SELinux/checkmodule

CHECKMODULE(8)                                                 CHECKMODULE(8)

NAME checkmodule - SELinux policy module compiler

SYNOPSIS checkmodule [-b] [-d]  [-m]  [-M]  [-o output_file]  [input_file]

DESCRIPTION This manual page describes the checkmodule command.

checkmodule is a program that checks and compiles a SELinux security policy module into a binary representation. It can  generate  either  a  base  policy  module (default) or  a  non-base  policy module (-m option); typically, you would build a non-base policy module to add to an existing module store that already has  a  base module provided  by  the base policy. Use semodule_package to combine this module with its optional file contexts to create a policy package, and then use  semodule to install the module package into the module store and load the resulting policy.

OPTIONS -b    Read an existing binary policy module file rather than a source policy  mod- ule file. This option is a development/debugging aid.

-d    Enter  debug  mode  after  loading  the  policy. This option is a develop- ment/debugging aid.

-m    Generate a non-base policy module.

-M    Enable the MLS/MCS support when checking and compiling the policy module.

-o filename Write a binary policy module file to the  specified  filename. Otherwise, checkmodule will  only  check the syntax of the module source file and will not generate a binary module at all.

EXAMPLE $ checkmodule -M -m httpd.te -o httpd.mod

SEE ALSO semodule(8),      semodule_package(8)       SELinux        documentation        at http://www.nsa.gov/selinux/docs.html,  especially "Configuring the SELinux Policy".

AUTHOR This manual page was copied  from  the  checkpolicy  man  page  written  by  Arpad Magosanyi ,  and edited by Dan Walsh . The program was written by Stephen Smalley .

CHECKMODULE(8)