mirror of
https://github.com/SELinuxProject/selinux
synced 2025-01-27 15:52:58 +00:00
62a91d7d71
When the lexer encounters an unexpected character in a policy source file, it prints a warning, discards the character and moves on. In some build environments, these characters could be a symptom of an earlier problem, such as unintended results of expansion of preprocessor macros, and the ability to have the compiler halt on such issues would be helpful for diagnosis. Signed-off-by: Daniel Burgener <Daniel.Burgener@microsoft.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
73 lines
2.2 KiB
Groff
73 lines
2.2 KiB
Groff
.TH CHECKMODULE 8
|
|
.SH NAME
|
|
checkmodule \- SELinux policy module compiler
|
|
.SH SYNOPSIS
|
|
.B checkmodule
|
|
.I "[\-h] [\-b] [\-C] [\-m] [\-M] [\-U handle_unknown ] [\-V] [\-o output_file] [input_file]"
|
|
.SH "DESCRIPTION"
|
|
This manual page describes the
|
|
.BR checkmodule
|
|
command.
|
|
.PP
|
|
.B checkmodule
|
|
is a program that checks and compiles a SELinux security policy module
|
|
into a binary representation. It can generate either a base policy
|
|
module (default) or a non-base policy module (\-m option); typically,
|
|
you would build a non-base policy module to add to an existing module
|
|
store that already has a base module provided by the base policy. Use
|
|
semodule_package to combine this module with its optional file
|
|
contexts to create a policy package, and then use semodule to install
|
|
the module package into the module store and load the resulting policy.
|
|
|
|
.SH OPTIONS
|
|
.TP
|
|
.B \-b,\-\-binary
|
|
Read an existing binary policy module file rather than a source policy
|
|
module file. This option is a development/debugging aid.
|
|
.TP
|
|
.B \-C,\-\-cil
|
|
Write CIL policy file rather than binary policy file.
|
|
.TP
|
|
.B \-E,\-\-werror
|
|
Treat warnings as errors
|
|
.TP
|
|
.B \-h,\-\-help
|
|
Print usage.
|
|
.TP
|
|
.B \-m
|
|
Generate a non-base policy module.
|
|
.TP
|
|
.B \-M,\-\-mls
|
|
Enable the MLS/MCS support when checking and compiling the policy module.
|
|
.TP
|
|
.B \-V,\-\-version
|
|
Show policy versions created by this program.
|
|
.TP
|
|
.B \-o,\-\-output filename
|
|
Write a binary policy module file to the specified filename.
|
|
Otherwise, checkmodule will only check the syntax of the module source file
|
|
and will not generate a binary module at all.
|
|
.TP
|
|
.B \-U,\-\-handle-unknown <action>
|
|
Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
|
|
.TP
|
|
.B \-c policyvers
|
|
Specify the policy version, defaults to the latest.
|
|
|
|
.SH EXAMPLE
|
|
.nf
|
|
# Build a MLS/MCS-enabled non-base policy module.
|
|
$ checkmodule \-M \-m httpd.te \-o httpd.mod
|
|
.fi
|
|
|
|
.SH "SEE ALSO"
|
|
.B semodule(8), semodule_package(8)
|
|
SELinux Reference Policy documentation at https://github.com/SELinuxProject/refpolicy/wiki
|
|
|
|
|
|
.SH AUTHOR
|
|
This manual page was copied from the checkpolicy man page
|
|
written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
|
|
and edited by Dan Walsh <dwalsh@redhat.com>.
|
|
The program was written by Stephen Smalley <sds@tycho.nsa.gov>.
|