This manual page describes the
checkmodule
command.
checkmodule
is a program that checks and compiles a SELinux security policy module
into a binary representation. It can generate either a base policy
module (default) or a non-base policy module (-m option); typically,
you would build a non-base policy module to add to an existing module
store that already has a base module provided by the base policy. Use
semodule_package to combine this module with its optional file
contexts to create a policy package, and then use semodule to install
the module package into the module store and load the resulting policy.
OPTIONS
-b
Read an existing binary policy module file rather than a source policy
module file. This option is a development/debugging aid.
-d
Enter debug mode after loading the policy. This option is a
development/debugging aid.
-m
Generate a non-base policy module.
-M
Enable the MLS/MCS support when checking and compiling the policy module.
-o filename
Write a binary policy module file to the specified filename.
Otherwise, checkmodule will only check the syntax of the module source file
and will not generate a binary module at all.