[policycoreutils/f14/master] - Fix semanage man page
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Sep 23 19:46:27 UTC 2010
commit 5c7ac2193aedf37eccda3fe3c38dcbfcabcfe922
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Sep 23 15:46:21 2010 -0400
- Fix semanage man page
policycoreutils-rhat.patch | 125 +++++++++++++++++++++++++++++++++++++-------
policycoreutils.spec | 5 ++-
2 files changed, 109 insertions(+), 21 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 5425007..d4db5bc 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -121,7 +121,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
app = AuditToPolicy()
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.83/audit2allow/audit2allow.1
--- nsapolicycoreutils/audit2allow/audit2allow.1 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.83/audit2allow/audit2allow.1 2010-07-30 13:50:40.000000000 -0400
++++ policycoreutils-2.0.83/audit2allow/audit2allow.1 2010-09-17 15:14:35.000000000 -0400
@@ -66,6 +66,9 @@
.B "\-M <modulename>"
Generate loadable module package, conflicts with -o
@@ -132,6 +132,81 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.B "\-o <outputfile>" | "\-\-output <outputfile>"
append output to
.I <outputfile>
+@@ -117,14 +120,6 @@
+ .B Please substitute /var/log/messages for /var/log/audit/audit.log in the
+ .B examples.
+ .PP
+-.B Using audit2allow to generate monolithic (non-module) policy
+-$ cd /etc/selinux/$SELINUXTYPE/src/policy
+-$ cat /var/log/audit/audit.log | audit2allow >> domains/misc/local.te
+-$ cat domains/misc/local.te
+-allow cupsd_config_t unconfined_t:fifo_file { getattr ioctl };
+-<review domains/misc/local.te and customize as desired>
+-$ make load
+-
+ .B Using audit2allow to generate module policy
+
+ $ cat /var/log/audit/audit.log | audit2allow -m local > local.te
+@@ -132,20 +127,38 @@
+ module local 1.0;
+
+ require {
+- role system_r;
++ class file { getattr open read };
+
+
+- class fifo_file { getattr ioctl };
++ type myapp_t;
++ type etc_t;
++ };
+
+
+- type cupsd_config_t;
+- type unconfined_t;
+- };
++allow myapp_t etc_t:file { getattr open read };
++<review local.te and customize as desired>
+
++.B Using audit2allow to generate module policy using reference policy
+
+-allow cupsd_config_t unconfined_t:fifo_file { getattr ioctl };
++$ cat /var/log/audit/audit.log | audit2allow -R -m local > local.te
++$ cat local.te
++policy_module(local, 1.0)
++
++gen_require(`
++ type myapp_t;
++ type etc_t;
++ };
++
++files_read_etc_files(myapp_t)
+ <review local.te and customize as desired>
+
++.B Building module policy using Makefile
++
++# SELinux provides a policy devel environment under /usr/share/selinux/devel
++# You can create a te file and compile it by executing
++$ make -f /usr/share/selinux/devel/Makefile
++$ semodule -i local.pp
++
+ .B Building module policy manually
+
+ # Compile the module
+@@ -168,6 +181,14 @@
+
+ semodule -i local.pp
+
++.B Using audit2allow to generate monolithic (non-module) policy
++$ cd /etc/selinux/$SELINUXTYPE/src/policy
++$ cat /var/log/audit/audit.log | audit2allow >> domains/misc/local.te
++$ cat domains/misc/local.te
++allow cupsd_config_t unconfined_t:fifo_file { getattr ioctl };
++<review domains/misc/local.te and customize as desired>
++$ make load
++
+ .fi
+ .PP
+ .SH AUTHOR
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/sepolgen-ifgen policycoreutils-2.0.83/audit2allow/sepolgen-ifgen
--- nsapolicycoreutils/audit2allow/sepolgen-ifgen 2010-05-19 14:45:51.000000000 -0400
+++ policycoreutils-2.0.83/audit2allow/sepolgen-ifgen 2010-07-30 13:50:40.000000000 -0400
@@ -3208,7 +3283,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ errorExit(error.args[1])
diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.83/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.83/semanage/semanage.8 2010-07-30 13:50:40.000000000 -0400
++++ policycoreutils-2.0.83/semanage/semanage.8 2010-09-23 15:43:58.000000000 -0400
@@ -1,29 +1,65 @@
-.TH "semanage" "8" "2005111103" "" ""
+.TH "semanage" "8" "20100223" "" ""
@@ -3236,45 +3311,45 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+.B semanage user [\-S store] \-{a|d|m|l|n|D} [\-LrRP] selinux_name
+
+Manage login mappings between linux users and SELinux confined users.
-+.br
+ .br
+-.B semanage login \-{a|d|m} [\-sr] login_name | %groupname
+.B semanage login [\-S store] \-{a|d|m|l|n|D} [\-sr] login_name | %groupname
+
+Manage network port type definitions
-+.br
+ .br
+-.B semanage user \-{a|d|m} [\-LrRP] selinux_name
+.B semanage port [\-S store] \-{a|d|m|l|n|D} [\-tr] [\-p proto] port | port_range
-+.br
+ .br
+-.B semanage port \-{a|d|m} [\-tr] [\-p proto] port | port_range
+
+Manage network interface type definitions
-+.br
+ .br
+-.B semanage interface \-{a|d|m} [\-tr] interface_spec
+.B semanage interface [\-S store] \-{a|d|m|l|n|D} [\-tr] interface_spec
+
+Manage network node type definitions
.br
--.B semanage login \-{a|d|m} [\-sr] login_name | %groupname
+-.B semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] address
+.B semanage node [\-S store] -{a|d|m|l|n|D} [-tr] [ -p protocol ] [-M netmask] address
.br
--.B semanage user \-{a|d|m} [\-LrRP] selinux_name
+-.B semanage fcontext \-{a|d|m} [\-frst] file_spec
+
+Manage file context mapping definitions
.br
--.B semanage port \-{a|d|m} [\-tr] [\-p proto] port | port_range
+-.B semanage permissive \-{a|d} type
+.B semanage fcontext [\-S store] \-{a|d|m|l|n|D} [\-frst] file_spec
- .br
--.B semanage interface \-{a|d|m} [\-tr] interface_spec
++.br
+.B semanage fcontext [\-S store] \-{a|d|m|l|n|D} \-e replacement target
- .br
--.B semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] address
++.br
+
+Manage processes type enforcement mode
.br
--.B semanage fcontext \-{a|d|m} [\-frst] file_spec
+-.B semanage dontaudit [ on | off ]
+.B semanage permissive [\-S store] \-{a|d|l|n|D} type
- .br
--.B semanage permissive \-{a|d} type
++.br
+
+Disable/Enable dontaudit rules in policy
- .br
--.B semanage dontaudit [ on | off ]
++.br
+.B semanage dontaudit [\-S store] [ on | off ]
.P
@@ -3299,12 +3374,22 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.I \-f, \-\-ftype
File Type. This is used with fcontext.
Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
-@@ -99,26 +141,67 @@
+@@ -76,6 +118,9 @@
+ .I \-m, \-\-modify
+ Modify a OBJECT record NAME
+ .TP
++.I \-M, \-\-mask
++Network Mask
++.TP
+ .I \-n, \-\-noheading
+ Do not print heading when listing OBJECTS.
+ .TP
+@@ -99,26 +144,67 @@
.TP
.I \-t, \-\-type
SELinux Type for the object
+.TP
-+.I \-i
++.I \-i, \-\-input
+Take a set of commands from a specified file and load them in a single
+transaction.
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 0eb18ef..65b6928 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.83
-Release: 28%{?dist}
+Release: 29%{?dist}
License: GPLv2
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -315,6 +315,9 @@ fi
exit 0
%changelog
+* Thu Sep 23 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-29
+- Fix semanage man page
+
* Mon Sep 13 2010 Dan Walsh <dwalsh at redhat.com> 2.0.83-28
- Add seremote, to allow the execution of command inside the sandbox from outside the sandbox.
More information about the scm-commits
mailing list