sediffx(1)

1sediffx(1)                  General Commands Manual                 sediffx(1)
2
3
4

NAME

6       sediffx - graphical SELinux policy difference tool
7

SYNOPSIS

9       sediffx [-d] [ORIGINAL_POLICY ; MODIFIED_POLICY]
10

DESCRIPTION

12       sediffx allows the user to graphically inspect the semantic differences
13       between two SELinux policies.  All supported policy elements are  exam‐
14       ined.
15

POLICY

17       sediffx supports loading SELinux policies in one of four formats.
18
19       source A  single  text  file  containing  policy source for versions 12
20              through 21. This file is usually named policy.conf.
21
22       binary A single file containing a monolithic kernel binary  policy  for
23              versions  15 through 21. This file is usually named by version -
24              for example, policy.20.
25
26       modular
27              A list of policy packages each containing a loadable policy mod‐
28              ule. The first module listed must be a base module.
29
30       policy list
31              A single text file containing all the information needed to load
32              a policy, usually exported by SETools graphical utilities.
33
34       Policies do not need to be the same format.  If  not  provided  sediffx
35       will begin with no policies loaded.
36

OPTIONS

38       -d, --diff-now
39              Load  the  policies  and  differentiate  them immediately.  This
40              option requires the user to specify the policies on the  command
41              line.
42
43       -h, --help
44              Print help information and exit.
45
46       -V, --version
47              Print version information and exit.
48

DIFFERENCES

50       sediffx  categorizes  differences  in policy elements into one of three
51       forms.
52
53              added  The element exists only in the modified policy.
54
55              removed
56                     The element exists only in the original policy.
57
58              modified
59                     The element exists in  both  policies  but  its  semantic
60                     meaning has changed.  For example, a class is modified if
61                     one or more permissions are added or removed.
62
63       For all rules with types as their  source  or  target,  two  additional
64       forms of difference are recognized.  This helps distinguish differences
65       due to new types from differences in rules for existing types.
66
67              added, new type
68                     The rule exists only in the modified policy; furthermore,
69                     one  or more of the types in the rule do not exist in the
70                     original policy.
71
72              removed, missing type
73                     The rule exists only in the original policy; furthermore,
74                     one  or more of the types in the rule do not exist in the
75                     modified policy.
76

NOTE

78       Most shells interpret the semicolon as a metacharacter, thus  requiring
79       a backslash like so: sediffx original.policy \; modified.policy
80

AUTHOR

82       This manual page was written by Jeremy A. Mowery <jmowery@tresys.com>.
83

COPYRIGHT

85       Copyright(C) 2005-2007 Tresys Technology, LLC
86

BUGS

88       Please report bugs via an email to setools-bugs@tresys.com.
89