sechecker

sechecker(1)							  sechecker(1)



NAME
       sechecker - SELinux policy checking tool

SYNOPSIS
       sechecker [OPTIONS] -m module		     Run module

       sechecker [OPTIONS] -p profile		     Run profile

       sechecker [OPTIONS] -m module -p profile	     Run module with profile

Description
       This manual page describes the sechecker command.

       sechecker  allows  the  user  to perform predefined modular checks on a
       SELinux policy.	Profiles exist to group	 modules  together  and	 allow
       modification of module settings (see below).

OPTIONS
       -l, --list
	      print a list of profiles and modules

       -q, --quiet
	      suppress output

       -s, --short
	      print short output

       -v, --verbose
	      print verbose output

       --version
	      print version and exit

       --fcfile=<file>
	      file_contexts file

       --policy=<file>
	      policy file

       -h[mod], --help[=module]
	      print general help or help for a module

       -m <mod>, --module=<mod>
	      module name

       -p <prof>, --profile=<prof>
	      profile name or path

       --min-sev=<low|med|high>
	      the minimum severity to report

PROFILE OPTIONS
       Profiles are used to group modules together, to specify the output for-
       mat for each module in the report, and to provide the ability to	 over-
       ride  the  modules’ default options.  Each profile is a well-formed XML
       document, as specified by the DTD installed with sechecker.  An example
       profile follows:

       <sechecker version="1.1">
	    <profile>
		 <module name="find_domains">
		      <output value="quiet"/>
		      <option name="domain_attribute">
			   <item value="domain"/>
			   <item value="user_domain"/>
			   ...
		      </option>
		 </module>
		 ...
	    </profile>
       </sechecker>

       The  example profile specifies the output property for the find_domains
       module.	The valid output values for each module are specified below:

       verbose:
	      prints each result in the report with an accompanying proof

       short: prints a list of results without an accompanying proof

       none:  does not print output in the report, however module errors  will
	      be printed

       quiet: does  not	 print output in the report and does not print errors,
	      (this is usefull for utility modules for which the calling  mod-
	      ule handles the errors)

       The   example   profile	also  overrides	 the  default  value  for  the
       "domain_attribute" option in the find_domains module.

AUTHOR
       This manual page was  written  by  Kevin	 Carr  <kcarr@tresys.com>  and
       Jeremy Mowery <jmowery@tresys.com>.

COPYRIGHT
       Copyright(C) 2006 Tresys Technology, LLC

SEE ALSO
       apol(1)



								  sechecker(1)

Personal Tools