CHECKPOLICY(8)CHECKPOLICY(8)NAMEcheckpolicy - SELinux policy compiler
SYNOPSIScheckpolicy [-b] [-d] [-M] [-U handle_unknown ] [-V] [-c policyvers]
[-o output_file] [input_file]
This manual page describes the checkpolicy command.
checkpolicy is a program that checks and compiles a SELinux security
policy configuration into a binary representation that can be loaded
into the kernel. If no input file name is specified, checkpolicy will
attempt to read from policy.conf or policy, depending on whether the -b
flag is specified.
OPTIONS-b Read an existing binary policy file rather than a source pol‐
-d Enter debug mode after loading the policy.
-M Enable the MLS policy when checking and compiling the policy.
Write a binary policy file to the specified filename.
Specify the policy version, defaults to the latest.
Tells the kernel how to handle unknown classes and permissions,
where OPTION is one of the following:
deny Deny unknown kernel checks
reject Reject loading of policy with unknowns
allow Allow unknown kernel checks
-V Show policy versions created by this program
SELinux documentation at http://www.nsa.gov/selinux, especially "Con‐
figuring the SELinux Policy".
This manual page was written by Arpad Magosanyi
<email@example.com>, and edited by Stephen Smalley
<firstname.lastname@example.org>. The program was written by Stephen Smalley