaded into the kernel. If no input file name is specified, checkpolicy will attempt to read from policy.conf or policy, depending on whether the -b flag is specified.

OPTIONS

-b Read an existing binary policy file rather than a source pol- icy.conf file. -d Enter debug mode after loading the policy. -M Enable the MLS policy when checking and compiling the policy. -o filename Write a binary policy file to the specified filename. -c policyvers Specify the policy version, defaults to the latest. -U OPTION Tells the kernel how to handle unknown classes and permissions, where OPTION is one of the following: deny Deny unknown kernel checks reject Reject loading of policy with unknowns allow Allow unknown kernel checks -V Show policy versions created by this program

SEE ALSO

SELinux documentation at http://www.nsa.gov/selinux, especially "Con- figuring the SELinux Policy".

AUTHOR

This manual page was written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>, and edited by Stephen Smalley <sds@epoch.ncsc.mil>. The program was written by Stephen Smalley <sds@epoch.ncsc.mil>. CHECKPOLICY(8)

1994 Man-cgi 1.15, Panagiotis Christias <christia@theseas.ntua.gr>