QA:Testcase checkpolicy

From Fedora Project Wiki

Description

This test case ensures that the checkpolicy utility can properly compile SELinux policy source files into a binary format.

Setup

Install the checkpolicy package: sudo dnf install checkpolicy.
Prepare an SELinux policy source file (for simplicity, you can use an existing .te file from the system, or write a basic one).

How to test

Use checkpolicy to compile the policy source file. Assuming your source file is named my_policy.te: checkpolicy -o my_policy.pp my_policy.te.
Check that the binary policy package my_policy.pp was created: ls -l my_policy.pp.
Optionally, load the policy module to see if it gets accepted by SELinux: semodule -i my_policy.pp.

Expected Results

The my_policy.pp binary policy file is generated without any errors.
If you've loaded the policy, it should be accepted by SELinux without errors.
Running semodule -l should list the loaded module (if you chose to load it).

Optional

For advanced testing:

Intentionally introduce errors into the policy source file to see if checkpolicy catches them.
Test more complex policy source files with different types of rules and see if they compile and load successfully.
Unload the policy module using semodule -r my_policy and ensure it's removed.

Retrieved from "https://fedoraproject.org/w/index.php?title=QA:Testcase_checkpolicy&oldid=686652"

About: Get Fedora Linux; Sponsors; Fedora Magazine; Legal

Support: Get Help; Ask Fedora; Common Issues; Fedora Developer Portal

Community: Join Fedora; About Fedora; Planet Fedora; Fedora Accounts

This is a community maintained site. Red Hat is not responsible for content.

© 2026 Red Hat, Inc. and others. Content is available under Attribution-Share Alike 4.0 International unless otherwise noted.

Fedora is sponsored by Red Hat. Learn more about the relationship between Red Hat and Fedora »