diff --git a/checkpolicy/checkmodule.8 b/checkpolicy/checkmodule.8
index e597d9d4..70e67f1e 100644
--- a/checkpolicy/checkmodule.8
+++ b/checkpolicy/checkmodule.8
@@ -28,6 +28,9 @@ module file.  This option is a development/debugging aid.
 .B \-C,\-\-cil
 Write CIL policy file rather than binary policy file.
 .TP
+.B \-E,\-\-werror
+Treat warnings as errors
+.TP
 .B \-h,\-\-help
 Print usage.
 .TP
diff --git a/checkpolicy/checkmodule.c b/checkpolicy/checkmodule.c
index c9efaf8b..ddf0700f 100644
--- a/checkpolicy/checkmodule.c
+++ b/checkpolicy/checkmodule.c
@@ -41,6 +41,7 @@ extern int optind;
 static sidtab_t sidtab;
 
 extern int mlspol;
+extern int werror;
 
 static int handle_unknown = SEPOL_DENY_UNKNOWN;
 static const char *txtfile = "policy.conf";
@@ -126,7 +127,7 @@ static int write_binary_policy(policydb_t * p, FILE *outfp)
 
 static __attribute__((__noreturn__)) void usage(const char *progname)
 {
-	printf("usage:  %s [-h] [-V] [-b] [-C] [-U handle_unknown] [-m] [-M] [-o FILE] [INPUT]\n", progname);
+	printf("usage:  %s [-h] [-V] [-b] [-C] [-E] [-U handle_unknown] [-m] [-M] [-o FILE] [INPUT]\n", progname);
 	printf("Build base and policy modules.\n");
 	printf("Options:\n");
 	printf("  INPUT      build module from INPUT (else read from \"%s\")\n",
@@ -134,6 +135,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname)
 	printf("  -V         show policy versions created by this program\n");
 	printf("  -b         treat input as a binary policy file\n");
 	printf("  -C         output CIL policy instead of binary policy\n");
+	printf("  -E         treat warnings as errors\n");
 	printf("  -h         print usage\n");
 	printf("  -U OPTION  How to handle unknown classes and permissions\n");
 	printf("               deny: Deny unknown kernel checks\n");
@@ -162,10 +164,11 @@ int main(int argc, char **argv)
 		{"handle-unknown", required_argument, NULL, 'U'},
 		{"mls", no_argument, NULL, 'M'},
 		{"cil", no_argument, NULL, 'C'},
+		{"werror", no_argument, NULL, 'E'},
 		{NULL, 0, NULL, 0}
 	};
 
-	while ((ch = getopt_long(argc, argv, "ho:bVU:mMCc:", long_options, NULL)) != -1) {
+	while ((ch = getopt_long(argc, argv, "ho:bVEU:mMCc:", long_options, NULL)) != -1) {
 		switch (ch) {
 		case 'h':
 			usage(argv[0]);
@@ -180,6 +183,9 @@ int main(int argc, char **argv)
 		case 'V':
 			show_version = 1;
 			break;
+		case 'E':
+			werror = 1;
+			break;
 		case 'U':
 			if (!strcasecmp(optarg, "deny")) {
 				handle_unknown = DENY_UNKNOWN;
diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
index 97e10ca7..3d7c7539 100644
--- a/checkpolicy/checkpolicy.8
+++ b/checkpolicy/checkpolicy.8
@@ -53,6 +53,9 @@ Specify the target platform (selinux or xen).
 .B \-O,\-\-optimize
 Optimize the final kernel policy (remove redundant rules).
 .TP
+.B \-E,\-\-werror
+Treat warnings as errors
+.TP
 .B \-V,\-\-version
 Show version information.
 .TP
diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index 7c5b63f8..b6e2d43a 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c
@@ -101,6 +101,7 @@ static sidtab_t sidtab;
 
 extern policydb_t *policydbp;
 extern int mlspol;
+extern int werror;
 
 static int handle_unknown = SEPOL_DENY_UNKNOWN;
 static const char *txtfile = "policy.conf";
@@ -113,7 +114,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname)
 	printf
 	    ("usage:  %s [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] "
 	     "[-c policyvers (%d-%d)] [-o output_file|-] [-S] "
-	     "[-t target_platform (selinux,xen)] [-V] [input_file]\n",
+	     "[-t target_platform (selinux,xen)] [-E] [-V] [input_file]\n",
 	     progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
 	exit(1);
 }
@@ -421,11 +422,12 @@ int main(int argc, char **argv)
 		{"conf",no_argument, NULL, 'F'},
 		{"sort", no_argument, NULL, 'S'},
 		{"optimize", no_argument, NULL, 'O'},
+		{"werror", no_argument, NULL, 'E'},
 		{"help", no_argument, NULL, 'h'},
 		{NULL, 0, NULL, 0}
 	};
 
-	while ((ch = getopt_long(argc, argv, "o:t:dbU:MCFSVc:Oh", long_options, NULL)) != -1) {
+	while ((ch = getopt_long(argc, argv, "o:t:dbU:MCFSVc:OEh", long_options, NULL)) != -1) {
 		switch (ch) {
 		case 'o':
 			outfile = optarg;
@@ -504,6 +506,9 @@ int main(int argc, char **argv)
 					policyvers = n;
 				break;
 			}
+		case 'E':
+			 werror = 1;
+			 break;
 		case 'h':
 		default:
 			usage(argv[0]);
diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
index 8c100f3d..094645d1 100644
--- a/checkpolicy/policy_scan.l
+++ b/checkpolicy/policy_scan.l
@@ -36,6 +36,7 @@ typedef int (* require_func_t)(void);
 
 static char linebuf[2][255];
 static unsigned int lno = 0;
+int werror = 0;
 int yywarn(const char *msg);
 
 void set_source_file(const char *name);
@@ -310,6 +311,9 @@ int yyerror(const char *msg)
 
 int yywarn(const char *msg)
 {
+	if (werror)
+		return yyerror(msg);
+
 	if (source_file[0])
 		fprintf(stderr, "%s:%ld:",
 			source_file, source_lineno);