CentOS 7.0 - man page for sediff (centos section 1)

Linux & Unix Commands - Search Man Pages

Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


sediff(1)										sediff(1)

NAME
       sediff - SELinux policy difference tool

SYNOPSIS
       sediff [OPTIONS] [EXPRESSION] ORIGINAL_POLICY ; MODIFIED_POLICY

DESCRIPTION
       sediff allows the user to inspect the semantic differences between two SELinux policies.

POLICY
       sediff supports loading SELinux policies in one of four formats.

       source A  single  text file containing policy source for versions 12 through 21. This file
	      is usually named policy.conf.

       binary A single file containing a monolithic kernel binary policy for versions 15  through
	      21. This file is usually named by version - for example, policy.20.

       modular
	      A  list of policy packages each containing a loadable policy module. The first mod-
	      ule listed must be a base module.

       policy list
	      A single text file containing all the information needed to load a policy,  usually
	      exported by SETools graphical utilities.

       Policies  do  not  need	to be the same format. If not provided sediff will print an error
       message and exit.

EXPRESSIONS
       The user may specify an expression listing the policy elements to differentiate.   If  not
       provided, all supported policy elements sans neverallows are examined.

       -c, --class
	      Find  differences  in  permissions assigned to object classes and common permission
	      sets.

       --level
	      Find differences in categories authorized for MLS levels.

       --category
	      Find differences in category definitions.

       -t, --type
	      Find differences in attributes associated with types.

       -a, --attribute
	      Find differences in types assigned to attributes.

       -r, --role
	      Find differences in types authorized for roles.

       -u, --user
	      Find differences in roles authorized for users.

       -b, --bool
	      Find differences in the default values of booleans.

       -A, --allow
	      Find differences in allow rules.

       --auditallow
	      Find differences in auditallow rules.

       --dontaudit
	      Find differences in dontaudit rules.

       --neverallow
	      Find differences in neverallow rules.

       --type_trans
	      Find differences in type_transition rules.

       --type_member
	      Find differences in type_member rules.

       --type_change
	      Find differences in type_change rules.

       --role_trans
	      Find differences in  role_transition  rules.   This  includes  differences  in  the
	      default role.

       --role_allow
	      Find differences in role allow rules.

       --range_trans
	      Find  differences in range_transition rules.  This includes differences in the tar-
	      get MLS range.

OPTIONS
       -q, --quiet
	      If there are no differences for elements of a given kind,  suppress  status  output
	      for that kind of element.

       --stats
	      Print difference statistics only.

       -h, --help
	      Print help information and exit.

       -V, --version
	      Print version information and exit.

DIFFERENCES
       sediff categorizes differences in policy elements into one of three forms.

	      added  The element exists only in the modified policy.

	      removed
		     The element exists only in the original policy.

	      modified
		     The  element  exists  in both policies but its semantic meaning has changed.
		     For example, a class is modified if one or more  permissions  are	added  or
		     removed.

       For all rules with types as their source or target, two additional forms of difference are
       recognized.  This helps distinguish differences due to new types from differences in rules
       for existing types.

	      added, new type
		     The rule exists only in the modified policy; furthermore, one or more of the
		     types in the rule do not exist in the original policy.

	      removed, missing type
		     The rule exists only in the original policy; furthermore, one or more of the
		     types in the rule do not exist in the modified policy.

NOTE
       Most  shells  interpret	the semicolon as a metacharacter, thus requiring a backslash like
       so: sediff original.policy \; modified.policy

AUTHOR
       This manual page was written by Jeremy A. Mowery <jmowery@tresys.com>.

COPYRIGHT
       Copyright(C) 2004-2007 Tresys Technology, LLC

BUGS
       Please report bugs via an email to setools-bugs@tresys.com.

SEE ALSO
       sediffx(1)

											sediff(1)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 06:28 PM.

Unix & Linux Forums Content Copyright©1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password





Not a Forum Member?
Forgot Password?