diff options
Diffstat (limited to 'man/sediffx.1')
| -rw-r--r-- | man/sediffx.1 | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/man/sediffx.1 b/man/sediffx.1 new file mode 100644 index 0000000..d2ab486 --- /dev/null +++ b/man/sediffx.1 @@ -0,0 +1,75 @@ +.TH sediffx 1 +.SH NAME +sediffx \- graphical SELinux policy difference tool +.SH SYNOPSIS +.B sediffx +[\-d] [ORIGINAL_POLICY ; MODIFIED_POLICY] +.SH DESCRIPTION +.PP +.B sediffx +allows the user to graphically inspect the semantic differences between two SELinux policies. +All supported policy elements are examined. +.SH POLICY +.PP +.B +sediffx +supports loading SELinux policies in one of four formats. +.IP "source" +A single text file containing policy source for versions 12 through 21. This file is usually named policy.conf. +.IP "binary" +A single file containing a monolithic kernel binary policy for versions 15 through 21. This file is usually named by version - for example, policy.20. +.IP "modular" +A list of policy packages each containing a loadable policy module. The first module listed must be a base module. +.IP "policy list" +A single text file containing all the information needed to load a policy, usually exported by SETools graphical utilities. +.PP +Policies do not need to be the same format. If not provided +.B +sediffx +will begin with no policies loaded. +.SH OPTIONS +.IP "-d, --diff-now" +Load the policies and differentiate them immediately. +This option requires the user to specify the policies on the command line. +.IP "-h, --help" +Print help information and exit. +.IP "-V, --version" +Print version information and exit. +.SH DIFFERENCES +.PP +.B +sediffx +categorizes differences in policy elements into one of three forms. +.RS +.IP "added" +The element exists only in the modified policy. +.IP "removed" +The element exists only in the original policy. +.IP "modified" +The element exists in both policies but its semantic meaning has changed. +For example, a class is modified if one or more permissions are added or removed. +.RE +.PP +For all rules with types as their source or target, two additional forms of difference are recognized. +This helps distinguish differences due to new types from differences in rules for existing types. +.RS +.IP "added, new type" +The rule exists only in the modified policy; +furthermore, one or more of the types in the rule do not exist in the original policy. +.IP "removed, missing type" +The rule exists only in the original policy; +furthermore, one or more of the types in the rule do not exist in the modified policy. +.RE +.SH NOTE +Most shells interpret the semicolon as a metacharacter, thus requiring +a backslash like so: +.B +sediffx original.policy \\; modified.policy +.SH AUTHOR +This manual page was written by Jeremy A. Mowery <jmowery@tresys.com>. +.SH COPYRIGHT +Copyright(C) 2005-2007 Tresys Technology, LLC +.SH BUGS +Please report bugs via an email to setools-bugs@tresys.com. +.SH SEE ALSO +sediff(1) |