RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

checkpolicy: Add examples to man pages 

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
This commit is contained in:
Vit Mojzis 2023-06-01 16:39:14 +02:00 committed by James Carter
parent 535dc2479b
commit 966de0c89e
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
checkpolicy/checkpolicy.8
View File

@ -12,8 +12,8 @@ command.
.PP
.B checkpolicy
is a program that checks and compiles a SELinux security policy configuration
into a binary representation that can be loaded into the kernel. If no
input file name is specified,
into a binary representation that can be loaded into the kernel.
If no input file name is specified,
.B checkpolicy
will attempt to read from policy.conf or policy, depending on whether the \-b
flag is specified.
@ -64,6 +64,17 @@ Show version information.
.B \-h,\-\-help
Show usage information.
.SH EXAMPLE
.nf
Generate policy.conf based on the system policy
# checkpolicy -b -M -F /etc/selinux/targeted/policy/policy.33 -o policy.conf
Recompile system policy so that unknown permissions are denied (uses policy.conf from ^^).
Note that binary policy extension represents its version, which is subject to change
# checkpolicy -M -U deny -o /etc/selinux/targeted/policy/policy.33 policy.conf
# load_policy
Generate CIL representation of current system policy
# checkpolicy -b -M -C /etc/selinux/targeted/policy/policy.33 -o policy.out
.SH "SEE ALSO"
SELinux Reference Policy documentation at https://github.com/SELinuxProject/refpolicy/wiki