checkpolicy/checkmodule.8 - platform/external/selinux - Git at Google

 .TH CHECKMODULE 8
 .SH NAME
 checkmodule \- SELinux policy module compiler
 .SH SYNOPSIS
 .B checkmodule
 .I "[\-h] [\-b] [\-c policy_version] [\-C] [\-E] [\-m] [\-M] [\-U handle_unknown] [\-V] [\-o output_file] [input_file]"
 .SH "DESCRIPTION"
 This manual page describes the
 .BR checkmodule
 command.
 .PP
 .B checkmodule
 is a program that checks and compiles a SELinux security policy module
 into a binary representation.  It can generate either a base policy
 module (default) or a non-base policy module (\-m option); typically,
 you would build a non-base policy module to add to an existing module
 store that already has a base module provided by the base policy.  Use
 .B semodule_package(8)
 to combine this module with its optional file
 contexts to create a policy package, and then use
 .B semodule(8)
 to install the module package into the module store and load the resulting
 policy.

 .SH OPTIONS
 .TP
 .B \-b,\-\-binary
 Read an existing binary policy module file rather than a source policy
 module file.  This option is a development/debugging aid.
 .TP
 .B \-C,\-\-cil
 Write CIL policy file rather than binary policy file.
 .TP
 .B \-E,\-\-werror
 Treat warnings as errors
 .TP
 .B \-h,\-\-help
 Print usage.
 .TP
 .B \-m
 Generate a non-base policy module.
 .TP
 .B \-M,\-\-mls
 Enable the MLS/MCS support when checking and compiling the policy module.
 .TP
 .B \-V,\-\-version
 Show policy versions created by this program.
 .TP
 .B \-o,\-\-output filename
 Write a binary policy module file to the specified filename.
 Otherwise, checkmodule will only check the syntax of the module source file
 and will not generate a binary module at all.
 .TP
 .B \-U,\-\-handle-unknown <action>
 Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
 .TP
 .B \-c policyvers
 Specify the policy version, defaults to the latest.

 .SH EXAMPLE
 .nf
 # Build a MLS/MCS-enabled non-base policy module.
 $ checkmodule \-M \-m httpd.te \-o httpd.mod
 .fi

 .SH "SEE ALSO"
 .B semodule(8), semodule_package(8)
 SELinux Reference Policy documentation at https://github.com/SELinuxProject/refpolicy/wiki


 .SH AUTHOR
 This manual page was copied from the checkpolicy man page
 written by Árpád Magosányi <mag@bunuel.tii.matav.hu>,
 and edited by Dan Walsh <dwalsh@redhat.com>.
 The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
	.TH CHECKMODULE 8
	.SH NAME
	checkmodule \- SELinux policy module compiler
	.SH SYNOPSIS
	.B checkmodule
	.I "[\-h] [\-b] [\-c policy_version] [\-C] [\-E] [\-m] [\-M] [\-U handle_unknown] [\-V] [\-o output_file] [input_file]"
	.SH "DESCRIPTION"
	This manual page describes the
	.BR checkmodule
	command.
	.PP
	.B checkmodule
	is a program that checks and compiles a SELinux security policy module
	into a binary representation. It can generate either a base policy
	module (default) or a non-base policy module (\-m option); typically,
	you would build a non-base policy module to add to an existing module
	store that already has a base module provided by the base policy. Use
	.B semodule_package(8)
	to combine this module with its optional file
	contexts to create a policy package, and then use
	.B semodule(8)
	to install the module package into the module store and load the resulting
	policy.

	.SH OPTIONS
	.TP
	.B \-b,\-\-binary
	Read an existing binary policy module file rather than a source policy
	module file. This option is a development/debugging aid.
	.TP
	.B \-C,\-\-cil
	Write CIL policy file rather than binary policy file.
	.TP
	.B \-E,\-\-werror
	Treat warnings as errors
	.TP
	.B \-h,\-\-help
	Print usage.
	.TP
	.B \-m
	Generate a non-base policy module.
	.TP
	.B \-M,\-\-mls
	Enable the MLS/MCS support when checking and compiling the policy module.
	.TP
	.B \-V,\-\-version
	Show policy versions created by this program.
	.TP
	.B \-o,\-\-output filename
	Write a binary policy module file to the specified filename.
	Otherwise, checkmodule will only check the syntax of the module source file
	and will not generate a binary module at all.
	.TP
	.B \-U,\-\-handle-unknown <action>
	Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
	.TP
	.B \-c policyvers
	Specify the policy version, defaults to the latest.

	.SH EXAMPLE
	.nf
	# Build a MLS/MCS-enabled non-base policy module.
	$ checkmodule \-M \-m httpd.te \-o httpd.mod
	.fi

	.SH "SEE ALSO"
	.B semodule(8), semodule_package(8)
	SELinux Reference Policy documentation at https://github.com/SELinuxProject/refpolicy/wiki


	.SH AUTHOR
	This manual page was copied from the checkpolicy man page
	written by Árpád Magosányi <mag@bunuel.tii.matav.hu>,
	and edited by Dan Walsh <dwalsh@redhat.com>.
	The program was written by Stephen Smalley <sds@tycho.nsa.gov>.