Man Linux: Main Page and Category List

NAME

       sediffx - graphical SELinux policy difference tool

SYNOPSIS

       sediffx [-d] [ORIGINAL_POLICY ; MODIFIED_POLICY]

DESCRIPTION

       sediffx allows the user to graphically inspect the semantic differences
       between two  SELinux  policies.   All  supported  policy  elements  are
       examined.

POLICY

       sediffx supports loading SELinux policies in one of four formats.

       source A  single  text  file  containing  policy source for versions 12
              through 21. This file is usually named policy.conf.

       binary A single file containing a monolithic kernel binary  policy  for
              versions  15 through 21. This file is usually named by version -
              for example, policy.20.

       modular
              A list of policy packages  each  containing  a  loadable  policy
              module. The first module listed must be a base module.

       policy list
              A single text file containing all the information needed to load
              a policy, usually exported by SETools graphical utilities.

       Policies do not need to be the same format.  If  not  provided  sediffx
       will begin with no policies loaded.

OPTIONS

       -d, --diff-now
              Load  the  policies  and  differentiate  them immediately.  This
              option requires the user to specify the policies on the  command
              line.

       -h, --help
              Print help information and exit.

       -V, --version
              Print version information and exit.

DIFFERENCES

       sediffx  categorizes  differences  in policy elements into one of three
       forms.

              added  The element exists only in the modified policy.

              removed
                     The element exists only in the original policy.

              modified
                     The element exists in  both  policies  but  its  semantic
                     meaning has changed.  For example, a class is modified if
                     one or more permissions are added or removed.

       For all rules with types as their  source  or  target,  two  additional
       forms of difference are recognized.  This helps distinguish differences
       due to new types from differences in rules for existing types.

              added, new type
                     The rule exists only in the modified policy; furthermore,
                     one  or more of the types in the rule do not exist in the
                     original policy.

              removed, missing type
                     The rule exists only in the original policy; furthermore,
                     one  or more of the types in the rule do not exist in the
                     modified policy.

NOTE

       Most shells interpret the semicolon as a metacharacter, thus  requiring
       a backslash like so: sediffx original.policy \; modified.policy

AUTHOR

       This  manual page was written by Jeremy A. Mowery <jmowery@tresys.com>.

COPYRIGHT

       Copyright(C) 2005-2007 Tresys Technology, LLC

BUGS

       Please report bugs via an email to setools-bugs@tresys.com.

SEE ALSO

       sediff(1)

                                                                    sediffx(1)