Codebase list checkpolicy / lintian-fixes/main checkpolicy.8
lintian-fixes/main

Tree @lintian-fixes/main (Download .tar.gz)

checkpolicy.8 @lintian-fixes/main 

173c669
 
 
 
 
57b5e08
173c669
 
 
 
 
 
 
 
 
57b5e08
 
 
 
173c669
 
 
0fffd02
173c669
 
5e129cd
 
 
85a6389
 
 
0fffd02
173c669
 
5e129cd
 
fd48bc0
0fffd02
03cdedc
 
5e129cd
 
 
0fffd02
05b67de
 
 
173c669
5e129cd
 
0fffd02
 
 
 
05b67de
 
 
b58e9be
 
 
0fffd02
 
 
 
 
173c669
 
05b67de
173c669
 
 
b58e9be
dc04b28
 
 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
.TH CHECKPOLICY 8
.SH NAME
checkpolicy \- SELinux policy compiler
.SH SYNOPSIS
.B checkpolicy
.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file|\-] [\-S] [\-t target_platform (selinux,xen)] [\-O] [\-E] [\-V] [input_file]"
.br
.SH "DESCRIPTION"
This manual page describes the
.BR checkpolicy
command.
.PP
.B checkpolicy
is a program that checks and compiles a SELinux security policy configuration
into a binary representation that can be loaded into the kernel.  If no 
input file name is specified,
.B checkpolicy
will attempt to read from policy.conf or policy, depending on whether the \-b
flag is specified.

.SH OPTIONS
.TP
.B \-b,\-\-binary
Read an existing binary policy file rather than a source policy.conf file.
.TP
.B \-F,\-\-conf
Write policy.conf file rather than binary policy file. Can only be used with binary policy file.
.TP
.B \-C,\-\-cil
Write CIL policy file rather than binary policy file.
.TP
.B \-d,\-\-debug
Enter debug mode after loading the policy.
.TP
.B \-U,\-\-handle-unknown <action>
Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
.TP
.B \-M,\-\-mls
Enable the MLS policy when checking and compiling the policy.
.TP
.B \-c policyvers
Specify the policy version, defaults to the latest.
.TP
.B \-o,\-\-output filename
Write a policy file (binary, policy.conf, or CIL policy)
to the specified filename. If - is given as filename,
write it to standard output.
.TP
.B \-S,\-\-sort
Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc.
.TP
.B \-t,\-\-target
Specify the target platform (selinux or xen).
.TP
.B \-O,\-\-optimize
Optimize the final kernel policy (remove redundant rules).
.TP
.B \-E,\-\-werror
Treat warnings as errors
.TP
.B \-V,\-\-version
Show version information.
.TP
.B \-h,\-\-help
Show usage information.

.SH "SEE ALSO"
SELinux Reference Policy documentation at https://github.com/SELinuxProject/refpolicy/wiki


.SH AUTHOR
This manual page was written by Árpád Magosányi <mag@bunuel.tii.matav.hu>,
and edited by Stephen Smalley <sds@tycho.nsa.gov>.
The program was written by Stephen Smalley <sds@tycho.nsa.gov>.