.TH CHECKPOLICY 8
.SH NAME
checkpolicy \- SELinux policy compiler
.SH SYNOPSIS
.B checkpolicy
.I "[\-b[F]] [\-C] [\-d] [\-M] [\-c policyvers] [\-o output_file] [input_file]"
.br
.SH "DESCRIPTION"
This manual page describes the
.BR checkpolicy
command.
.PP
.B checkpolicy
is a program that checks and compiles a SELinux security policy configuration
into a binary representation that can be loaded into the kernel.  If no 
input file name is specified, checkpolicy will attempt to read from
policy.conf or policy, depending on whether the \-b flag is specified.

.SH OPTIONS
.TP
.B \-b,\-\-binary
Read an existing binary policy file rather than a source policy.conf file.
.TP
.B \-C,\-\-cil
Write CIL policy file rather than binary policy file.
.TP
.B \-d,\-\-debug
Enter debug mode after loading the policy.
.TP
.B \-F,\-\-conf
Write policy.conf file rather than binary policy file. Can only be used with binary policy file.
.TP
.B \-M,\-\-mls
Enable the MLS policy when checking and compiling the policy.
.TP
.B \-o,\-\-output filename
Write a binary policy file to the specified filename.
.TP
.B \-c policyvers
Specify the policy version, defaults to the latest.
.TP
.B \-t,\-\-target
Specify the target platform (selinux or xen).
.TP
.B \-U,\-\-handle-unknown <action>
Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
.TP
.B \-V,\-\-version
Show version information.
.TP
.B \-h,\-\-help
Show usage information.

.SH "SEE ALSO"
SELinux documentation at http://www.nsa.gov/research/selinux,
especially "Configuring the SELinux Policy".


.SH AUTHOR
This manual page was written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
and edited by Stephen Smalley <sds@tycho.nsa.gov>.
The program was written by Stephen Smalley <sds@tycho.nsa.gov>.