NAME checkmodule - SELinux policy module compiler
SYNOPSIS checkmodule [-b] [-d] [-m] [-M] [-o output_file] [input_file]
DESCRIPTION This manual page describes the checkmodule command.
checkmodule is a program that checks and compiles a SELinux security policy module into a binary representation. It can generate either a base policy module (default) or a non-base policy module (-m option); typically, you would build a non-base policy module to add to an existing module store that already has a base module provided by the base policy. Use semodule_package to combine this module with its optional file contexts to create a policy package, and then use semodule to install the module package into the module store and load the resulting policy.
OPTIONS -b Read an existing binary policy module file rather than a source policy mod- ule file. This option is a development/debugging aid.
-d Enter debug mode after loading the policy. This option is a develop- ment/debugging aid.
-m Generate a non-base policy module.
-M Enable the MLS/MCS support when checking and compiling the policy module.
-o filename Write a binary policy module file to the specified filename. Otherwise, checkmodule will only check the syntax of the module source file and will not generate a binary module at all.
EXAMPLE $ checkmodule -M -m httpd.te -o httpd.mod
SEE ALSO semodule(8), semodule_package(8) SELinux documentation at http://www.nsa.gov/selinux/docs.html, especially "Configuring the SELinux Policy".
AUTHOR This manual page was copied from the checkpolicy man page written by Arpad Magosanyi <firstname.lastname@example.org>, and edited by Dan Walsh <email@example.com>. The program was written by Stephen Smalley <firstname.lastname@example.org>.