Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   8420 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

sechecker(1)							  sechecker(1)

NAME
       sechecker - SELinux policy checking tool

SYNOPSIS
       sechecker [OPTIONS] -m module		     Run module

       sechecker [OPTIONS] -p profile		     Run profile

       sechecker [OPTIONS] -m module -p profile	     Run module with profile

Description
       This manual page describes the sechecker command.

       sechecker  allows  the  user  to perform predefined modular checks on a
       SELinux policy.	Profiles exist to group	 modules  together  and	 allow
       modification of module settings (see below).

OPTIONS
       -l, --list
	      print a list of profiles and modules

       -q, --quiet
	      suppress output

       -s, --short
	      print short output

       -v, --verbose
	      print verbose output

       --version
	      print version and exit

       --fcfile=<file>
	      file_contexts file

       --policy=<file>
	      policy file

       -h[mod], --help[=module]
	      print general help or help for a module

       -m <mod>, --module=<mod>
	      module name

       -p <prof>, --profile=<prof>
	      profile name or path

       --min-sev=<low|med|high>
	      the minimum severity to report

PROFILE OPTIONS
       Profiles are used to group modules together, to specify the output for‐
       mat for each module in the report, and to provide the ability to	 over‐
       ride  the  modules' default options.  Each profile is a well-formed XML
       document, as specified by the DTD installed with sechecker.  An example
       profile follows:

       <sechecker version="1.1">
	    <profile>
		 <module name="find_domains">
		      <output value="quiet"/>
		      <option name="domain_attribute">
			   <item value="domain"/>
			   <item value="user_domain"/>
			   ...
		      </option>
		 </module>
		 ...
	    </profile>
       </sechecker>
       The  example profile specifies the output property for the find_domains
       module.	The valid output values for each module are specified below:

       verbose:
	      prints each result in the report with an accompanying proof

       short: prints a list of results without an accompanying proof

       none:  does not print output in the report, however module errors  will
	      be printed

       quiet: does  not	 print output in the report and does not print errors,
	      (this is usefull for utility modules for which the calling  mod‐
	      ule handles the errors)

       The   example   profile	also  overrides	 the  default  value  for  the
       "domain_attribute" option in the find_domains module.

AUTHOR
       This manual page was  written  by  Kevin	 Carr  <kcarr@tresys.com>  and
       Jeremy Mowery <jmowery@tresys.com>.

COPYRIGHT
       Copyright(C) 2006 Tresys Technology, LLC

SEE ALSO
       apol(1)

								  sechecker(1)

Vote for polarhome