[selinux-policy/f17] * Thu Mar 8 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-97 - Fix man pages fro domains - Add man
Miroslav Grepl
mgrepl at fedoraproject.org
Thu Mar 8 10:25:37 UTC 2012
commit 7f3459022cff6a9a5c116a70359326c94d2020c6
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Thu Mar 8 11:25:22 2012 +0100
* Thu Mar 8 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-97
- Fix man pages fro domains
- Add man pages for SELinux users and roles
- Add storage_dev_filetrans_named_fixed_disk() and use it for smartmon
- Add policy for matahari-rpcd
- nfsd executes mount command on restart
- Matahari domains execute renice and setsched
- Dontaudit leaked tty in mozilla_plugin_config
- mailman is changing to a per instance naming
- Add 7600 and 4447 as jboss_management ports
- Add fixes for nagios event handlers
- Label httpd.event as httpd_exec_t, it is an apache daemon
policy-F16.patch | 9856 ++++++++++++++++++++++++++++++++++-----------------
selinux-policy.spec | 15 +-
2 files changed, 6633 insertions(+), 3238 deletions(-)
---
diff --git a/policy-F16.patch b/policy-F16.patch
index 8c81ea5..37fd949 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -42,18 +42,24 @@ index 168a14f..c2bf491 100644
########################################
diff --git a/man/man8/NetworkManager_selinux.8 b/man/man8/NetworkManager_selinux.8
new file mode 100644
-index 0000000..ed65fa5
+index 0000000..b501c2d
--- /dev/null
+++ b/man/man8/NetworkManager_selinux.8
-@@ -0,0 +1,163 @@
+@@ -0,0 +1,169 @@
+.TH "NetworkManager_selinux" "8" "NetworkManager" "dwalsh at redhat.com" "NetworkManager SELinux Policy documentation"
+.SH "NAME"
+NetworkManager_selinux \- Security Enhanced Linux Policy for the NetworkManager processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the NetworkManager processes via flexible mandatory access
++
++SELinux Linux secures
++.B NetworkManager
++(Manager for dynamically switching between networks)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -166,7 +172,7 @@ index 0000000..ed65fa5
+/var/run/wpa_supplicant-global, /var/run/nm-dhclient.*, /var/run/wpa_supplicant(/.*)?, /var/run/NetworkManager\.pid, /var/run/nm-dns-dnsmasq\.conf, /var/run/NetworkManager(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -187,7 +193,7 @@ index 0000000..ed65fa5
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -198,7 +204,7 @@ index 0000000..ed65fa5
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -211,18 +217,24 @@ index 0000000..ed65fa5
+selinux(8), NetworkManager(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/abrt_selinux.8 b/man/man8/abrt_selinux.8
new file mode 100644
-index 0000000..ba80de4
+index 0000000..4ff44da
--- /dev/null
+++ b/man/man8/abrt_selinux.8
-@@ -0,0 +1,236 @@
+@@ -0,0 +1,242 @@
+.TH "abrt_selinux" "8" "abrt" "dwalsh at redhat.com" "abrt SELinux Policy documentation"
+.SH "NAME"
+abrt_selinux \- Security Enhanced Linux Policy for the abrt processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the abrt processes via flexible mandatory access
++
++SELinux Linux secures
++.B abrt
++(ABRT - automated bug-reporting tool)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. abrt policy is extremely flexible and has several booleans that allow you to manipulate the policy and run abrt with the tightest access possible.
+
@@ -245,7 +257,7 @@ index 0000000..ba80de4
+.B restorecon -F -R -v /var/abrt
+.pp
+.TP
-+Allow abrt servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_abrtd_anon_write boolean to be set.
++Allow abrt servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_abrt_anon_write boolean to be set.
+.PP
+.B
+semanage fcontext -a -t public_content_rw_t "/var/abrt/incoming(/.*)?"
@@ -404,7 +416,7 @@ index 0000000..ba80de4
+/var/run/abrtd?\.socket, /var/run/abrtd?\.lock, /var/run/abrt(/.*)?, /var/run/abrt\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -425,7 +437,7 @@ index 0000000..ba80de4
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -436,7 +448,7 @@ index 0000000..ba80de4
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -454,18 +466,24 @@ index 0000000..ba80de4
\ No newline at end of file
diff --git a/man/man8/accountsd_selinux.8 b/man/man8/accountsd_selinux.8
new file mode 100644
-index 0000000..f65b021
+index 0000000..1f8dad8
--- /dev/null
+++ b/man/man8/accountsd_selinux.8
-@@ -0,0 +1,79 @@
+@@ -0,0 +1,85 @@
+.TH "accountsd_selinux" "8" "accountsd" "dwalsh at redhat.com" "accountsd SELinux Policy documentation"
+.SH "NAME"
+accountsd_selinux \- Security Enhanced Linux Policy for the accountsd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the accountsd processes via flexible mandatory access
++
++SELinux Linux secures
++.B accountsd
++(AccountsService and daemon for manipulating user account information via D-Bus)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -494,7 +512,7 @@ index 0000000..f65b021
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -515,7 +533,7 @@ index 0000000..f65b021
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -526,7 +544,7 @@ index 0000000..f65b021
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -539,18 +557,24 @@ index 0000000..f65b021
+selinux(8), accountsd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/acct_selinux.8 b/man/man8/acct_selinux.8
new file mode 100644
-index 0000000..d07992c
+index 0000000..323cee4
--- /dev/null
+++ b/man/man8/acct_selinux.8
-@@ -0,0 +1,87 @@
+@@ -0,0 +1,93 @@
+.TH "acct_selinux" "8" "acct" "dwalsh at redhat.com" "acct SELinux Policy documentation"
+.SH "NAME"
+acct_selinux \- Security Enhanced Linux Policy for the acct processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the acct processes via flexible mandatory access
++
++SELinux Linux secures
++.B acct
++(Berkeley process accounting)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -587,7 +611,7 @@ index 0000000..d07992c
+/usr/sbin/accton, /sbin/accton, /etc/cron\.(daily|monthly)/acct
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -608,7 +632,7 @@ index 0000000..d07992c
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -619,7 +643,7 @@ index 0000000..d07992c
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -632,18 +656,24 @@ index 0000000..d07992c
+selinux(8), acct(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/afs_selinux.8 b/man/man8/afs_selinux.8
new file mode 100644
-index 0000000..51441ba
+index 0000000..7832fa4
--- /dev/null
+++ b/man/man8/afs_selinux.8
-@@ -0,0 +1,288 @@
+@@ -0,0 +1,294 @@
+.TH "afs_selinux" "8" "afs" "dwalsh at redhat.com" "afs SELinux Policy documentation"
+.SH "NAME"
+afs_selinux \- Security Enhanced Linux Policy for the afs processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the afs processes via flexible mandatory access
++
++SELinux Linux secures
++.B afs
++(Andrew Filesystem server)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -800,7 +830,7 @@ index 0000000..51441ba
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -899,7 +929,7 @@ index 0000000..51441ba
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -910,7 +940,7 @@ index 0000000..51441ba
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -926,18 +956,24 @@ index 0000000..51441ba
+selinux(8), afs(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/aiccu_selinux.8 b/man/man8/aiccu_selinux.8
new file mode 100644
-index 0000000..320e7cf
+index 0000000..efc06eb
--- /dev/null
+++ b/man/man8/aiccu_selinux.8
-@@ -0,0 +1,95 @@
+@@ -0,0 +1,101 @@
+.TH "aiccu_selinux" "8" "aiccu" "dwalsh at redhat.com" "aiccu SELinux Policy documentation"
+.SH "NAME"
+aiccu_selinux \- Security Enhanced Linux Policy for the aiccu processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the aiccu processes via flexible mandatory access
++
++SELinux Linux secures
++.B aiccu
++(Automatic IPv6 Connectivity Client Utility)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -982,7 +1018,7 @@ index 0000000..320e7cf
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -1003,7 +1039,7 @@ index 0000000..320e7cf
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -1014,7 +1050,7 @@ index 0000000..320e7cf
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -1027,18 +1063,24 @@ index 0000000..320e7cf
+selinux(8), aiccu(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/aide_selinux.8 b/man/man8/aide_selinux.8
new file mode 100644
-index 0000000..6e55008
+index 0000000..0863697
--- /dev/null
+++ b/man/man8/aide_selinux.8
-@@ -0,0 +1,91 @@
+@@ -0,0 +1,97 @@
+.TH "aide_selinux" "8" "aide" "dwalsh at redhat.com" "aide SELinux Policy documentation"
+.SH "NAME"
+aide_selinux \- Security Enhanced Linux Policy for the aide processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the aide processes via flexible mandatory access
++
++SELinux Linux secures
++.B aide
++(Aide filesystem integrity checker)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -1079,7 +1121,7 @@ index 0000000..6e55008
+/var/log/aide\.log, /var/log/aide(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -1100,7 +1142,7 @@ index 0000000..6e55008
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -1111,7 +1153,7 @@ index 0000000..6e55008
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -1124,18 +1166,24 @@ index 0000000..6e55008
+selinux(8), aide(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/aisexec_selinux.8 b/man/man8/aisexec_selinux.8
new file mode 100644
-index 0000000..c9701c5
+index 0000000..8d4a539
--- /dev/null
+++ b/man/man8/aisexec_selinux.8
-@@ -0,0 +1,119 @@
+@@ -0,0 +1,125 @@
+.TH "aisexec_selinux" "8" "aisexec" "dwalsh at redhat.com" "aisexec SELinux Policy documentation"
+.SH "NAME"
+aisexec_selinux \- Security Enhanced Linux Policy for the aisexec processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the aisexec processes via flexible mandatory access
++
++SELinux Linux secures
++.B aisexec
++(Aisexec Cluster Engine)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -1204,7 +1252,7 @@ index 0000000..c9701c5
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -1225,7 +1273,7 @@ index 0000000..c9701c5
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -1236,7 +1284,7 @@ index 0000000..c9701c5
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -1249,18 +1297,24 @@ index 0000000..c9701c5
+selinux(8), aisexec(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ajaxterm_selinux.8 b/man/man8/ajaxterm_selinux.8
new file mode 100644
-index 0000000..aaabeb6
+index 0000000..3ff7f95
--- /dev/null
+++ b/man/man8/ajaxterm_selinux.8
-@@ -0,0 +1,113 @@
+@@ -0,0 +1,119 @@
+.TH "ajaxterm_selinux" "8" "ajaxterm" "dwalsh at redhat.com" "ajaxterm SELinux Policy documentation"
+.SH "NAME"
+ajaxterm_selinux \- Security Enhanced Linux Policy for the ajaxterm processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ajaxterm processes via flexible mandatory access
++
++SELinux Linux secures
++.B ajaxterm
++(policy for ajaxterm)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -1297,7 +1351,7 @@ index 0000000..aaabeb6
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -1341,7 +1395,7 @@ index 0000000..aaabeb6
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -1352,7 +1406,7 @@ index 0000000..aaabeb6
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -1368,18 +1422,24 @@ index 0000000..aaabeb6
+selinux(8), ajaxterm(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/alsa_selinux.8 b/man/man8/alsa_selinux.8
new file mode 100644
-index 0000000..9ca6a8d
+index 0000000..412d10b
--- /dev/null
+++ b/man/man8/alsa_selinux.8
-@@ -0,0 +1,111 @@
+@@ -0,0 +1,117 @@
+.TH "alsa_selinux" "8" "alsa" "dwalsh at redhat.com" "alsa SELinux Policy documentation"
+.SH "NAME"
+alsa_selinux \- Security Enhanced Linux Policy for the alsa processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the alsa processes via flexible mandatory access
++
++SELinux Linux secures
++.B alsa
++(Ainit ALSA configuration tool)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -1440,7 +1500,7 @@ index 0000000..9ca6a8d
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -1461,7 +1521,7 @@ index 0000000..9ca6a8d
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -1472,7 +1532,7 @@ index 0000000..9ca6a8d
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -1485,18 +1545,24 @@ index 0000000..9ca6a8d
+selinux(8), alsa(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/amanda_selinux.8 b/man/man8/amanda_selinux.8
new file mode 100644
-index 0000000..69f39b8
+index 0000000..1ada188
--- /dev/null
+++ b/man/man8/amanda_selinux.8
-@@ -0,0 +1,213 @@
+@@ -0,0 +1,219 @@
+.TH "amanda_selinux" "8" "amanda" "dwalsh at redhat.com" "amanda SELinux Policy documentation"
+.SH "NAME"
+amanda_selinux \- Security Enhanced Linux Policy for the amanda processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the amanda processes via flexible mandatory access
++
++SELinux Linux secures
++.B amanda
++(Advanced Maryland Automatic Network Disk Archiver)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -1633,7 +1699,7 @@ index 0000000..69f39b8
+/var/lib/amanda, /var/lib/amanda/[^/]+/index(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -1677,7 +1743,7 @@ index 0000000..69f39b8
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -1688,7 +1754,7 @@ index 0000000..69f39b8
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -1704,18 +1770,27 @@ index 0000000..69f39b8
+selinux(8), amanda(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/amavis_selinux.8 b/man/man8/amavis_selinux.8
new file mode 100644
-index 0000000..179fa80
+index 0000000..52d2f0d
--- /dev/null
+++ b/man/man8/amavis_selinux.8
-@@ -0,0 +1,184 @@
+@@ -0,0 +1,193 @@
+.TH "amavis_selinux" "8" "amavis" "dwalsh at redhat.com" "amavis SELinux Policy documentation"
+.SH "NAME"
+amavis_selinux \- Security Enhanced Linux Policy for the amavis processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the amavis processes via flexible mandatory access
++
++SELinux Linux secures
++.B amavis
++(
++Daemon that interfaces mail transfer agents and content
++checkers, such as virus scanners.
++)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -1812,7 +1887,7 @@ index 0000000..179fa80
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -1867,7 +1942,7 @@ index 0000000..179fa80
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -1878,7 +1953,7 @@ index 0000000..179fa80
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -1894,18 +1969,24 @@ index 0000000..179fa80
+selinux(8), amavis(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/amtu_selinux.8 b/man/man8/amtu_selinux.8
new file mode 100644
-index 0000000..6d9165d
+index 0000000..511f260
--- /dev/null
+++ b/man/man8/amtu_selinux.8
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,77 @@
+.TH "amtu_selinux" "8" "amtu" "dwalsh at redhat.com" "amtu SELinux Policy documentation"
+.SH "NAME"
+amtu_selinux \- Security Enhanced Linux Policy for the amtu processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the amtu processes via flexible mandatory access
++
++SELinux Linux secures
++.B amtu
++(Abstract Machine Test Utility)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -1926,7 +2007,7 @@ index 0000000..6d9165d
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -1947,7 +2028,7 @@ index 0000000..6d9165d
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -1958,7 +2039,7 @@ index 0000000..6d9165d
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -1971,18 +2052,24 @@ index 0000000..6d9165d
+selinux(8), amtu(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/apcupsd_selinux.8 b/man/man8/apcupsd_selinux.8
new file mode 100644
-index 0000000..5d2ce82
+index 0000000..becff95
--- /dev/null
+++ b/man/man8/apcupsd_selinux.8
-@@ -0,0 +1,145 @@
+@@ -0,0 +1,151 @@
+.TH "apcupsd_selinux" "8" "apcupsd" "dwalsh at redhat.com" "apcupsd SELinux Policy documentation"
+.SH "NAME"
+apcupsd_selinux \- Security Enhanced Linux Policy for the apcupsd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the apcupsd processes via flexible mandatory access
++
++SELinux Linux secures
++.B apcupsd
++(APC UPS monitoring daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -2051,7 +2138,7 @@ index 0000000..5d2ce82
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -2095,7 +2182,7 @@ index 0000000..5d2ce82
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -2106,7 +2193,7 @@ index 0000000..5d2ce82
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -2122,18 +2209,24 @@ index 0000000..5d2ce82
+selinux(8), apcupsd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/apm_selinux.8 b/man/man8/apm_selinux.8
new file mode 100644
-index 0000000..c83eb35
+index 0000000..6e4505d
--- /dev/null
+++ b/man/man8/apm_selinux.8
-@@ -0,0 +1,119 @@
+@@ -0,0 +1,125 @@
+.TH "apm_selinux" "8" "apm" "dwalsh at redhat.com" "apm SELinux Policy documentation"
+.SH "NAME"
+apm_selinux \- Security Enhanced Linux Policy for the apm processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the apm processes via flexible mandatory access
++
++SELinux Linux secures
++.B apm
++(Advanced power management daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -2202,7 +2295,7 @@ index 0000000..c83eb35
+/var/run/\.?acpid\.socket, /var/run/apmd\.pid, /var/run/powersaved\.pid, /var/run/powersave_socket
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -2223,7 +2316,7 @@ index 0000000..c83eb35
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -2234,7 +2327,7 @@ index 0000000..c83eb35
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -2247,7 +2340,7 @@ index 0000000..c83eb35
+selinux(8), apm(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/apmd_selinux.8 b/man/man8/apmd_selinux.8
new file mode 100644
-index 0000000..459709d
+index 0000000..0c89d86
--- /dev/null
+++ b/man/man8/apmd_selinux.8
@@ -0,0 +1,111 @@
@@ -2256,8 +2349,8 @@ index 0000000..459709d
+apmd_selinux \- Security Enhanced Linux Policy for the apmd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the apmd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -2319,7 +2412,7 @@ index 0000000..459709d
+/var/run/\.?acpid\.socket, /var/run/apmd\.pid, /var/run/powersaved\.pid, /var/run/powersave_socket
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -2340,7 +2433,7 @@ index 0000000..459709d
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -2351,7 +2444,7 @@ index 0000000..459709d
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -2364,18 +2457,24 @@ index 0000000..459709d
+selinux(8), apmd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/arpwatch_selinux.8 b/man/man8/arpwatch_selinux.8
new file mode 100644
-index 0000000..d24f28e
+index 0000000..34be20a
--- /dev/null
+++ b/man/man8/arpwatch_selinux.8
-@@ -0,0 +1,107 @@
+@@ -0,0 +1,113 @@
+.TH "arpwatch_selinux" "8" "arpwatch" "dwalsh at redhat.com" "arpwatch SELinux Policy documentation"
+.SH "NAME"
+arpwatch_selinux \- Security Enhanced Linux Policy for the arpwatch processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the arpwatch processes via flexible mandatory access
++
++SELinux Linux secures
++.B arpwatch
++(Ethernet activity monitor)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -2432,7 +2531,7 @@ index 0000000..d24f28e
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -2453,7 +2552,7 @@ index 0000000..d24f28e
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -2464,7 +2563,7 @@ index 0000000..d24f28e
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -2477,18 +2576,24 @@ index 0000000..d24f28e
+selinux(8), arpwatch(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/asterisk_selinux.8 b/man/man8/asterisk_selinux.8
new file mode 100644
-index 0000000..2e39074
+index 0000000..c00565c
--- /dev/null
+++ b/man/man8/asterisk_selinux.8
-@@ -0,0 +1,161 @@
+@@ -0,0 +1,167 @@
+.TH "asterisk_selinux" "8" "asterisk" "dwalsh at redhat.com" "asterisk SELinux Policy documentation"
+.SH "NAME"
+asterisk_selinux \- Security Enhanced Linux Policy for the asterisk processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the asterisk processes via flexible mandatory access
++
++SELinux Linux secures
++.B asterisk
++(Asterisk IP telephony server)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -2573,7 +2678,7 @@ index 0000000..2e39074
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -2617,7 +2722,7 @@ index 0000000..2e39074
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -2628,7 +2733,7 @@ index 0000000..2e39074
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -2644,7 +2749,7 @@ index 0000000..2e39074
+selinux(8), asterisk(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/audisp_selinux.8 b/man/man8/audisp_selinux.8
new file mode 100644
-index 0000000..6b9e0bd
+index 0000000..dc30264
--- /dev/null
+++ b/man/man8/audisp_selinux.8
@@ -0,0 +1,95 @@
@@ -2653,8 +2758,8 @@ index 0000000..6b9e0bd
+audisp_selinux \- Security Enhanced Linux Policy for the audisp processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the audisp processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -2700,7 +2805,7 @@ index 0000000..6b9e0bd
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -2721,7 +2826,7 @@ index 0000000..6b9e0bd
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -2732,7 +2837,7 @@ index 0000000..6b9e0bd
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -2743,9 +2848,80 @@ index 0000000..6b9e0bd
+
+.SH "SEE ALSO"
+selinux(8), audisp(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/auditadm_selinux.8 b/man/man8/auditadm_selinux.8
+new file mode 100644
+index 0000000..cba947e
+--- /dev/null
++++ b/man/man8/auditadm_selinux.8
+@@ -0,0 +1,65 @@
++.TH "auditadm_selinux" "8" "auditadm" "mgrepl at redhat.com" "auditadm SELinux Policy documentation"
++.SH "NAME"
++auditadm_r \- \fBAudit administrator role\fP - Security Enhanced Linux Policy
++
++.SH DESCRIPTION
++
++SELinux supports Roles Based Access Control, some Linux roles are login roles, while other roles need to be transition to.
++
++Note: The examples in the man page will user the staff_u user.
++
++Non login roles are usually used for administrative tasks.
++
++Roles usually have default types assigned to them.
++
++The default type for the auditadm_r role is auditadm_t.
++
++You can use the
++.B newrole
++program to transition directly to this role.
++
++.B newrole -r auditadm_r -t auditadm_t
++
++.B sudo
++can also be setup to transition to this role using the visudo command.
++
++USERNAME ALL=(ALL) ROLE=auditadm_r TYPE=auditadm_t COMMAND
++.br
++sudo will run COMMAND as staff_u:auditadm_r:auditadm_t:LEVEL
++
++If you want to use a non login role, you need to make sure the SELinux user you are using can reach this role.
++
++You can see all of the assigned SELinux roles using the following
++
++.B semanage user -l
++
++If you wanted to add auditadm_r to the staff_u user, you would execute:
++
++.B $ semanage user -m -R 'staff_r auditadm_r' staff_u
++
++
++
++SELinux policy also controls which roles can transition to a different role.
++You can list these rules using the following command.
++
++.B sesearch --role_allow
++
++SELinux policy allows the sysadm_r, secadm_r, staff_r roles can transition to the auditadm_r role.
++
++
++.SH "COMMANDS"
++
++.B semanage login
++can also be used to manipulate the Linux User to SELinux User mappings
++
++.B semanage user
++can also be used to manipulate SELinux user definitions.
++
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was autogenerated by genuserman.py.
++
++.SH "SEE ALSO"
++selinux(8), semanage(8).
diff --git a/man/man8/auditctl_selinux.8 b/man/man8/auditctl_selinux.8
new file mode 100644
-index 0000000..63236fa
+index 0000000..96a49e6
--- /dev/null
+++ b/man/man8/auditctl_selinux.8
@@ -0,0 +1,75 @@
@@ -2754,8 +2930,8 @@ index 0000000..63236fa
+auditctl_selinux \- Security Enhanced Linux Policy for the auditctl processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the auditctl processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -2781,7 +2957,7 @@ index 0000000..63236fa
+/sbin/auditctl, /usr/sbin/auditctl
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -2802,7 +2978,7 @@ index 0000000..63236fa
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -2813,7 +2989,7 @@ index 0000000..63236fa
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -2826,7 +3002,7 @@ index 0000000..63236fa
+selinux(8), auditctl(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/auditd_selinux.8 b/man/man8/auditd_selinux.8
new file mode 100644
-index 0000000..c36fe78
+index 0000000..5f44c1c
--- /dev/null
+++ b/man/man8/auditd_selinux.8
@@ -0,0 +1,141 @@
@@ -2835,8 +3011,8 @@ index 0000000..c36fe78
+auditd_selinux \- Security Enhanced Linux Policy for the auditd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the auditd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -2902,7 +3078,7 @@ index 0000000..c36fe78
+/var/run/audit_events, /var/run/auditd_sock, /var/run/auditd\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -2946,7 +3122,7 @@ index 0000000..c36fe78
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -2957,7 +3133,7 @@ index 0000000..c36fe78
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -2973,18 +3149,24 @@ index 0000000..c36fe78
+selinux(8), auditd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/automount_selinux.8 b/man/man8/automount_selinux.8
new file mode 100644
-index 0000000..fde796e
+index 0000000..514cdc5
--- /dev/null
+++ b/man/man8/automount_selinux.8
-@@ -0,0 +1,115 @@
+@@ -0,0 +1,121 @@
+.TH "automount_selinux" "8" "automount" "dwalsh at redhat.com" "automount SELinux Policy documentation"
+.SH "NAME"
+automount_selinux \- Security Enhanced Linux Policy for the automount processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the automount processes via flexible mandatory access
++
++SELinux Linux secures
++.B automount
++(Filesystem automounter service)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -3049,7 +3231,7 @@ index 0000000..fde796e
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -3070,7 +3252,7 @@ index 0000000..fde796e
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -3081,7 +3263,7 @@ index 0000000..fde796e
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -3094,18 +3276,24 @@ index 0000000..fde796e
+selinux(8), automount(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/avahi_selinux.8 b/man/man8/avahi_selinux.8
new file mode 100644
-index 0000000..396a2c6
+index 0000000..7714562
--- /dev/null
+++ b/man/man8/avahi_selinux.8
-@@ -0,0 +1,114 @@
+@@ -0,0 +1,120 @@
+.TH "avahi_selinux" "8" "avahi" "dwalsh at redhat.com" "avahi SELinux Policy documentation"
+.SH "NAME"
+avahi_selinux \- Security Enhanced Linux Policy for the avahi processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the avahi processes via flexible mandatory access
++
++SELinux Linux secures
++.B avahi
++(mDNS/DNS-SD daemon implementing Apple ZeroConf architecture)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. avahi policy is extremely flexible and has several booleans that allow you to manipulate the policy and run avahi with the tightest access possible.
+
@@ -3165,7 +3353,7 @@ index 0000000..396a2c6
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -3186,7 +3374,7 @@ index 0000000..396a2c6
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -3197,7 +3385,7 @@ index 0000000..396a2c6
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -3215,18 +3403,27 @@ index 0000000..396a2c6
\ No newline at end of file
diff --git a/man/man8/awstats_selinux.8 b/man/man8/awstats_selinux.8
new file mode 100644
-index 0000000..d137073
+index 0000000..b76d620
--- /dev/null
+++ b/man/man8/awstats_selinux.8
-@@ -0,0 +1,87 @@
+@@ -0,0 +1,96 @@
+.TH "awstats_selinux" "8" "awstats" "dwalsh at redhat.com" "awstats SELinux Policy documentation"
+.SH "NAME"
+awstats_selinux \- Security Enhanced Linux Policy for the awstats processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the awstats processes via flexible mandatory access
++
++SELinux Linux secures
++.B awstats
++(
++AWStats is a free powerful and featureful tool that generates advanced
++web, streaming, ftp or mail server statistics, graphically.
++)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -3263,7 +3460,7 @@ index 0000000..d137073
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -3284,7 +3481,7 @@ index 0000000..d137073
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -3295,7 +3492,7 @@ index 0000000..d137073
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -3308,18 +3505,24 @@ index 0000000..d137073
+selinux(8), awstats(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/bitlbee_selinux.8 b/man/man8/bitlbee_selinux.8
new file mode 100644
-index 0000000..3e45bfd
+index 0000000..7c1b8b9
--- /dev/null
+++ b/man/man8/bitlbee_selinux.8
-@@ -0,0 +1,127 @@
+@@ -0,0 +1,133 @@
+.TH "bitlbee_selinux" "8" "bitlbee" "dwalsh at redhat.com" "bitlbee SELinux Policy documentation"
+.SH "NAME"
+bitlbee_selinux \- Security Enhanced Linux Policy for the bitlbee processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the bitlbee processes via flexible mandatory access
++
++SELinux Linux secures
++.B bitlbee
++(Bitlbee service)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -3396,7 +3599,7 @@ index 0000000..3e45bfd
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -3417,7 +3620,7 @@ index 0000000..3e45bfd
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -3428,7 +3631,7 @@ index 0000000..3e45bfd
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -3441,7 +3644,7 @@ index 0000000..3e45bfd
+selinux(8), bitlbee(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/blktap_selinux.8 b/man/man8/blktap_selinux.8
new file mode 100644
-index 0000000..37cb567
+index 0000000..4a344b5
--- /dev/null
+++ b/man/man8/blktap_selinux.8
@@ -0,0 +1,98 @@
@@ -3450,8 +3653,8 @@ index 0000000..37cb567
+blktap_selinux \- Security Enhanced Linux Policy for the blktap processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the blktap processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. blktap policy is extremely flexible and has several booleans that allow you to manipulate the policy and run blktap with the tightest access possible.
@@ -3496,7 +3699,7 @@ index 0000000..37cb567
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -3517,7 +3720,7 @@ index 0000000..37cb567
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -3528,7 +3731,7 @@ index 0000000..37cb567
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -3546,18 +3749,24 @@ index 0000000..37cb567
\ No newline at end of file
diff --git a/man/man8/blueman_selinux.8 b/man/man8/blueman_selinux.8
new file mode 100644
-index 0000000..bdead53
+index 0000000..834703f
--- /dev/null
+++ b/man/man8/blueman_selinux.8
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,77 @@
+.TH "blueman_selinux" "8" "blueman" "dwalsh at redhat.com" "blueman SELinux Policy documentation"
+.SH "NAME"
+blueman_selinux \- Security Enhanced Linux Policy for the blueman processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the blueman processes via flexible mandatory access
++
++SELinux Linux secures
++.B blueman
++(policy for blueman)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -3578,7 +3787,7 @@ index 0000000..bdead53
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -3599,7 +3808,7 @@ index 0000000..bdead53
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -3610,7 +3819,7 @@ index 0000000..bdead53
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -3623,18 +3832,24 @@ index 0000000..bdead53
+selinux(8), blueman(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/bluetooth_selinux.8 b/man/man8/bluetooth_selinux.8
new file mode 100644
-index 0000000..e4ecb88
+index 0000000..35f6607
--- /dev/null
+++ b/man/man8/bluetooth_selinux.8
-@@ -0,0 +1,170 @@
+@@ -0,0 +1,176 @@
+.TH "bluetooth_selinux" "8" "bluetooth" "dwalsh at redhat.com" "bluetooth SELinux Policy documentation"
+.SH "NAME"
+bluetooth_selinux \- Security Enhanced Linux Policy for the bluetooth processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the bluetooth processes via flexible mandatory access
++
++SELinux Linux secures
++.B bluetooth
++(Bluetooth tools and system services)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. bluetooth policy is extremely flexible and has several booleans that allow you to manipulate the policy and run bluetooth with the tightest access possible.
+
@@ -3750,7 +3965,7 @@ index 0000000..e4ecb88
+/var/run/bluetoothd_address, /var/run/sdp
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -3771,7 +3986,7 @@ index 0000000..e4ecb88
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -3782,7 +3997,7 @@ index 0000000..e4ecb88
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -3800,18 +4015,24 @@ index 0000000..e4ecb88
\ No newline at end of file
diff --git a/man/man8/boinc_selinux.8 b/man/man8/boinc_selinux.8
new file mode 100644
-index 0000000..573c0af
+index 0000000..ae842c8
--- /dev/null
+++ b/man/man8/boinc_selinux.8
-@@ -0,0 +1,160 @@
+@@ -0,0 +1,166 @@
+.TH "boinc_selinux" "8" "boinc" "dwalsh at redhat.com" "boinc SELinux Policy documentation"
+.SH "NAME"
+boinc_selinux \- Security Enhanced Linux Policy for the boinc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the boinc processes via flexible mandatory access
++
++SELinux Linux secures
++.B boinc
++(policy for boinc)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -3884,7 +4105,7 @@ index 0000000..573c0af
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -3939,7 +4160,7 @@ index 0000000..573c0af
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -3950,7 +4171,7 @@ index 0000000..573c0af
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -3966,18 +4187,24 @@ index 0000000..573c0af
+selinux(8), boinc(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/bootloader_selinux.8 b/man/man8/bootloader_selinux.8
new file mode 100644
-index 0000000..f02452d
+index 0000000..892a587
--- /dev/null
+++ b/man/man8/bootloader_selinux.8
-@@ -0,0 +1,110 @@
+@@ -0,0 +1,116 @@
+.TH "bootloader_selinux" "8" "bootloader" "dwalsh at redhat.com" "bootloader SELinux Policy documentation"
+.SH "NAME"
+bootloader_selinux \- Security Enhanced Linux Policy for the bootloader processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the bootloader processes via flexible mandatory access
++
++SELinux Linux secures
++.B bootloader
++(Policy for the kernel modules, kernel image, and bootloader)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. bootloader policy is extremely flexible and has several booleans that allow you to manipulate the policy and run bootloader with the tightest access possible.
+
@@ -4033,7 +4260,7 @@ index 0000000..f02452d
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -4054,7 +4281,7 @@ index 0000000..f02452d
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -4065,7 +4292,7 @@ index 0000000..f02452d
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -4083,18 +4310,24 @@ index 0000000..f02452d
\ No newline at end of file
diff --git a/man/man8/brctl_selinux.8 b/man/man8/brctl_selinux.8
new file mode 100644
-index 0000000..42a24ad
+index 0000000..664324c
--- /dev/null
+++ b/man/man8/brctl_selinux.8
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,77 @@
+.TH "brctl_selinux" "8" "brctl" "dwalsh at redhat.com" "brctl SELinux Policy documentation"
+.SH "NAME"
+brctl_selinux \- Security Enhanced Linux Policy for the brctl processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the brctl processes via flexible mandatory access
++
++SELinux Linux secures
++.B brctl
++(Utilities for configuring the linux ethernet bridge)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -4115,7 +4348,7 @@ index 0000000..42a24ad
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -4136,7 +4369,7 @@ index 0000000..42a24ad
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -4147,7 +4380,7 @@ index 0000000..42a24ad
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -4160,18 +4393,24 @@ index 0000000..42a24ad
+selinux(8), brctl(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/cachefilesd_selinux.8 b/man/man8/cachefilesd_selinux.8
new file mode 100644
-index 0000000..32fa62a
+index 0000000..2a47db7
--- /dev/null
+++ b/man/man8/cachefilesd_selinux.8
-@@ -0,0 +1,83 @@
+@@ -0,0 +1,89 @@
+.TH "cachefilesd_selinux" "8" "cachefilesd" "dwalsh at redhat.com" "cachefilesd SELinux Policy documentation"
+.SH "NAME"
+cachefilesd_selinux \- Security Enhanced Linux Policy for the cachefilesd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cachefilesd processes via flexible mandatory access
++
++SELinux Linux secures
++.B cachefilesd
++(policy for cachefilesd)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -4204,7 +4443,7 @@ index 0000000..32fa62a
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -4225,7 +4464,7 @@ index 0000000..32fa62a
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -4236,7 +4475,7 @@ index 0000000..32fa62a
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -4249,18 +4488,24 @@ index 0000000..32fa62a
+selinux(8), cachefilesd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/calamaris_selinux.8 b/man/man8/calamaris_selinux.8
new file mode 100644
-index 0000000..1ecc071
+index 0000000..831d1b4
--- /dev/null
+++ b/man/man8/calamaris_selinux.8
-@@ -0,0 +1,87 @@
+@@ -0,0 +1,93 @@
+.TH "calamaris_selinux" "8" "calamaris" "dwalsh at redhat.com" "calamaris SELinux Policy documentation"
+.SH "NAME"
+calamaris_selinux \- Security Enhanced Linux Policy for the calamaris processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the calamaris processes via flexible mandatory access
++
++SELinux Linux secures
++.B calamaris
++(Squid log analysis)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -4297,7 +4542,7 @@ index 0000000..1ecc071
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -4318,7 +4563,7 @@ index 0000000..1ecc071
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -4329,7 +4574,7 @@ index 0000000..1ecc071
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -4342,18 +4587,24 @@ index 0000000..1ecc071
+selinux(8), calamaris(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/callweaver_selinux.8 b/man/man8/callweaver_selinux.8
new file mode 100644
-index 0000000..a316dae
+index 0000000..00210e6
--- /dev/null
+++ b/man/man8/callweaver_selinux.8
-@@ -0,0 +1,111 @@
+@@ -0,0 +1,117 @@
+.TH "callweaver_selinux" "8" "callweaver" "dwalsh at redhat.com" "callweaver SELinux Policy documentation"
+.SH "NAME"
+callweaver_selinux \- Security Enhanced Linux Policy for the callweaver processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the callweaver processes via flexible mandatory access
++
++SELinux Linux secures
++.B callweaver
++(Open source PBX project)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -4414,7 +4665,7 @@ index 0000000..a316dae
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -4435,7 +4686,7 @@ index 0000000..a316dae
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -4446,7 +4697,7 @@ index 0000000..a316dae
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -4459,18 +4710,24 @@ index 0000000..a316dae
+selinux(8), callweaver(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/canna_selinux.8 b/man/man8/canna_selinux.8
new file mode 100644
-index 0000000..4e20e4f
+index 0000000..f254edc
--- /dev/null
+++ b/man/man8/canna_selinux.8
-@@ -0,0 +1,119 @@
+@@ -0,0 +1,125 @@
+.TH "canna_selinux" "8" "canna" "dwalsh at redhat.com" "canna SELinux Policy documentation"
+.SH "NAME"
+canna_selinux \- Security Enhanced Linux Policy for the canna processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the canna processes via flexible mandatory access
++
++SELinux Linux secures
++.B canna
++(Canna - kana-kanji conversion server)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -4539,7 +4796,7 @@ index 0000000..4e20e4f
+/var/run/\.iroha_unix/.*, /var/run/wnn-unix(/.*)?, /var/run/\.iroha_unix
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -4560,7 +4817,7 @@ index 0000000..4e20e4f
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -4571,7 +4828,7 @@ index 0000000..4e20e4f
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -4584,7 +4841,7 @@ index 0000000..4e20e4f
+selinux(8), canna(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/cardmgr_selinux.8 b/man/man8/cardmgr_selinux.8
new file mode 100644
-index 0000000..69fc214
+index 0000000..a494bcb
--- /dev/null
+++ b/man/man8/cardmgr_selinux.8
@@ -0,0 +1,111 @@
@@ -4593,8 +4850,8 @@ index 0000000..69fc214
+cardmgr_selinux \- Security Enhanced Linux Policy for the cardmgr processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cardmgr processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -4656,7 +4913,7 @@ index 0000000..69fc214
+/var/run/cardmgr\.pid, /var/run/stab, /var/lib/pcmcia(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -4677,7 +4934,7 @@ index 0000000..69fc214
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -4688,7 +4945,7 @@ index 0000000..69fc214
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -4701,18 +4958,24 @@ index 0000000..69fc214
+selinux(8), cardmgr(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ccs_selinux.8 b/man/man8/ccs_selinux.8
new file mode 100644
-index 0000000..92ed5b6
+index 0000000..d2d4fde
--- /dev/null
+++ b/man/man8/ccs_selinux.8
-@@ -0,0 +1,119 @@
+@@ -0,0 +1,125 @@
+.TH "ccs_selinux" "8" "ccs" "dwalsh at redhat.com" "ccs SELinux Policy documentation"
+.SH "NAME"
+ccs_selinux \- Security Enhanced Linux Policy for the ccs processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ccs processes via flexible mandatory access
++
++SELinux Linux secures
++.B ccs
++(Cluster Configuration System)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -4781,7 +5044,7 @@ index 0000000..92ed5b6
+/var/run/cluster/ccsd\.pid, /var/run/cluster/ccsd\.sock
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -4802,7 +5065,7 @@ index 0000000..92ed5b6
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -4813,7 +5076,7 @@ index 0000000..92ed5b6
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -4826,7 +5089,7 @@ index 0000000..92ed5b6
+selinux(8), ccs(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/cdcc_selinux.8 b/man/man8/cdcc_selinux.8
new file mode 100644
-index 0000000..1a69cb2
+index 0000000..217f349
--- /dev/null
+++ b/man/man8/cdcc_selinux.8
@@ -0,0 +1,79 @@
@@ -4835,8 +5098,8 @@ index 0000000..1a69cb2
+cdcc_selinux \- Security Enhanced Linux Policy for the cdcc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cdcc processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -4866,7 +5129,7 @@ index 0000000..1a69cb2
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -4887,7 +5150,7 @@ index 0000000..1a69cb2
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -4898,7 +5161,7 @@ index 0000000..1a69cb2
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -4911,18 +5174,24 @@ index 0000000..1a69cb2
+selinux(8), cdcc(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/cdrecord_selinux.8 b/man/man8/cdrecord_selinux.8
new file mode 100644
-index 0000000..4328281
+index 0000000..db2a2e1
--- /dev/null
+++ b/man/man8/cdrecord_selinux.8
-@@ -0,0 +1,90 @@
+@@ -0,0 +1,96 @@
+.TH "cdrecord_selinux" "8" "cdrecord" "dwalsh at redhat.com" "cdrecord SELinux Policy documentation"
+.SH "NAME"
+cdrecord_selinux \- Security Enhanced Linux Policy for the cdrecord processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cdrecord processes via flexible mandatory access
++
++SELinux Linux secures
++.B cdrecord
++(Policy for cdrecord)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. cdrecord policy is extremely flexible and has several booleans that allow you to manipulate the policy and run cdrecord with the tightest access possible.
+
@@ -4958,7 +5227,7 @@ index 0000000..4328281
+/usr/bin/cdrecord, /usr/bin/wodim, /usr/bin/growisofs
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -4979,7 +5248,7 @@ index 0000000..4328281
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -4990,7 +5259,7 @@ index 0000000..4328281
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -5008,18 +5277,24 @@ index 0000000..4328281
\ No newline at end of file
diff --git a/man/man8/certmaster_selinux.8 b/man/man8/certmaster_selinux.8
new file mode 100644
-index 0000000..ebcc043
+index 0000000..bf4f6c4
--- /dev/null
+++ b/man/man8/certmaster_selinux.8
-@@ -0,0 +1,137 @@
+@@ -0,0 +1,143 @@
+.TH "certmaster_selinux" "8" "certmaster" "dwalsh at redhat.com" "certmaster SELinux Policy documentation"
+.SH "NAME"
+certmaster_selinux \- Security Enhanced Linux Policy for the certmaster processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the certmaster processes via flexible mandatory access
++
++SELinux Linux secures
++.B certmaster
++(Certmaster SSL certificate distribution service)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -5080,7 +5355,7 @@ index 0000000..ebcc043
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -5124,7 +5399,7 @@ index 0000000..ebcc043
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -5135,7 +5410,7 @@ index 0000000..ebcc043
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -5151,18 +5426,24 @@ index 0000000..ebcc043
+selinux(8), certmaster(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/certmonger_selinux.8 b/man/man8/certmonger_selinux.8
new file mode 100644
-index 0000000..e976a51
+index 0000000..bb9c5e1
--- /dev/null
+++ b/man/man8/certmonger_selinux.8
-@@ -0,0 +1,95 @@
+@@ -0,0 +1,101 @@
+.TH "certmonger_selinux" "8" "certmonger" "dwalsh at redhat.com" "certmonger SELinux Policy documentation"
+.SH "NAME"
+certmonger_selinux \- Security Enhanced Linux Policy for the certmonger processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the certmonger processes via flexible mandatory access
++
++SELinux Linux secures
++.B certmonger
++(Certificate status monitor and PKI enrollment client)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -5207,7 +5488,7 @@ index 0000000..e976a51
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -5228,7 +5509,7 @@ index 0000000..e976a51
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -5239,7 +5520,7 @@ index 0000000..e976a51
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -5252,18 +5533,24 @@ index 0000000..e976a51
+selinux(8), certmonger(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/certwatch_selinux.8 b/man/man8/certwatch_selinux.8
new file mode 100644
-index 0000000..a972ef4
+index 0000000..612259c
--- /dev/null
+++ b/man/man8/certwatch_selinux.8
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,77 @@
+.TH "certwatch_selinux" "8" "certwatch" "dwalsh at redhat.com" "certwatch SELinux Policy documentation"
+.SH "NAME"
+certwatch_selinux \- Security Enhanced Linux Policy for the certwatch processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the certwatch processes via flexible mandatory access
++
++SELinux Linux secures
++.B certwatch
++(Digital Certificate Tracking)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -5284,7 +5571,7 @@ index 0000000..a972ef4
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -5305,7 +5592,7 @@ index 0000000..a972ef4
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -5316,7 +5603,7 @@ index 0000000..a972ef4
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -5329,18 +5616,24 @@ index 0000000..a972ef4
+selinux(8), certwatch(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/cfengine_selinux.8 b/man/man8/cfengine_selinux.8
new file mode 100644
-index 0000000..5ecab5f
+index 0000000..0831deb
--- /dev/null
+++ b/man/man8/cfengine_selinux.8
-@@ -0,0 +1,107 @@
+@@ -0,0 +1,113 @@
+.TH "cfengine_selinux" "8" "cfengine" "dwalsh at redhat.com" "cfengine SELinux Policy documentation"
+.SH "NAME"
+cfengine_selinux \- Security Enhanced Linux Policy for the cfengine processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cfengine processes via flexible mandatory access
++
++SELinux Linux secures
++.B cfengine
++(policy for cfengine)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -5397,7 +5690,7 @@ index 0000000..5ecab5f
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -5418,7 +5711,7 @@ index 0000000..5ecab5f
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -5429,7 +5722,7 @@ index 0000000..5ecab5f
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -5442,7 +5735,7 @@ index 0000000..5ecab5f
+selinux(8), cfengine(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/cgclear_selinux.8 b/man/man8/cgclear_selinux.8
new file mode 100644
-index 0000000..0772c20
+index 0000000..8dc7a1f
--- /dev/null
+++ b/man/man8/cgclear_selinux.8
@@ -0,0 +1,75 @@
@@ -5451,8 +5744,8 @@ index 0000000..0772c20
+cgclear_selinux \- Security Enhanced Linux Policy for the cgclear processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cgclear processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -5478,7 +5771,7 @@ index 0000000..0772c20
+/sbin/cgclear, /usr/sbin/cgclear
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -5499,7 +5792,7 @@ index 0000000..0772c20
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -5510,7 +5803,7 @@ index 0000000..0772c20
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -5523,7 +5816,7 @@ index 0000000..0772c20
+selinux(8), cgclear(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/cgconfig_selinux.8 b/man/man8/cgconfig_selinux.8
new file mode 100644
-index 0000000..6d4e306
+index 0000000..bf8323b
--- /dev/null
+++ b/man/man8/cgconfig_selinux.8
@@ -0,0 +1,95 @@
@@ -5532,8 +5825,8 @@ index 0000000..6d4e306
+cgconfig_selinux \- Security Enhanced Linux Policy for the cgconfig processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cgconfig processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -5579,7 +5872,7 @@ index 0000000..6d4e306
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -5600,7 +5893,7 @@ index 0000000..6d4e306
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -5611,7 +5904,7 @@ index 0000000..6d4e306
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -5624,7 +5917,7 @@ index 0000000..6d4e306
+selinux(8), cgconfig(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/cgred_selinux.8 b/man/man8/cgred_selinux.8
new file mode 100644
-index 0000000..8d16942
+index 0000000..8cf1b40
--- /dev/null
+++ b/man/man8/cgred_selinux.8
@@ -0,0 +1,99 @@
@@ -5633,8 +5926,8 @@ index 0000000..8d16942
+cgred_selinux \- Security Enhanced Linux Policy for the cgred processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cgred processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -5684,7 +5977,7 @@ index 0000000..8d16942
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -5705,7 +5998,7 @@ index 0000000..8d16942
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -5716,7 +6009,7 @@ index 0000000..8d16942
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -5729,7 +6022,7 @@ index 0000000..8d16942
+selinux(8), cgred(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/checkpc_selinux.8 b/man/man8/checkpc_selinux.8
new file mode 100644
-index 0000000..7b0dd32
+index 0000000..5c6fcde
--- /dev/null
+++ b/man/man8/checkpc_selinux.8
@@ -0,0 +1,79 @@
@@ -5738,8 +6031,8 @@ index 0000000..7b0dd32
+checkpc_selinux \- Security Enhanced Linux Policy for the checkpc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the checkpc processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -5769,7 +6062,7 @@ index 0000000..7b0dd32
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -5790,7 +6083,7 @@ index 0000000..7b0dd32
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -5801,7 +6094,7 @@ index 0000000..7b0dd32
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -5814,7 +6107,7 @@ index 0000000..7b0dd32
+selinux(8), checkpc(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/checkpolicy_selinux.8 b/man/man8/checkpolicy_selinux.8
new file mode 100644
-index 0000000..1fac025
+index 0000000..b67fcc4
--- /dev/null
+++ b/man/man8/checkpolicy_selinux.8
@@ -0,0 +1,71 @@
@@ -5823,8 +6116,8 @@ index 0000000..1fac025
+checkpolicy_selinux \- Security Enhanced Linux Policy for the checkpolicy processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the checkpolicy processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -5846,7 +6139,7 @@ index 0000000..1fac025
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -5867,7 +6160,7 @@ index 0000000..1fac025
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -5878,7 +6171,7 @@ index 0000000..1fac025
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -5891,7 +6184,7 @@ index 0000000..1fac025
+selinux(8), checkpolicy(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/chfn_selinux.8 b/man/man8/chfn_selinux.8
new file mode 100644
-index 0000000..bdd6ff2
+index 0000000..c81760f
--- /dev/null
+++ b/man/man8/chfn_selinux.8
@@ -0,0 +1,75 @@
@@ -5900,8 +6193,8 @@ index 0000000..bdd6ff2
+chfn_selinux \- Security Enhanced Linux Policy for the chfn processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the chfn processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -5927,7 +6220,7 @@ index 0000000..bdd6ff2
+/usr/bin/chfn, /usr/bin/chsh
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -5948,7 +6241,7 @@ index 0000000..bdd6ff2
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -5959,7 +6252,7 @@ index 0000000..bdd6ff2
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -5972,7 +6265,7 @@ index 0000000..bdd6ff2
+selinux(8), chfn(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/chkpwd_selinux.8 b/man/man8/chkpwd_selinux.8
new file mode 100644
-index 0000000..0c1d7d4
+index 0000000..03d8e09
--- /dev/null
+++ b/man/man8/chkpwd_selinux.8
@@ -0,0 +1,75 @@
@@ -5981,8 +6274,8 @@ index 0000000..0c1d7d4
+chkpwd_selinux \- Security Enhanced Linux Policy for the chkpwd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the chkpwd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -6008,7 +6301,7 @@ index 0000000..0c1d7d4
+/sbin/unix_verify, /sbin/unix_chkpwd, /usr/sbin/unix_verify, /usr/sbin/validate, /usr/sbin/unix_chkpwd
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -6029,7 +6322,7 @@ index 0000000..0c1d7d4
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -6040,7 +6333,7 @@ index 0000000..0c1d7d4
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -6053,18 +6346,24 @@ index 0000000..0c1d7d4
+selinux(8), chkpwd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/chrome_selinux.8 b/man/man8/chrome_selinux.8
new file mode 100644
-index 0000000..1623249
+index 0000000..e83770b
--- /dev/null
+++ b/man/man8/chrome_selinux.8
-@@ -0,0 +1,118 @@
+@@ -0,0 +1,124 @@
+.TH "chrome_selinux" "8" "chrome" "dwalsh at redhat.com" "chrome SELinux Policy documentation"
+.SH "NAME"
+chrome_selinux \- Security Enhanced Linux Policy for the chrome processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the chrome processes via flexible mandatory access
++
++SELinux Linux secures
++.B chrome
++(policy for chrome)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. chrome policy is extremely flexible and has several booleans that allow you to manipulate the policy and run chrome with the tightest access possible.
+
@@ -6128,7 +6427,7 @@ index 0000000..1623249
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -6149,7 +6448,7 @@ index 0000000..1623249
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -6160,7 +6459,7 @@ index 0000000..1623249
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -6178,18 +6477,24 @@ index 0000000..1623249
\ No newline at end of file
diff --git a/man/man8/chronyd_selinux.8 b/man/man8/chronyd_selinux.8
new file mode 100644
-index 0000000..105912c
+index 0000000..a557c95
--- /dev/null
+++ b/man/man8/chronyd_selinux.8
-@@ -0,0 +1,161 @@
+@@ -0,0 +1,167 @@
+.TH "chronyd_selinux" "8" "chronyd" "dwalsh at redhat.com" "chronyd SELinux Policy documentation"
+.SH "NAME"
+chronyd_selinux \- Security Enhanced Linux Policy for the chronyd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the chronyd processes via flexible mandatory access
++
++SELinux Linux secures
++.B chronyd
++(Chrony NTP background daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -6274,7 +6579,7 @@ index 0000000..105912c
+/var/run/chronyd(/.*), /var/run/chronyd\.sock, /var/run/chronyd\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -6318,7 +6623,7 @@ index 0000000..105912c
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -6329,7 +6634,7 @@ index 0000000..105912c
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -6345,7 +6650,7 @@ index 0000000..105912c
+selinux(8), chronyd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ciped_selinux.8 b/man/man8/ciped_selinux.8
new file mode 100644
-index 0000000..2ada9d4
+index 0000000..e387cea
--- /dev/null
+++ b/man/man8/ciped_selinux.8
@@ -0,0 +1,71 @@
@@ -6354,8 +6659,8 @@ index 0000000..2ada9d4
+ciped_selinux \- Security Enhanced Linux Policy for the ciped processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ciped processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -6377,7 +6682,7 @@ index 0000000..2ada9d4
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -6398,7 +6703,7 @@ index 0000000..2ada9d4
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -6409,7 +6714,7 @@ index 0000000..2ada9d4
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -6422,7 +6727,7 @@ index 0000000..2ada9d4
+selinux(8), ciped(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/clamd_selinux.8 b/man/man8/clamd_selinux.8
new file mode 100644
-index 0000000..4ee0c57
+index 0000000..7ffdf73
--- /dev/null
+++ b/man/man8/clamd_selinux.8
@@ -0,0 +1,183 @@
@@ -6431,8 +6736,8 @@ index 0000000..4ee0c57
+clamd_selinux \- Security Enhanced Linux Policy for the clamd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the clamd processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. clamd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run clamd with the tightest access possible.
@@ -6536,7 +6841,7 @@ index 0000000..4ee0c57
+/var/run/amavis(d)?/clamd\.pid, /var/run/clamd.*, /var/run/clamav.*, /var/spool/MailScanner(/.*)?, /var/spool/amavisd/clamd\.sock
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -6580,7 +6885,7 @@ index 0000000..4ee0c57
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -6591,7 +6896,7 @@ index 0000000..4ee0c57
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -6612,7 +6917,7 @@ index 0000000..4ee0c57
\ No newline at end of file
diff --git a/man/man8/clamscan_selinux.8 b/man/man8/clamscan_selinux.8
new file mode 100644
-index 0000000..9f7ec16
+index 0000000..4b82f56
--- /dev/null
+++ b/man/man8/clamscan_selinux.8
@@ -0,0 +1,98 @@
@@ -6621,8 +6926,8 @@ index 0000000..9f7ec16
+clamscan_selinux \- Security Enhanced Linux Policy for the clamscan processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the clamscan processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. clamscan policy is extremely flexible and has several booleans that allow you to manipulate the policy and run clamscan with the tightest access possible.
@@ -6667,7 +6972,7 @@ index 0000000..9f7ec16
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -6688,7 +6993,7 @@ index 0000000..9f7ec16
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -6699,7 +7004,7 @@ index 0000000..9f7ec16
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -6717,18 +7022,24 @@ index 0000000..9f7ec16
\ No newline at end of file
diff --git a/man/man8/clogd_selinux.8 b/man/man8/clogd_selinux.8
new file mode 100644
-index 0000000..40ad9f3
+index 0000000..c68d541
--- /dev/null
+++ b/man/man8/clogd_selinux.8
-@@ -0,0 +1,87 @@
+@@ -0,0 +1,93 @@
+.TH "clogd_selinux" "8" "clogd" "dwalsh at redhat.com" "clogd SELinux Policy documentation"
+.SH "NAME"
+clogd_selinux \- Security Enhanced Linux Policy for the clogd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the clogd processes via flexible mandatory access
++
++SELinux Linux secures
++.B clogd
++(clogd - Clustered Mirror Log Server)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -6765,7 +7076,7 @@ index 0000000..40ad9f3
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -6786,7 +7097,7 @@ index 0000000..40ad9f3
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -6797,7 +7108,7 @@ index 0000000..40ad9f3
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -6810,7 +7121,7 @@ index 0000000..40ad9f3
+selinux(8), clogd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/clvmd_selinux.8 b/man/man8/clvmd_selinux.8
new file mode 100644
-index 0000000..bc0a460
+index 0000000..f25da6c
--- /dev/null
+++ b/man/man8/clvmd_selinux.8
@@ -0,0 +1,95 @@
@@ -6819,8 +7130,8 @@ index 0000000..bc0a460
+clvmd_selinux \- Security Enhanced Linux Policy for the clvmd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the clvmd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -6866,7 +7177,7 @@ index 0000000..bc0a460
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -6887,7 +7198,7 @@ index 0000000..bc0a460
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -6898,7 +7209,7 @@ index 0000000..bc0a460
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -6911,18 +7222,24 @@ index 0000000..bc0a460
+selinux(8), clvmd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/cmirrord_selinux.8 b/man/man8/cmirrord_selinux.8
new file mode 100644
-index 0000000..16a4bc5
+index 0000000..056abd4
--- /dev/null
+++ b/man/man8/cmirrord_selinux.8
-@@ -0,0 +1,95 @@
+@@ -0,0 +1,101 @@
+.TH "cmirrord_selinux" "8" "cmirrord" "dwalsh at redhat.com" "cmirrord SELinux Policy documentation"
+.SH "NAME"
+cmirrord_selinux \- Security Enhanced Linux Policy for the cmirrord processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cmirrord processes via flexible mandatory access
++
++SELinux Linux secures
++.B cmirrord
++(Cluster mirror log daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -6967,7 +7284,7 @@ index 0000000..16a4bc5
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -6988,7 +7305,7 @@ index 0000000..16a4bc5
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -6999,7 +7316,7 @@ index 0000000..16a4bc5
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -7012,7 +7329,7 @@ index 0000000..16a4bc5
+selinux(8), cmirrord(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/cobblerd_selinux.8 b/man/man8/cobblerd_selinux.8
new file mode 100644
-index 0000000..ef22905
+index 0000000..08e89bb
--- /dev/null
+++ b/man/man8/cobblerd_selinux.8
@@ -0,0 +1,167 @@
@@ -7021,8 +7338,8 @@ index 0000000..ef22905
+cobblerd_selinux \- Security Enhanced Linux Policy for the cobblerd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cobblerd processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. cobblerd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run cobblerd with the tightest access possible.
@@ -7067,7 +7384,7 @@ index 0000000..ef22905
+.B restorecon -F -R -v /var/cobblerd
+.pp
+.TP
-+Allow cobblerd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_cobblerdd_anon_write boolean to be set.
++Allow cobblerd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_cobblerd_anon_write boolean to be set.
+.PP
+.B
+semanage fcontext -a -t public_content_rw_t "/var/cobblerd/incoming(/.*)?"
@@ -7110,7 +7427,7 @@ index 0000000..ef22905
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -7154,7 +7471,7 @@ index 0000000..ef22905
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -7165,7 +7482,7 @@ index 0000000..ef22905
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -7186,18 +7503,24 @@ index 0000000..ef22905
\ No newline at end of file
diff --git a/man/man8/collectd_selinux.8 b/man/man8/collectd_selinux.8
new file mode 100644
-index 0000000..f75feed
+index 0000000..70a9570
--- /dev/null
+++ b/man/man8/collectd_selinux.8
-@@ -0,0 +1,110 @@
+@@ -0,0 +1,116 @@
+.TH "collectd_selinux" "8" "collectd" "dwalsh at redhat.com" "collectd SELinux Policy documentation"
+.SH "NAME"
+collectd_selinux \- Security Enhanced Linux Policy for the collectd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the collectd processes via flexible mandatory access
++
++SELinux Linux secures
++.B collectd
++(policy for collectd)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. collectd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run collectd with the tightest access possible.
+
@@ -7253,7 +7576,7 @@ index 0000000..f75feed
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -7274,7 +7597,7 @@ index 0000000..f75feed
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -7285,7 +7608,7 @@ index 0000000..f75feed
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -7303,18 +7626,24 @@ index 0000000..f75feed
\ No newline at end of file
diff --git a/man/man8/colord_selinux.8 b/man/man8/colord_selinux.8
new file mode 100644
-index 0000000..b08b592
+index 0000000..185b909
--- /dev/null
+++ b/man/man8/colord_selinux.8
-@@ -0,0 +1,99 @@
+@@ -0,0 +1,105 @@
+.TH "colord_selinux" "8" "colord" "dwalsh at redhat.com" "colord SELinux Policy documentation"
+.SH "NAME"
+colord_selinux \- Security Enhanced Linux Policy for the colord processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the colord processes via flexible mandatory access
++
++SELinux Linux secures
++.B colord
++(GNOME color manager)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -7363,7 +7692,7 @@ index 0000000..b08b592
+/var/lib/color(/.*)?, /var/lib/colord(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -7384,7 +7713,7 @@ index 0000000..b08b592
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -7395,7 +7724,7 @@ index 0000000..b08b592
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -7408,18 +7737,24 @@ index 0000000..b08b592
+selinux(8), colord(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/comsat_selinux.8 b/man/man8/comsat_selinux.8
new file mode 100644
-index 0000000..bef7da9
+index 0000000..da3d8e9
--- /dev/null
+++ b/man/man8/comsat_selinux.8
-@@ -0,0 +1,113 @@
+@@ -0,0 +1,119 @@
+.TH "comsat_selinux" "8" "comsat" "dwalsh at redhat.com" "comsat SELinux Policy documentation"
+.SH "NAME"
+comsat_selinux \- Security Enhanced Linux Policy for the comsat processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the comsat processes via flexible mandatory access
++
++SELinux Linux secures
++.B comsat
++(Comsat, a biff server)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -7456,7 +7791,7 @@ index 0000000..bef7da9
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -7500,7 +7835,7 @@ index 0000000..bef7da9
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -7511,7 +7846,7 @@ index 0000000..bef7da9
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -7527,18 +7862,24 @@ index 0000000..bef7da9
+selinux(8), comsat(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/consolekit_selinux.8 b/man/man8/consolekit_selinux.8
new file mode 100644
-index 0000000..a19f983
+index 0000000..132d3ba
--- /dev/null
+++ b/man/man8/consolekit_selinux.8
-@@ -0,0 +1,99 @@
+@@ -0,0 +1,105 @@
+.TH "consolekit_selinux" "8" "consolekit" "dwalsh at redhat.com" "consolekit SELinux Policy documentation"
+.SH "NAME"
+consolekit_selinux \- Security Enhanced Linux Policy for the consolekit processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the consolekit processes via flexible mandatory access
++
++SELinux Linux secures
++.B consolekit
++(Framework for facilitating multiple user sessions on desktops)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -7587,7 +7928,7 @@ index 0000000..a19f983
+/var/run/console-kit-daemon\.pid, /var/run/ConsoleKit(/.*)?, /var/run/consolekit\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -7608,7 +7949,7 @@ index 0000000..a19f983
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -7619,7 +7960,7 @@ index 0000000..a19f983
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -7632,18 +7973,26 @@ index 0000000..a19f983
+selinux(8), consolekit(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/consoletype_selinux.8 b/man/man8/consoletype_selinux.8
new file mode 100644
-index 0000000..51bc584
+index 0000000..931d27b
--- /dev/null
+++ b/man/man8/consoletype_selinux.8
-@@ -0,0 +1,75 @@
+@@ -0,0 +1,83 @@
+.TH "consoletype_selinux" "8" "consoletype" "dwalsh at redhat.com" "consoletype SELinux Policy documentation"
+.SH "NAME"
+consoletype_selinux \- Security Enhanced Linux Policy for the consoletype processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the consoletype processes via flexible mandatory access
++
++SELinux Linux secures
++.B consoletype
++(
++Determine of the console connected to the controlling terminal.
++)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -7668,7 +8017,7 @@ index 0000000..51bc584
+/usr/sbin/consoletype, /sbin/consoletype
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -7689,7 +8038,7 @@ index 0000000..51bc584
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -7700,7 +8049,7 @@ index 0000000..51bc584
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -7713,18 +8062,24 @@ index 0000000..51bc584
+selinux(8), consoletype(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/corosync_selinux.8 b/man/man8/corosync_selinux.8
new file mode 100644
-index 0000000..13790e2
+index 0000000..d0cbc27
--- /dev/null
+++ b/man/man8/corosync_selinux.8
-@@ -0,0 +1,135 @@
+@@ -0,0 +1,141 @@
+.TH "corosync_selinux" "8" "corosync" "dwalsh at redhat.com" "corosync SELinux Policy documentation"
+.SH "NAME"
+corosync_selinux \- Security Enhanced Linux Policy for the corosync processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the corosync processes via flexible mandatory access
++
++SELinux Linux secures
++.B corosync
++(Corosync Cluster Engine)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -7809,7 +8164,7 @@ index 0000000..13790e2
+/var/run/hearbeat(/.*)?, /var/run/corosync\.pid, /var/run/cman_.*
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -7830,7 +8185,7 @@ index 0000000..13790e2
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -7841,7 +8196,7 @@ index 0000000..13790e2
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -7854,18 +8209,24 @@ index 0000000..13790e2
+selinux(8), corosync(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/courier_selinux.8 b/man/man8/courier_selinux.8
new file mode 100644
-index 0000000..e9accfd
+index 0000000..3dc9d81
--- /dev/null
+++ b/man/man8/courier_selinux.8
-@@ -0,0 +1,159 @@
+@@ -0,0 +1,165 @@
+.TH "courier_selinux" "8" "courier" "dwalsh at redhat.com" "courier SELinux Policy documentation"
+.SH "NAME"
+courier_selinux \- Security Enhanced Linux Policy for the courier processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the courier processes via flexible mandatory access
++
++SELinux Linux secures
++.B courier
++(Courier IMAP and POP3 email servers)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -7974,7 +8335,7 @@ index 0000000..e9accfd
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -7995,7 +8356,7 @@ index 0000000..e9accfd
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -8006,7 +8367,7 @@ index 0000000..e9accfd
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -8019,18 +8380,24 @@ index 0000000..e9accfd
+selinux(8), courier(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/cpucontrol_selinux.8 b/man/man8/cpucontrol_selinux.8
new file mode 100644
-index 0000000..4f810f7
+index 0000000..e50677e
--- /dev/null
+++ b/man/man8/cpucontrol_selinux.8
-@@ -0,0 +1,83 @@
+@@ -0,0 +1,89 @@
+.TH "cpucontrol_selinux" "8" "cpucontrol" "dwalsh at redhat.com" "cpucontrol SELinux Policy documentation"
+.SH "NAME"
+cpucontrol_selinux \- Security Enhanced Linux Policy for the cpucontrol processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cpucontrol processes via flexible mandatory access
++
++SELinux Linux secures
++.B cpucontrol
++(Services for loading CPU microcode and CPU frequency scaling)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -8063,7 +8430,7 @@ index 0000000..4f810f7
+/sbin/microcode_ctl, /usr/sbin/microcode_ctl
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -8084,7 +8451,7 @@ index 0000000..4f810f7
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -8095,7 +8462,7 @@ index 0000000..4f810f7
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -8108,18 +8475,24 @@ index 0000000..4f810f7
+selinux(8), cpucontrol(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/cpufreqselector_selinux.8 b/man/man8/cpufreqselector_selinux.8
new file mode 100644
-index 0000000..4f04063
+index 0000000..e7b10a3
--- /dev/null
+++ b/man/man8/cpufreqselector_selinux.8
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,77 @@
+.TH "cpufreqselector_selinux" "8" "cpufreqselector" "dwalsh at redhat.com" "cpufreqselector SELinux Policy documentation"
+.SH "NAME"
+cpufreqselector_selinux \- Security Enhanced Linux Policy for the cpufreqselector processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cpufreqselector processes via flexible mandatory access
++
++SELinux Linux secures
++.B cpufreqselector
++(Command-line CPU frequency settings)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -8140,7 +8513,7 @@ index 0000000..4f04063
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -8161,7 +8534,7 @@ index 0000000..4f04063
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -8172,7 +8545,7 @@ index 0000000..4f04063
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -8185,7 +8558,7 @@ index 0000000..4f04063
+selinux(8), cpufreqselector(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/cpuspeed_selinux.8 b/man/man8/cpuspeed_selinux.8
new file mode 100644
-index 0000000..c644972
+index 0000000..8142e64
--- /dev/null
+++ b/man/man8/cpuspeed_selinux.8
@@ -0,0 +1,83 @@
@@ -8194,8 +8567,8 @@ index 0000000..c644972
+cpuspeed_selinux \- Security Enhanced Linux Policy for the cpuspeed processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cpuspeed processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -8229,7 +8602,7 @@ index 0000000..c644972
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -8250,7 +8623,7 @@ index 0000000..c644972
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -8261,7 +8634,7 @@ index 0000000..c644972
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -8274,7 +8647,7 @@ index 0000000..c644972
+selinux(8), cpuspeed(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/crack_selinux.8 b/man/man8/crack_selinux.8
new file mode 100644
-index 0000000..25dca61
+index 0000000..328fc4d
--- /dev/null
+++ b/man/man8/crack_selinux.8
@@ -0,0 +1,95 @@
@@ -8283,8 +8656,8 @@ index 0000000..25dca61
+crack_selinux \- Security Enhanced Linux Policy for the crack processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the crack processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -8330,7 +8703,7 @@ index 0000000..25dca61
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -8351,7 +8724,7 @@ index 0000000..25dca61
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -8362,7 +8735,7 @@ index 0000000..25dca61
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -8375,7 +8748,7 @@ index 0000000..25dca61
+selinux(8), crack(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/crond_selinux.8 b/man/man8/crond_selinux.8
new file mode 100644
-index 0000000..7485af4
+index 0000000..504000b
--- /dev/null
+++ b/man/man8/crond_selinux.8
@@ -0,0 +1,137 @@
@@ -8384,8 +8757,8 @@ index 0000000..7485af4
+crond_selinux \- Security Enhanced Linux Policy for the crond processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the crond processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. crond policy is extremely flexible and has several booleans that allow you to manipulate the policy and run crond with the tightest access possible.
@@ -8469,7 +8842,7 @@ index 0000000..7485af4
+/var/run/crond?\.pid, /var/run/.*cron.*, /var/run/fcron\.pid, /var/run/crond?\.reboot, /var/run/fcron\.fifo, /var/run/atd\.pid, /var/run/anacron\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -8490,7 +8863,7 @@ index 0000000..7485af4
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -8501,7 +8874,7 @@ index 0000000..7485af4
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -8519,7 +8892,7 @@ index 0000000..7485af4
\ No newline at end of file
diff --git a/man/man8/crontab_selinux.8 b/man/man8/crontab_selinux.8
new file mode 100644
-index 0000000..e4713c6
+index 0000000..3de534f
--- /dev/null
+++ b/man/man8/crontab_selinux.8
@@ -0,0 +1,83 @@
@@ -8528,8 +8901,8 @@ index 0000000..e4713c6
+crontab_selinux \- Security Enhanced Linux Policy for the crontab processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the crontab processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -8563,7 +8936,7 @@ index 0000000..e4713c6
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -8584,7 +8957,7 @@ index 0000000..e4713c6
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -8595,7 +8968,7 @@ index 0000000..e4713c6
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -8608,18 +8981,24 @@ index 0000000..e4713c6
+selinux(8), crontab(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ctdbd_selinux.8 b/man/man8/ctdbd_selinux.8
new file mode 100644
-index 0000000..362d29c
+index 0000000..1da47eb
--- /dev/null
+++ b/man/man8/ctdbd_selinux.8
-@@ -0,0 +1,149 @@
+@@ -0,0 +1,155 @@
+.TH "ctdbd_selinux" "8" "ctdbd" "dwalsh at redhat.com" "ctdbd SELinux Policy documentation"
+.SH "NAME"
+ctdbd_selinux \- Security Enhanced Linux Policy for the ctdbd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ctdbd processes via flexible mandatory access
++
++SELinux Linux secures
++.B ctdbd
++(policy for ctdbd)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -8692,7 +9071,7 @@ index 0000000..362d29c
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -8736,7 +9115,7 @@ index 0000000..362d29c
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -8747,7 +9126,7 @@ index 0000000..362d29c
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -8763,18 +9142,24 @@ index 0000000..362d29c
+selinux(8), ctdbd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/cups_selinux.8 b/man/man8/cups_selinux.8
new file mode 100644
-index 0000000..d58434b
+index 0000000..995309a
--- /dev/null
+++ b/man/man8/cups_selinux.8
-@@ -0,0 +1,211 @@
+@@ -0,0 +1,217 @@
+.TH "cups_selinux" "8" "cups" "dwalsh at redhat.com" "cups SELinux Policy documentation"
+.SH "NAME"
+cups_selinux \- Security Enhanced Linux Policy for the cups processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cups processes via flexible mandatory access
++
++SELinux Linux secures
++.B cups
++(Common UNIX printing system)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -8935,7 +9320,7 @@ index 0000000..d58434b
+/var/ccpd(/.*)?, /var/ekpd(/.*)?, /var/turboprint(/.*)?, /var/run/cups(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -8956,7 +9341,7 @@ index 0000000..d58434b
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -8967,7 +9352,7 @@ index 0000000..d58434b
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -8980,7 +9365,7 @@ index 0000000..d58434b
+selinux(8), cups(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/cupsd_selinux.8 b/man/man8/cupsd_selinux.8
new file mode 100644
-index 0000000..a35b643
+index 0000000..2b2047f
--- /dev/null
+++ b/man/man8/cupsd_selinux.8
@@ -0,0 +1,195 @@
@@ -8989,8 +9374,8 @@ index 0000000..a35b643
+cupsd_selinux \- Security Enhanced Linux Policy for the cupsd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cupsd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -9136,7 +9521,7 @@ index 0000000..a35b643
+/var/ccpd(/.*)?, /var/ekpd(/.*)?, /var/turboprint(/.*)?, /var/run/cups(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -9157,7 +9542,7 @@ index 0000000..a35b643
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -9168,7 +9553,7 @@ index 0000000..a35b643
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -9181,18 +9566,24 @@ index 0000000..a35b643
+selinux(8), cupsd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/cvs_selinux.8 b/man/man8/cvs_selinux.8
new file mode 100644
-index 0000000..d66a0fd
+index 0000000..5047556
--- /dev/null
+++ b/man/man8/cvs_selinux.8
-@@ -0,0 +1,156 @@
+@@ -0,0 +1,162 @@
+.TH "cvs_selinux" "8" "cvs" "dwalsh at redhat.com" "cvs SELinux Policy documentation"
+.SH "NAME"
+cvs_selinux \- Security Enhanced Linux Policy for the cvs processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cvs processes via flexible mandatory access
++
++SELinux Linux secures
++.B cvs
++(Concurrent versions system)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. cvs policy is extremely flexible and has several booleans that allow you to manipulate the policy and run cvs with the tightest access possible.
+
@@ -9268,7 +9659,7 @@ index 0000000..d66a0fd
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -9312,7 +9703,7 @@ index 0000000..d66a0fd
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -9323,7 +9714,7 @@ index 0000000..d66a0fd
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -9344,18 +9735,24 @@ index 0000000..d66a0fd
\ No newline at end of file
diff --git a/man/man8/cyphesis_selinux.8 b/man/man8/cyphesis_selinux.8
new file mode 100644
-index 0000000..cd1450d
+index 0000000..25cbcca
--- /dev/null
+++ b/man/man8/cyphesis_selinux.8
-@@ -0,0 +1,121 @@
+@@ -0,0 +1,127 @@
+.TH "cyphesis_selinux" "8" "cyphesis" "dwalsh at redhat.com" "cyphesis SELinux Policy documentation"
+.SH "NAME"
+cyphesis_selinux \- Security Enhanced Linux Policy for the cyphesis processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cyphesis processes via flexible mandatory access
++
++SELinux Linux secures
++.B cyphesis
++(Cyphesis WorldForge game server)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -9400,7 +9797,7 @@ index 0000000..cd1450d
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -9444,7 +9841,7 @@ index 0000000..cd1450d
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -9455,7 +9852,7 @@ index 0000000..cd1450d
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -9471,18 +9868,24 @@ index 0000000..cd1450d
+selinux(8), cyphesis(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/cyrus_selinux.8 b/man/man8/cyrus_selinux.8
new file mode 100644
-index 0000000..99c3aa8
+index 0000000..d9b68c2
--- /dev/null
+++ b/man/man8/cyrus_selinux.8
-@@ -0,0 +1,119 @@
+@@ -0,0 +1,125 @@
+.TH "cyrus_selinux" "8" "cyrus" "dwalsh at redhat.com" "cyrus SELinux Policy documentation"
+.SH "NAME"
+cyrus_selinux \- Security Enhanced Linux Policy for the cyrus processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the cyrus processes via flexible mandatory access
++
++SELinux Linux secures
++.B cyrus
++(Cyrus is an IMAP service intended to be run on sealed servers)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -9551,7 +9954,7 @@ index 0000000..99c3aa8
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -9572,7 +9975,7 @@ index 0000000..99c3aa8
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -9583,7 +9986,7 @@ index 0000000..99c3aa8
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -9594,9 +9997,80 @@ index 0000000..99c3aa8
+
+.SH "SEE ALSO"
+selinux(8), cyrus(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/dbadm_selinux.8 b/man/man8/dbadm_selinux.8
+new file mode 100644
+index 0000000..4bbec80
+--- /dev/null
++++ b/man/man8/dbadm_selinux.8
+@@ -0,0 +1,65 @@
++.TH "dbadm_selinux" "8" "dbadm" "mgrepl at redhat.com" "dbadm SELinux Policy documentation"
++.SH "NAME"
++dbadm_r \- \fBDatabase administrator role\fP - Security Enhanced Linux Policy
++
++.SH DESCRIPTION
++
++SELinux supports Roles Based Access Control, some Linux roles are login roles, while other roles need to be transition to.
++
++Note: The examples in the man page will user the staff_u user.
++
++Non login roles are usually used for administrative tasks.
++
++Roles usually have default types assigned to them.
++
++The default type for the dbadm_r role is dbadm_t.
++
++You can use the
++.B newrole
++program to transition directly to this role.
++
++.B newrole -r dbadm_r -t dbadm_t
++
++.B sudo
++can also be setup to transition to this role using the visudo command.
++
++USERNAME ALL=(ALL) ROLE=dbadm_r TYPE=dbadm_t COMMAND
++.br
++sudo will run COMMAND as staff_u:dbadm_r:dbadm_t:LEVEL
++
++If you want to use a non login role, you need to make sure the SELinux user you are using can reach this role.
++
++You can see all of the assigned SELinux roles using the following
++
++.B semanage user -l
++
++If you wanted to add dbadm_r to the staff_u user, you would execute:
++
++.B $ semanage user -m -R 'staff_r dbadm_r' staff_u
++
++
++
++SELinux policy also controls which roles can transition to a different role.
++You can list these rules using the following command.
++
++.B sesearch --role_allow
++
++SELinux policy allows the staff_r role can transition to the dbadm_r role.
++
++
++.SH "COMMANDS"
++
++.B semanage login
++can also be used to manipulate the Linux User to SELinux User mappings
++
++.B semanage user
++can also be used to manipulate SELinux user definitions.
++
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was autogenerated by genuserman.py.
++
++.SH "SEE ALSO"
++selinux(8), semanage(8).
diff --git a/man/man8/dbskkd_selinux.8 b/man/man8/dbskkd_selinux.8
new file mode 100644
-index 0000000..68af698
+index 0000000..224a13a
--- /dev/null
+++ b/man/man8/dbskkd_selinux.8
@@ -0,0 +1,113 @@
@@ -9605,8 +10079,8 @@ index 0000000..68af698
+dbskkd_selinux \- Security Enhanced Linux Policy for the dbskkd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dbskkd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -9644,7 +10118,7 @@ index 0000000..68af698
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -9688,7 +10162,7 @@ index 0000000..68af698
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -9699,7 +10173,7 @@ index 0000000..68af698
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -9715,18 +10189,24 @@ index 0000000..68af698
+selinux(8), dbskkd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/dcc_selinux.8 b/man/man8/dcc_selinux.8
new file mode 100644
-index 0000000..fcfbcb6
+index 0000000..d3c13b4
--- /dev/null
+++ b/man/man8/dcc_selinux.8
-@@ -0,0 +1,240 @@
+@@ -0,0 +1,246 @@
+.TH "dcc_selinux" "8" "dcc" "dwalsh at redhat.com" "dcc SELinux Policy documentation"
+.SH "NAME"
+dcc_selinux \- Security Enhanced Linux Policy for the dcc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dcc processes via flexible mandatory access
++
++SELinux Linux secures
++.B dcc
++(Distributed checksum clearinghouse spam filtering)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -9879,7 +10359,7 @@ index 0000000..fcfbcb6
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -9934,7 +10414,7 @@ index 0000000..fcfbcb6
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -9945,7 +10425,7 @@ index 0000000..fcfbcb6
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -9961,7 +10441,7 @@ index 0000000..fcfbcb6
+selinux(8), dcc(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/dccd_selinux.8 b/man/man8/dccd_selinux.8
new file mode 100644
-index 0000000..1df477a
+index 0000000..88fd801
--- /dev/null
+++ b/man/man8/dccd_selinux.8
@@ -0,0 +1,124 @@
@@ -9970,8 +10450,8 @@ index 0000000..1df477a
+dccd_selinux \- Security Enhanced Linux Policy for the dccd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dccd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -10009,7 +10489,7 @@ index 0000000..1df477a
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -10064,7 +10544,7 @@ index 0000000..1df477a
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -10075,7 +10555,7 @@ index 0000000..1df477a
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -10091,7 +10571,7 @@ index 0000000..1df477a
+selinux(8), dccd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/dccifd_selinux.8 b/man/man8/dccifd_selinux.8
new file mode 100644
-index 0000000..e1abdd2
+index 0000000..c80e92b
--- /dev/null
+++ b/man/man8/dccifd_selinux.8
@@ -0,0 +1,91 @@
@@ -10100,8 +10580,8 @@ index 0000000..e1abdd2
+dccifd_selinux \- Security Enhanced Linux Policy for the dccifd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dccifd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -10143,7 +10623,7 @@ index 0000000..e1abdd2
+/etc/dcc/dccifd, /var/run/dcc/dccifd
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -10164,7 +10644,7 @@ index 0000000..e1abdd2
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -10175,7 +10655,7 @@ index 0000000..e1abdd2
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -10188,7 +10668,7 @@ index 0000000..e1abdd2
+selinux(8), dccifd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/dccm_selinux.8 b/man/man8/dccm_selinux.8
new file mode 100644
-index 0000000..41c0206
+index 0000000..a9a2caa
--- /dev/null
+++ b/man/man8/dccm_selinux.8
@@ -0,0 +1,113 @@
@@ -10197,8 +10677,8 @@ index 0000000..41c0206
+dccm_selinux \- Security Enhanced Linux Policy for the dccm processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dccm processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -10236,7 +10716,7 @@ index 0000000..41c0206
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -10280,7 +10760,7 @@ index 0000000..41c0206
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -10291,7 +10771,7 @@ index 0000000..41c0206
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -10307,7 +10787,7 @@ index 0000000..41c0206
+selinux(8), dccm(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/dcerpcd_selinux.8 b/man/man8/dcerpcd_selinux.8
new file mode 100644
-index 0000000..b8aec60
+index 0000000..7e28fe1
--- /dev/null
+++ b/man/man8/dcerpcd_selinux.8
@@ -0,0 +1,95 @@
@@ -10316,8 +10796,8 @@ index 0000000..b8aec60
+dcerpcd_selinux \- Security Enhanced Linux Policy for the dcerpcd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dcerpcd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -10363,7 +10843,7 @@ index 0000000..b8aec60
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -10384,7 +10864,7 @@ index 0000000..b8aec60
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -10395,7 +10875,7 @@ index 0000000..b8aec60
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -10408,18 +10888,24 @@ index 0000000..b8aec60
+selinux(8), dcerpcd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ddclient_selinux.8 b/man/man8/ddclient_selinux.8
new file mode 100644
-index 0000000..6fcda2e
+index 0000000..13df14d
--- /dev/null
+++ b/man/man8/ddclient_selinux.8
-@@ -0,0 +1,139 @@
+@@ -0,0 +1,145 @@
+.TH "ddclient_selinux" "8" "ddclient" "dwalsh at redhat.com" "ddclient SELinux Policy documentation"
+.SH "NAME"
+ddclient_selinux \- Security Enhanced Linux Policy for the ddclient processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ddclient processes via flexible mandatory access
++
++SELinux Linux secures
++.B ddclient
++(Update dynamic IP address at DynDNS.org)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -10508,7 +10994,7 @@ index 0000000..6fcda2e
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -10529,7 +11015,7 @@ index 0000000..6fcda2e
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -10540,7 +11026,7 @@ index 0000000..6fcda2e
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -10553,7 +11039,7 @@ index 0000000..6fcda2e
+selinux(8), ddclient(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/deltacloudd_selinux.8 b/man/man8/deltacloudd_selinux.8
new file mode 100644
-index 0000000..b9a2e34
+index 0000000..7d2381f
--- /dev/null
+++ b/man/man8/deltacloudd_selinux.8
@@ -0,0 +1,95 @@
@@ -10562,8 +11048,8 @@ index 0000000..b9a2e34
+deltacloudd_selinux \- Security Enhanced Linux Policy for the deltacloudd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the deltacloudd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -10609,7 +11095,7 @@ index 0000000..b9a2e34
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -10630,7 +11116,7 @@ index 0000000..b9a2e34
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -10641,7 +11127,7 @@ index 0000000..b9a2e34
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -10654,18 +11140,24 @@ index 0000000..b9a2e34
+selinux(8), deltacloudd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/denyhosts_selinux.8 b/man/man8/denyhosts_selinux.8
new file mode 100644
-index 0000000..ffef242
+index 0000000..ff32a2b
--- /dev/null
+++ b/man/man8/denyhosts_selinux.8
-@@ -0,0 +1,103 @@
+@@ -0,0 +1,109 @@
+.TH "denyhosts_selinux" "8" "denyhosts" "dwalsh at redhat.com" "denyhosts SELinux Policy documentation"
+.SH "NAME"
+denyhosts_selinux \- Security Enhanced Linux Policy for the denyhosts processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the denyhosts processes via flexible mandatory access
++
++SELinux Linux secures
++.B denyhosts
++(DenyHosts SSH dictionary attack mitigation)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -10718,7 +11210,7 @@ index 0000000..ffef242
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -10739,7 +11231,7 @@ index 0000000..ffef242
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -10750,7 +11242,7 @@ index 0000000..ffef242
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -10763,7 +11255,7 @@ index 0000000..ffef242
+selinux(8), denyhosts(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/depmod_selinux.8 b/man/man8/depmod_selinux.8
new file mode 100644
-index 0000000..bbc580a
+index 0000000..b5dcbff
--- /dev/null
+++ b/man/man8/depmod_selinux.8
@@ -0,0 +1,75 @@
@@ -10772,8 +11264,8 @@ index 0000000..bbc580a
+depmod_selinux \- Security Enhanced Linux Policy for the depmod processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the depmod processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -10799,7 +11291,7 @@ index 0000000..bbc580a
+/sbin/depmod.*, /usr/sbin/depmod.*
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -10820,7 +11312,7 @@ index 0000000..bbc580a
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -10831,7 +11323,7 @@ index 0000000..bbc580a
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -10844,18 +11336,24 @@ index 0000000..bbc580a
+selinux(8), depmod(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/devicekit_selinux.8 b/man/man8/devicekit_selinux.8
new file mode 100644
-index 0000000..c74c260
+index 0000000..fbd38fb
--- /dev/null
+++ b/man/man8/devicekit_selinux.8
-@@ -0,0 +1,139 @@
+@@ -0,0 +1,145 @@
+.TH "devicekit_selinux" "8" "devicekit" "dwalsh at redhat.com" "devicekit SELinux Policy documentation"
+.SH "NAME"
+devicekit_selinux \- Security Enhanced Linux Policy for the devicekit processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the devicekit processes via flexible mandatory access
++
++SELinux Linux secures
++.B devicekit
++(Devicekit modular hardware abstraction layer)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -10944,7 +11442,7 @@ index 0000000..c74c260
+/var/run/upower(/.*)?, /var/run/udisks.*, /var/run/devkit(/.*)?, /var/run/DeviceKit-disks(/.*)?, /var/run/pm-utils(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -10965,7 +11463,7 @@ index 0000000..c74c260
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -10976,7 +11474,7 @@ index 0000000..c74c260
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -10989,7 +11487,7 @@ index 0000000..c74c260
+selinux(8), devicekit(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/dhcpc_selinux.8 b/man/man8/dhcpc_selinux.8
new file mode 100644
-index 0000000..ee40a96
+index 0000000..b805e27
--- /dev/null
+++ b/man/man8/dhcpc_selinux.8
@@ -0,0 +1,152 @@
@@ -10998,8 +11496,8 @@ index 0000000..ee40a96
+dhcpc_selinux \- Security Enhanced Linux Policy for the dhcpc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dhcpc processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. dhcpc policy is extremely flexible and has several booleans that allow you to manipulate the policy and run dhcpc with the tightest access possible.
@@ -11072,7 +11570,7 @@ index 0000000..ee40a96
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -11116,7 +11614,7 @@ index 0000000..ee40a96
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -11127,7 +11625,7 @@ index 0000000..ee40a96
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -11148,7 +11646,7 @@ index 0000000..ee40a96
\ No newline at end of file
diff --git a/man/man8/dhcpd_selinux.8 b/man/man8/dhcpd_selinux.8
new file mode 100644
-index 0000000..40c16dd
+index 0000000..8360f95
--- /dev/null
+++ b/man/man8/dhcpd_selinux.8
@@ -0,0 +1,171 @@
@@ -11157,8 +11655,8 @@ index 0000000..40c16dd
+dhcpd_selinux \- Security Enhanced Linux Policy for the dhcpd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dhcpd processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. dhcpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run dhcpd with the tightest access possible.
@@ -11239,7 +11737,7 @@ index 0000000..40c16dd
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -11294,7 +11792,7 @@ index 0000000..40c16dd
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -11305,7 +11803,7 @@ index 0000000..40c16dd
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -11326,18 +11824,24 @@ index 0000000..40c16dd
\ No newline at end of file
diff --git a/man/man8/dictd_selinux.8 b/man/man8/dictd_selinux.8
new file mode 100644
-index 0000000..4757d13
+index 0000000..53e911a
--- /dev/null
+++ b/man/man8/dictd_selinux.8
-@@ -0,0 +1,129 @@
+@@ -0,0 +1,135 @@
+.TH "dictd_selinux" "8" "dictd" "dwalsh at redhat.com" "dictd SELinux Policy documentation"
+.SH "NAME"
+dictd_selinux \- Security Enhanced Linux Policy for the dictd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dictd processes via flexible mandatory access
++
++SELinux Linux secures
++.B dictd
++(Dictionary daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -11390,7 +11894,7 @@ index 0000000..4757d13
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -11434,7 +11938,7 @@ index 0000000..4757d13
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -11445,7 +11949,7 @@ index 0000000..4757d13
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -11461,18 +11965,24 @@ index 0000000..4757d13
+selinux(8), dictd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/dirsrv_selinux.8 b/man/man8/dirsrv_selinux.8
new file mode 100644
-index 0000000..478cdc5
+index 0000000..7c06f47
--- /dev/null
+++ b/man/man8/dirsrv_selinux.8
-@@ -0,0 +1,211 @@
+@@ -0,0 +1,217 @@
+.TH "dirsrv_selinux" "8" "dirsrv" "dwalsh at redhat.com" "dirsrv SELinux Policy documentation"
+.SH "NAME"
+dirsrv_selinux \- Security Enhanced Linux Policy for the dirsrv processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dirsrv processes via flexible mandatory access
++
++SELinux Linux secures
++.B dirsrv
++(policy for dirsrv)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -11633,7 +12143,7 @@ index 0000000..478cdc5
+/usr/lib/dirsrv/cgi-bin/ds_remove, /usr/lib/dirsrv/cgi-bin/ds_create
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -11654,7 +12164,7 @@ index 0000000..478cdc5
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -11665,7 +12175,7 @@ index 0000000..478cdc5
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -11678,7 +12188,7 @@ index 0000000..478cdc5
+selinux(8), dirsrv(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/dirsrvadmin_selinux.8 b/man/man8/dirsrvadmin_selinux.8
new file mode 100644
-index 0000000..de1c2f1
+index 0000000..f314f5a
--- /dev/null
+++ b/man/man8/dirsrvadmin_selinux.8
@@ -0,0 +1,115 @@
@@ -11687,8 +12197,8 @@ index 0000000..de1c2f1
+dirsrvadmin_selinux \- Security Enhanced Linux Policy for the dirsrvadmin processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dirsrvadmin processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -11754,7 +12264,7 @@ index 0000000..de1c2f1
+/usr/lib/dirsrv/cgi-bin/ds_remove, /usr/lib/dirsrv/cgi-bin/ds_create
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -11775,7 +12285,7 @@ index 0000000..de1c2f1
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -11786,7 +12296,7 @@ index 0000000..de1c2f1
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -11799,7 +12309,7 @@ index 0000000..de1c2f1
+selinux(8), dirsrvadmin(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/disk_selinux.8 b/man/man8/disk_selinux.8
new file mode 100644
-index 0000000..e5d5383
+index 0000000..240e4ca
--- /dev/null
+++ b/man/man8/disk_selinux.8
@@ -0,0 +1,83 @@
@@ -11808,8 +12318,8 @@ index 0000000..e5d5383
+disk_selinux \- Security Enhanced Linux Policy for the disk processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the disk processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -11843,7 +12353,7 @@ index 0000000..e5d5383
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -11864,7 +12374,7 @@ index 0000000..e5d5383
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -11875,7 +12385,7 @@ index 0000000..e5d5383
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -11888,18 +12398,24 @@ index 0000000..e5d5383
+selinux(8), disk(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/dkim_selinux.8 b/man/man8/dkim_selinux.8
new file mode 100644
-index 0000000..e459eeb
+index 0000000..ff5f6d1
--- /dev/null
+++ b/man/man8/dkim_selinux.8
-@@ -0,0 +1,91 @@
+@@ -0,0 +1,97 @@
+.TH "dkim_selinux" "8" "dkim" "dwalsh at redhat.com" "dkim SELinux Policy documentation"
+.SH "NAME"
+dkim_selinux \- Security Enhanced Linux Policy for the dkim processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dkim processes via flexible mandatory access
++
++SELinux Linux secures
++.B dkim
++(DomainKeys Identified Mail milter)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -11940,7 +12456,7 @@ index 0000000..e459eeb
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -11961,7 +12477,7 @@ index 0000000..e459eeb
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -11972,7 +12488,7 @@ index 0000000..e459eeb
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -11985,7 +12501,7 @@ index 0000000..e459eeb
+selinux(8), dkim(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/dlm_selinux.8 b/man/man8/dlm_selinux.8
new file mode 100644
-index 0000000..010c321
+index 0000000..d1bdbac
--- /dev/null
+++ b/man/man8/dlm_selinux.8
@@ -0,0 +1,95 @@
@@ -11994,8 +12510,8 @@ index 0000000..010c321
+dlm_selinux \- Security Enhanced Linux Policy for the dlm processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dlm processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -12041,7 +12557,7 @@ index 0000000..010c321
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -12062,7 +12578,7 @@ index 0000000..010c321
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -12073,7 +12589,7 @@ index 0000000..010c321
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -12086,18 +12602,24 @@ index 0000000..010c321
+selinux(8), dlm(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/dmesg_selinux.8 b/man/man8/dmesg_selinux.8
new file mode 100644
-index 0000000..50f7819
+index 0000000..7ba27b0
--- /dev/null
+++ b/man/man8/dmesg_selinux.8
-@@ -0,0 +1,90 @@
+@@ -0,0 +1,96 @@
+.TH "dmesg_selinux" "8" "dmesg" "dwalsh at redhat.com" "dmesg SELinux Policy documentation"
+.SH "NAME"
+dmesg_selinux \- Security Enhanced Linux Policy for the dmesg processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dmesg processes via flexible mandatory access
++
++SELinux Linux secures
++.B dmesg
++(Policy for dmesg)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. dmesg policy is extremely flexible and has several booleans that allow you to manipulate the policy and run dmesg with the tightest access possible.
+
@@ -12133,7 +12655,7 @@ index 0000000..50f7819
+/usr/bin/dmesg, /bin/dmesg
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -12154,7 +12676,7 @@ index 0000000..50f7819
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -12165,7 +12687,7 @@ index 0000000..50f7819
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -12183,18 +12705,24 @@ index 0000000..50f7819
\ No newline at end of file
diff --git a/man/man8/dmidecode_selinux.8 b/man/man8/dmidecode_selinux.8
new file mode 100644
-index 0000000..b40b5c4
+index 0000000..d2c6acf
--- /dev/null
+++ b/man/man8/dmidecode_selinux.8
-@@ -0,0 +1,75 @@
+@@ -0,0 +1,81 @@
+.TH "dmidecode_selinux" "8" "dmidecode" "dwalsh at redhat.com" "dmidecode SELinux Policy documentation"
+.SH "NAME"
+dmidecode_selinux \- Security Enhanced Linux Policy for the dmidecode processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dmidecode processes via flexible mandatory access
++
++SELinux Linux secures
++.B dmidecode
++(Decode DMI data for x86/ia64 bioses)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -12219,7 +12747,7 @@ index 0000000..b40b5c4
+/usr/sbin/ownership, /usr/sbin/dmidecode, /usr/sbin/vpddecode
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -12240,7 +12768,7 @@ index 0000000..b40b5c4
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -12251,7 +12779,7 @@ index 0000000..b40b5c4
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -12264,18 +12792,24 @@ index 0000000..b40b5c4
+selinux(8), dmidecode(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/dnsmasq_selinux.8 b/man/man8/dnsmasq_selinux.8
new file mode 100644
-index 0000000..e523ad2
+index 0000000..2913852
--- /dev/null
+++ b/man/man8/dnsmasq_selinux.8
-@@ -0,0 +1,131 @@
+@@ -0,0 +1,137 @@
+.TH "dnsmasq_selinux" "8" "dnsmasq" "dwalsh at redhat.com" "dnsmasq SELinux Policy documentation"
+.SH "NAME"
+dnsmasq_selinux \- Security Enhanced Linux Policy for the dnsmasq processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dnsmasq processes via flexible mandatory access
++
++SELinux Linux secures
++.B dnsmasq
++(dnsmasq DNS forwarder and DHCP server)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -12356,7 +12890,7 @@ index 0000000..e523ad2
+/var/run/dnsmasq\.pid, /var/run/libvirt/network(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -12377,7 +12911,7 @@ index 0000000..e523ad2
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -12388,7 +12922,7 @@ index 0000000..e523ad2
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -12401,18 +12935,24 @@ index 0000000..e523ad2
+selinux(8), dnsmasq(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/dnssec_selinux.8 b/man/man8/dnssec_selinux.8
new file mode 100644
-index 0000000..1d079a9
+index 0000000..c8a6a53
--- /dev/null
+++ b/man/man8/dnssec_selinux.8
-@@ -0,0 +1,117 @@
+@@ -0,0 +1,123 @@
+.TH "dnssec_selinux" "8" "dnssec" "dwalsh at redhat.com" "dnssec SELinux Policy documentation"
+.SH "NAME"
+dnssec_selinux \- Security Enhanced Linux Policy for the dnssec processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dnssec processes via flexible mandatory access
++
++SELinux Linux secures
++.B dnssec
++(policy for dnssec_trigger)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -12453,7 +12993,7 @@ index 0000000..1d079a9
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -12497,7 +13037,7 @@ index 0000000..1d079a9
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -12508,7 +13048,7 @@ index 0000000..1d079a9
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -12524,18 +13064,24 @@ index 0000000..1d079a9
+selinux(8), dnssec(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/dovecot_selinux.8 b/man/man8/dovecot_selinux.8
new file mode 100644
-index 0000000..cced024
+index 0000000..9dccfb5
--- /dev/null
+++ b/man/man8/dovecot_selinux.8
-@@ -0,0 +1,207 @@
+@@ -0,0 +1,213 @@
+.TH "dovecot_selinux" "8" "dovecot" "dwalsh at redhat.com" "dovecot SELinux Policy documentation"
+.SH "NAME"
+dovecot_selinux \- Security Enhanced Linux Policy for the dovecot processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dovecot processes via flexible mandatory access
++
++SELinux Linux secures
++.B dovecot
++(Dovecot POP and IMAP mail server)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -12692,7 +13238,7 @@ index 0000000..cced024
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -12713,7 +13259,7 @@ index 0000000..cced024
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -12724,7 +13270,7 @@ index 0000000..cced024
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -12737,18 +13283,24 @@ index 0000000..cced024
+selinux(8), dovecot(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/drbd_selinux.8 b/man/man8/drbd_selinux.8
new file mode 100644
-index 0000000..a2744fc
+index 0000000..9cd65f4
--- /dev/null
+++ b/man/man8/drbd_selinux.8
-@@ -0,0 +1,91 @@
+@@ -0,0 +1,97 @@
+.TH "drbd_selinux" "8" "drbd" "dwalsh at redhat.com" "drbd SELinux Policy documentation"
+.SH "NAME"
+drbd_selinux \- Security Enhanced Linux Policy for the drbd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the drbd processes via flexible mandatory access
++
++SELinux Linux secures
++.B drbd
++(policy for drbd)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -12789,7 +13341,7 @@ index 0000000..a2744fc
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -12810,7 +13362,7 @@ index 0000000..a2744fc
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -12821,7 +13373,7 @@ index 0000000..a2744fc
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -12834,18 +13386,24 @@ index 0000000..a2744fc
+selinux(8), drbd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/dspam_selinux.8 b/man/man8/dspam_selinux.8
new file mode 100644
-index 0000000..6b6fd41
+index 0000000..fba374b
--- /dev/null
+++ b/man/man8/dspam_selinux.8
-@@ -0,0 +1,111 @@
+@@ -0,0 +1,117 @@
+.TH "dspam_selinux" "8" "dspam" "dwalsh at redhat.com" "dspam SELinux Policy documentation"
+.SH "NAME"
+dspam_selinux \- Security Enhanced Linux Policy for the dspam processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the dspam processes via flexible mandatory access
++
++SELinux Linux secures
++.B dspam
++(policy for dspam)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -12906,7 +13464,7 @@ index 0000000..6b6fd41
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -12927,7 +13485,7 @@ index 0000000..6b6fd41
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -12938,7 +13496,7 @@ index 0000000..6b6fd41
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -12951,18 +13509,24 @@ index 0000000..6b6fd41
+selinux(8), dspam(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/entropyd_selinux.8 b/man/man8/entropyd_selinux.8
new file mode 100644
-index 0000000..419a6be
+index 0000000..907170c
--- /dev/null
+++ b/man/man8/entropyd_selinux.8
-@@ -0,0 +1,102 @@
+@@ -0,0 +1,108 @@
+.TH "entropyd_selinux" "8" "entropyd" "dwalsh at redhat.com" "entropyd SELinux Policy documentation"
+.SH "NAME"
+entropyd_selinux \- Security Enhanced Linux Policy for the entropyd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the entropyd processes via flexible mandatory access
++
++SELinux Linux secures
++.B entropyd
++(Generate entropy from audio input)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. entropyd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run entropyd with the tightest access possible.
+
@@ -13010,7 +13574,7 @@ index 0000000..419a6be
+/var/run/audio-entropyd\.pid, /var/run/haveged\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -13031,7 +13595,7 @@ index 0000000..419a6be
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -13042,7 +13606,7 @@ index 0000000..419a6be
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -13060,7 +13624,7 @@ index 0000000..419a6be
\ No newline at end of file
diff --git a/man/man8/eventlogd_selinux.8 b/man/man8/eventlogd_selinux.8
new file mode 100644
-index 0000000..43deee9
+index 0000000..01e8f18
--- /dev/null
+++ b/man/man8/eventlogd_selinux.8
@@ -0,0 +1,95 @@
@@ -13069,8 +13633,8 @@ index 0000000..43deee9
+eventlogd_selinux \- Security Enhanced Linux Policy for the eventlogd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the eventlogd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -13116,7 +13680,7 @@ index 0000000..43deee9
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -13137,7 +13701,7 @@ index 0000000..43deee9
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -13148,7 +13712,7 @@ index 0000000..43deee9
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -13161,7 +13725,7 @@ index 0000000..43deee9
+selinux(8), eventlogd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/evtchnd_selinux.8 b/man/man8/evtchnd_selinux.8
new file mode 100644
-index 0000000..3e5d5f3
+index 0000000..fc58144
--- /dev/null
+++ b/man/man8/evtchnd_selinux.8
@@ -0,0 +1,91 @@
@@ -13170,8 +13734,8 @@ index 0000000..3e5d5f3
+evtchnd_selinux \- Security Enhanced Linux Policy for the evtchnd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the evtchnd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -13213,7 +13777,7 @@ index 0000000..3e5d5f3
+/var/run/evtchnd, /var/run/evtchnd\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -13234,7 +13798,7 @@ index 0000000..3e5d5f3
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -13245,7 +13809,7 @@ index 0000000..3e5d5f3
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -13258,18 +13822,24 @@ index 0000000..3e5d5f3
+selinux(8), evtchnd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/exim_selinux.8 b/man/man8/exim_selinux.8
new file mode 100644
-index 0000000..bb091f8
+index 0000000..3126a72
--- /dev/null
+++ b/man/man8/exim_selinux.8
-@@ -0,0 +1,152 @@
+@@ -0,0 +1,158 @@
+.TH "exim_selinux" "8" "exim" "dwalsh at redhat.com" "exim SELinux Policy documentation"
+.SH "NAME"
+exim_selinux \- Security Enhanced Linux Policy for the exim processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the exim processes via flexible mandatory access
++
++SELinux Linux secures
++.B exim
++(Exim mail transfer agent)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. exim policy is extremely flexible and has several booleans that allow you to manipulate the policy and run exim with the tightest access possible.
+
@@ -13367,7 +13937,7 @@ index 0000000..bb091f8
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -13388,7 +13958,7 @@ index 0000000..bb091f8
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -13399,7 +13969,7 @@ index 0000000..bb091f8
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -13417,18 +13987,24 @@ index 0000000..bb091f8
\ No newline at end of file
diff --git a/man/man8/fail2ban_selinux.8 b/man/man8/fail2ban_selinux.8
new file mode 100644
-index 0000000..86a2df3
+index 0000000..8084e6e
--- /dev/null
+++ b/man/man8/fail2ban_selinux.8
-@@ -0,0 +1,123 @@
+@@ -0,0 +1,129 @@
+.TH "fail2ban_selinux" "8" "fail2ban" "dwalsh at redhat.com" "fail2ban SELinux Policy documentation"
+.SH "NAME"
+fail2ban_selinux \- Security Enhanced Linux Policy for the fail2ban processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the fail2ban processes via flexible mandatory access
++
++SELinux Linux secures
++.B fail2ban
++(Update firewall filtering to ban IP addresses with too many password failures)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -13501,7 +14077,7 @@ index 0000000..86a2df3
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -13522,7 +14098,7 @@ index 0000000..86a2df3
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -13533,7 +14109,7 @@ index 0000000..86a2df3
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -13546,18 +14122,24 @@ index 0000000..86a2df3
+selinux(8), fail2ban(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/fcoemon_selinux.8 b/man/man8/fcoemon_selinux.8
new file mode 100644
-index 0000000..db55a67
+index 0000000..7f07e27
--- /dev/null
+++ b/man/man8/fcoemon_selinux.8
-@@ -0,0 +1,83 @@
+@@ -0,0 +1,89 @@
+.TH "fcoemon_selinux" "8" "fcoemon" "dwalsh at redhat.com" "fcoemon SELinux Policy documentation"
+.SH "NAME"
+fcoemon_selinux \- Security Enhanced Linux Policy for the fcoemon processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the fcoemon processes via flexible mandatory access
++
++SELinux Linux secures
++.B fcoemon
++(policy for fcoemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -13590,7 +14172,7 @@ index 0000000..db55a67
+/var/run/fcm(/.*)?, /var/run/fcoemon\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -13611,7 +14193,7 @@ index 0000000..db55a67
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -13622,7 +14204,7 @@ index 0000000..db55a67
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -13635,7 +14217,7 @@ index 0000000..db55a67
+selinux(8), fcoemon(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/fenced_selinux.8 b/man/man8/fenced_selinux.8
new file mode 100644
-index 0000000..c9b8fe3
+index 0000000..8a95cd7
--- /dev/null
+++ b/man/man8/fenced_selinux.8
@@ -0,0 +1,141 @@
@@ -13644,8 +14226,8 @@ index 0000000..c9b8fe3
+fenced_selinux \- Security Enhanced Linux Policy for the fenced processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the fenced processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. fenced policy is extremely flexible and has several booleans that allow you to manipulate the policy and run fenced with the tightest access possible.
@@ -13733,7 +14315,7 @@ index 0000000..c9b8fe3
+/var/run/cluster/fenced_override, /var/run/cluster/fence_scsi.*, /var/run/fenced\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -13754,7 +14336,7 @@ index 0000000..c9b8fe3
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -13765,7 +14347,7 @@ index 0000000..c9b8fe3
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -13783,18 +14365,24 @@ index 0000000..c9b8fe3
\ No newline at end of file
diff --git a/man/man8/fetchmail_selinux.8 b/man/man8/fetchmail_selinux.8
new file mode 100644
-index 0000000..fe83b20
+index 0000000..65f9aa3
--- /dev/null
+++ b/man/man8/fetchmail_selinux.8
-@@ -0,0 +1,103 @@
+@@ -0,0 +1,109 @@
+.TH "fetchmail_selinux" "8" "fetchmail" "dwalsh at redhat.com" "fetchmail SELinux Policy documentation"
+.SH "NAME"
+fetchmail_selinux \- Security Enhanced Linux Policy for the fetchmail processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the fetchmail processes via flexible mandatory access
++
++SELinux Linux secures
++.B fetchmail
++(Remote-mail retrieval and forwarding utility)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -13847,7 +14435,7 @@ index 0000000..fe83b20
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -13868,7 +14456,7 @@ index 0000000..fe83b20
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -13879,7 +14467,7 @@ index 0000000..fe83b20
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -13892,7 +14480,7 @@ index 0000000..fe83b20
+selinux(8), fetchmail(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/fingerd_selinux.8 b/man/man8/fingerd_selinux.8
new file mode 100644
-index 0000000..3b9906e
+index 0000000..b1c9f85
--- /dev/null
+++ b/man/man8/fingerd_selinux.8
@@ -0,0 +1,125 @@
@@ -13901,8 +14489,8 @@ index 0000000..3b9906e
+fingerd_selinux \- Security Enhanced Linux Policy for the fingerd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the fingerd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -13952,7 +14540,7 @@ index 0000000..3b9906e
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -13996,7 +14584,7 @@ index 0000000..3b9906e
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -14007,7 +14595,7 @@ index 0000000..3b9906e
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -14023,18 +14611,24 @@ index 0000000..3b9906e
+selinux(8), fingerd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/firewalld_selinux.8 b/man/man8/firewalld_selinux.8
new file mode 100644
-index 0000000..2cc5aaa
+index 0000000..3988c9e
--- /dev/null
+++ b/man/man8/firewalld_selinux.8
-@@ -0,0 +1,99 @@
+@@ -0,0 +1,105 @@
+.TH "firewalld_selinux" "8" "firewalld" "dwalsh at redhat.com" "firewalld SELinux Policy documentation"
+.SH "NAME"
+firewalld_selinux \- Security Enhanced Linux Policy for the firewalld processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the firewalld processes via flexible mandatory access
++
++SELinux Linux secures
++.B firewalld
++(policy for firewalld)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -14083,7 +14677,7 @@ index 0000000..2cc5aaa
+/var/run/firewalld(/.*)?, /var/run/firewalld\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -14104,7 +14698,7 @@ index 0000000..2cc5aaa
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -14115,7 +14709,7 @@ index 0000000..2cc5aaa
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -14128,18 +14722,24 @@ index 0000000..2cc5aaa
+selinux(8), firewalld(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/firewallgui_selinux.8 b/man/man8/firewallgui_selinux.8
new file mode 100644
-index 0000000..02aeaf5
+index 0000000..6fd604e
--- /dev/null
+++ b/man/man8/firewallgui_selinux.8
-@@ -0,0 +1,79 @@
+@@ -0,0 +1,85 @@
+.TH "firewallgui_selinux" "8" "firewallgui" "dwalsh at redhat.com" "firewallgui SELinux Policy documentation"
+.SH "NAME"
+firewallgui_selinux \- Security Enhanced Linux Policy for the firewallgui processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the firewallgui processes via flexible mandatory access
++
++SELinux Linux secures
++.B firewallgui
++(policy for firewallgui)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -14168,7 +14768,7 @@ index 0000000..02aeaf5
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -14189,7 +14789,7 @@ index 0000000..02aeaf5
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -14200,7 +14800,7 @@ index 0000000..02aeaf5
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -14213,18 +14813,27 @@ index 0000000..02aeaf5
+selinux(8), firewallgui(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/firstboot_selinux.8 b/man/man8/firstboot_selinux.8
new file mode 100644
-index 0000000..b016058
+index 0000000..b1bbe5c
--- /dev/null
+++ b/man/man8/firstboot_selinux.8
-@@ -0,0 +1,91 @@
+@@ -0,0 +1,100 @@
+.TH "firstboot_selinux" "8" "firstboot" "dwalsh at redhat.com" "firstboot SELinux Policy documentation"
+.SH "NAME"
+firstboot_selinux \- Security Enhanced Linux Policy for the firstboot processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the firstboot processes via flexible mandatory access
++
++SELinux Linux secures
++.B firstboot
++(
++Final system configuration run during the first boot
++after installation of Red Hat/Fedora systems.
++)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -14265,7 +14874,7 @@ index 0000000..b016058
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -14286,7 +14895,7 @@ index 0000000..b016058
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -14297,7 +14906,7 @@ index 0000000..b016058
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -14310,7 +14919,7 @@ index 0000000..b016058
+selinux(8), firstboot(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/foghorn_selinux.8 b/man/man8/foghorn_selinux.8
new file mode 100644
-index 0000000..602a0a5
+index 0000000..828ba62
--- /dev/null
+++ b/man/man8/foghorn_selinux.8
@@ -0,0 +1,95 @@
@@ -14319,8 +14928,8 @@ index 0000000..602a0a5
+foghorn_selinux \- Security Enhanced Linux Policy for the foghorn processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the foghorn processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -14366,7 +14975,7 @@ index 0000000..602a0a5
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -14387,7 +14996,7 @@ index 0000000..602a0a5
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -14398,7 +15007,7 @@ index 0000000..602a0a5
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -14411,18 +15020,24 @@ index 0000000..602a0a5
+selinux(8), foghorn(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/fprintd_selinux.8 b/man/man8/fprintd_selinux.8
new file mode 100644
-index 0000000..68781fc
+index 0000000..cd72389
--- /dev/null
+++ b/man/man8/fprintd_selinux.8
-@@ -0,0 +1,79 @@
+@@ -0,0 +1,85 @@
+.TH "fprintd_selinux" "8" "fprintd" "dwalsh at redhat.com" "fprintd SELinux Policy documentation"
+.SH "NAME"
+fprintd_selinux \- Security Enhanced Linux Policy for the fprintd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the fprintd processes via flexible mandatory access
++
++SELinux Linux secures
++.B fprintd
++(DBus fingerprint reader service)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -14451,7 +15066,7 @@ index 0000000..68781fc
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -14472,7 +15087,7 @@ index 0000000..68781fc
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -14483,7 +15098,7 @@ index 0000000..68781fc
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -14496,7 +15111,7 @@ index 0000000..68781fc
+selinux(8), fprintd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/freshclam_selinux.8 b/man/man8/freshclam_selinux.8
new file mode 100644
-index 0000000..5325cb1
+index 0000000..f012b28
--- /dev/null
+++ b/man/man8/freshclam_selinux.8
@@ -0,0 +1,83 @@
@@ -14505,8 +15120,8 @@ index 0000000..5325cb1
+freshclam_selinux \- Security Enhanced Linux Policy for the freshclam processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the freshclam processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -14540,7 +15155,7 @@ index 0000000..5325cb1
+/var/log/clamav/freshclam.*, /var/log/freshclam.*
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -14561,7 +15176,7 @@ index 0000000..5325cb1
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -14572,7 +15187,7 @@ index 0000000..5325cb1
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -14585,7 +15200,7 @@ index 0000000..5325cb1
+selinux(8), freshclam(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/fsadm_selinux.8 b/man/man8/fsadm_selinux.8
new file mode 100644
-index 0000000..1251e93
+index 0000000..22e0acf
--- /dev/null
+++ b/man/man8/fsadm_selinux.8
@@ -0,0 +1,91 @@
@@ -14594,8 +15209,8 @@ index 0000000..1251e93
+fsadm_selinux \- Security Enhanced Linux Policy for the fsadm processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the fsadm processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -14637,7 +15252,7 @@ index 0000000..1251e93
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -14658,7 +15273,7 @@ index 0000000..1251e93
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -14669,7 +15284,7 @@ index 0000000..1251e93
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -14682,7 +15297,7 @@ index 0000000..1251e93
+selinux(8), fsadm(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/fsdaemon_selinux.8 b/man/man8/fsdaemon_selinux.8
new file mode 100644
-index 0000000..19cc5d1
+index 0000000..0f3466e
--- /dev/null
+++ b/man/man8/fsdaemon_selinux.8
@@ -0,0 +1,95 @@
@@ -14691,8 +15306,8 @@ index 0000000..19cc5d1
+fsdaemon_selinux \- Security Enhanced Linux Policy for the fsdaemon processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the fsdaemon processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -14738,7 +15353,7 @@ index 0000000..19cc5d1
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -14759,7 +15374,7 @@ index 0000000..19cc5d1
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -14770,7 +15385,7 @@ index 0000000..19cc5d1
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -14782,7 +15397,7 @@ index 0000000..19cc5d1
+.SH "SEE ALSO"
+selinux(8), fsdaemon(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ftpd_selinux.8 b/man/man8/ftpd_selinux.8
-index 5bebd82..bbe8e0d 100644
+index 5bebd82..c617a6e 100644
--- a/man/man8/ftpd_selinux.8
+++ b/man/man8/ftpd_selinux.8
@@ -1,65 +1,321 @@
@@ -14794,8 +15409,8 @@ index 5bebd82..bbe8e0d 100644
+ftpd_selinux \- Security Enhanced Linux Policy for the ftpd processes
.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ftpd processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. ftpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run ftpd with the tightest access possible.
@@ -14923,7 +15538,7 @@ index 5bebd82..bbe8e0d 100644
+.pp
.TP
-Allow ftp servers to use nfs for public file transfer services.
-+Allow ftpd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_ftpdd_anon_write boolean to be set.
++Allow ftpd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_ftpd_anon_write boolean to be set.
.PP
.B
-setsebool -P allow_ftpd_use_nfs on
@@ -14978,11 +15593,10 @@ index 5bebd82..bbe8e0d 100644
+
+
+.EX
- .PP
++.PP
+.B ftpd_exec_t
+.EE
-
--selinux(8), ftpd(8), setsebool(8), semanage(8), restorecon(8)
++
+- Set files with the ftpd_exec_t type, if you want to transition an executable to the ftpd_t domain.
+
+.br
@@ -15051,10 +15665,11 @@ index 5bebd82..bbe8e0d 100644
+
+
+.EX
-+.PP
+ .PP
+.B ftpdctl_exec_t
+.EE
-+
+
+-selinux(8), ftpd(8), setsebool(8), semanage(8), restorecon(8)
+- Set files with the ftpdctl_exec_t type, if you want to transition an executable to the ftpdctl_t domain.
+
+
@@ -15067,7 +15682,7 @@ index 5bebd82..bbe8e0d 100644
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -15122,7 +15737,7 @@ index 5bebd82..bbe8e0d 100644
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -15133,7 +15748,7 @@ index 5bebd82..bbe8e0d 100644
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -15154,7 +15769,7 @@ index 5bebd82..bbe8e0d 100644
\ No newline at end of file
diff --git a/man/man8/ftpdctl_selinux.8 b/man/man8/ftpdctl_selinux.8
new file mode 100644
-index 0000000..00dde44
+index 0000000..8903b4b
--- /dev/null
+++ b/man/man8/ftpdctl_selinux.8
@@ -0,0 +1,79 @@
@@ -15163,8 +15778,8 @@ index 0000000..00dde44
+ftpdctl_selinux \- Security Enhanced Linux Policy for the ftpdctl processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ftpdctl processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -15194,7 +15809,7 @@ index 0000000..00dde44
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -15215,7 +15830,7 @@ index 0000000..00dde44
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -15226,7 +15841,7 @@ index 0000000..00dde44
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -15239,18 +15854,24 @@ index 0000000..00dde44
+selinux(8), ftpdctl(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/games_selinux.8 b/man/man8/games_selinux.8
new file mode 100644
-index 0000000..9c810df
+index 0000000..32d0898
--- /dev/null
+++ b/man/man8/games_selinux.8
-@@ -0,0 +1,111 @@
+@@ -0,0 +1,117 @@
+.TH "games_selinux" "8" "games" "dwalsh at redhat.com" "games SELinux Policy documentation"
+.SH "NAME"
+games_selinux \- Security Enhanced Linux Policy for the games processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the games processes via flexible mandatory access
++
++SELinux Linux secures
++.B games
++(Games)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -15311,7 +15932,7 @@ index 0000000..9c810df
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -15332,7 +15953,7 @@ index 0000000..9c810df
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -15343,7 +15964,7 @@ index 0000000..9c810df
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -15356,7 +15977,7 @@ index 0000000..9c810df
+selinux(8), games(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/gconfd_selinux.8 b/man/man8/gconfd_selinux.8
new file mode 100644
-index 0000000..27f5552
+index 0000000..535656e
--- /dev/null
+++ b/man/man8/gconfd_selinux.8
@@ -0,0 +1,79 @@
@@ -15365,8 +15986,8 @@ index 0000000..27f5552
+gconfd_selinux \- Security Enhanced Linux Policy for the gconfd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the gconfd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -15396,7 +16017,7 @@ index 0000000..27f5552
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -15417,7 +16038,7 @@ index 0000000..27f5552
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -15428,7 +16049,7 @@ index 0000000..27f5552
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -15441,7 +16062,7 @@ index 0000000..27f5552
+selinux(8), gconfd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/gconfdefaultsm_selinux.8 b/man/man8/gconfdefaultsm_selinux.8
new file mode 100644
-index 0000000..b0fda25
+index 0000000..71a23ac
--- /dev/null
+++ b/man/man8/gconfdefaultsm_selinux.8
@@ -0,0 +1,71 @@
@@ -15450,8 +16071,8 @@ index 0000000..b0fda25
+gconfdefaultsm_selinux \- Security Enhanced Linux Policy for the gconfdefaultsm processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the gconfdefaultsm processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -15473,7 +16094,7 @@ index 0000000..b0fda25
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -15494,7 +16115,7 @@ index 0000000..b0fda25
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -15505,7 +16126,7 @@ index 0000000..b0fda25
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -15518,18 +16139,24 @@ index 0000000..b0fda25
+selinux(8), gconfdefaultsm(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/getty_selinux.8 b/man/man8/getty_selinux.8
new file mode 100644
-index 0000000..e0bf143
+index 0000000..85b78f2
--- /dev/null
+++ b/man/man8/getty_selinux.8
-@@ -0,0 +1,123 @@
+@@ -0,0 +1,129 @@
+.TH "getty_selinux" "8" "getty" "dwalsh at redhat.com" "getty SELinux Policy documentation"
+.SH "NAME"
+getty_selinux \- Security Enhanced Linux Policy for the getty processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the getty processes via flexible mandatory access
++
++SELinux Linux secures
++.B getty
++(Policy for getty)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -15602,7 +16229,7 @@ index 0000000..e0bf143
+/var/spool/voice(/.*)?, /var/spool/fax(/.*)?, /var/run/mgetty\.pid.*
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -15623,7 +16250,7 @@ index 0000000..e0bf143
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -15634,7 +16261,7 @@ index 0000000..e0bf143
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -15647,7 +16274,7 @@ index 0000000..e0bf143
+selinux(8), getty(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/gfs_selinux.8 b/man/man8/gfs_selinux.8
new file mode 100644
-index 0000000..7b747d5
+index 0000000..c681f11
--- /dev/null
+++ b/man/man8/gfs_selinux.8
@@ -0,0 +1,95 @@
@@ -15656,8 +16283,8 @@ index 0000000..7b747d5
+gfs_selinux \- Security Enhanced Linux Policy for the gfs processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the gfs processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -15703,7 +16330,7 @@ index 0000000..7b747d5
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -15724,7 +16351,7 @@ index 0000000..7b747d5
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -15735,7 +16362,7 @@ index 0000000..7b747d5
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -15746,20 +16373,215 @@ index 0000000..7b747d5
+
+.SH "SEE ALSO"
+selinux(8), gfs(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/git_shell_selinux.8 b/man/man8/git_shell_selinux.8
+new file mode 100644
+index 0000000..6031c31
+--- /dev/null
++++ b/man/man8/git_shell_selinux.8
+@@ -0,0 +1,183 @@
++.TH "git_shell_selinux" "8" "git_shell" "mgrepl at redhat.com" "git_shell SELinux Policy documentation"
++.SH "NAME"
++git_shell_u \- \fBgit_shell user role\fP - Security Enhanced Linux Policy
++
++.SH DESCRIPTION
++
++\fBgit_shell_u\fP is an SELinux User defined in the SELinux
++policy. SELinux users have default roles, \fBgit_shell_r\fP. The
++default role has a default type, \fBgit_shell_t\fP, associated with it.
++
++The SELinux user will usually login to a system with a context that looks like:
++
++.B git_shell_u:git_shell_r:git_shell_u:s0-s0:c0.c1023
++
++Linux users are automatically assigned an SELinux users at login.
++Login programs use the SELinux User to assign initial context to the user's shell.
++
++SELinux policy uses the context to control the user's access.
++
++By default all users are assigned to the SELinux user via the \fB__default__\fP flag
++
++On Targeted policy systems the \fB__default__\fP user is assigned to the \fBunconfined_u\fP SELinux user.
++
++You can list all Linux User to SELinux user mapping using:
++
++.B semanage login -l
++
++If you wanted to change the default user mapping to use the git_shell_u user, you would execute:
++
++.B semanage login -m -s git_shell_u __default__
++
++
++.SH USER DESCRIPTION
++
++The SELinux user git_shell_u is defined in policy as a unprivileged user. SELinux prevents unprivileged users from doing administration tasks without transitioning to a different role.
++
++.SH SUDO
++
++The SELinux type git_shell_t is not allowed to execute sudo.
++
++.SH X WINDOWS LOGIN
++
++The SELinux user git_shell_u is not able to X Windows login.
++
++.SH TERMINAL LOGIN
++
++The SELinux user git_shell_u is not able to terminal login.
++
++.SH NETWORK
++
++.TP
++The SELinux user git_shell_u is able to connect to the following tcp ports.
++
++.B dns_port_t: 53
++
++.B ocsp_port_t: 9080
++
++.B kerberos_port_t: 88,750,4444
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. git_shell_t policy is extremely flexible and has several booleans that allow you to manipulate the policy and run git_shell_t with the tightest access possible.
++
++
++.PP
++If you want to allow users to connect to the local mysql server, you must turn on the allow_user_mysql_connect boolean.
++
++.EX
++.B setsebool -P allow_user_mysql_connect 1
++.EE
++
++.PP
++If you want to control users use of ping and traceroute, you must turn on the user_ping boolean.
++
++.EX
++.B setsebool -P user_ping 1
++.EE
++
++.PP
++If you want to allow w to display everyone, you must turn on the user_ttyfile_stat boolean.
++
++.EX
++.B setsebool -P user_ttyfile_stat 1
++.EE
++
++.PP
++If you want to allow user music sharing, you must turn on the user_share_music boolean.
++
++.EX
++.B setsebool -P user_share_music 1
++.EE
++
++.PP
++If you want to allow regular users direct dri device access, you must turn on the user_direct_dri boolean.
++
++.EX
++.B setsebool -P user_direct_dri 1
++.EE
++
++.PP
++If you want to allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY), you must turn on the user_rw_noexattrfile boolean.
++
++.EX
++.B setsebool -P user_rw_noexattrfile 1
++.EE
++
++.PP
++If you want to allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols, you must turn on the user_tcp_server boolean.
++
++.EX
++.B setsebool -P user_tcp_server 1
++.EE
++
++.PP
++If you want to allow regular users direct mouse access, you must turn on the user_direct_mouse boolean.
++
++.EX
++.B setsebool -P user_direct_mouse 1
++.EE
++
++.PP
++If you want to allow user processes to change their priority, you must turn on the user_setrlimit boolean.
++
++.EX
++.B setsebool -P user_setrlimit 1
++.EE
++
++.PP
++If you want to allow users to connect to PostgreSQL, you must turn on the allow_user_postgresql_connect boolean.
++
++.EX
++.B setsebool -P allow_user_postgresql_connect 1
++.EE
++
++.PP
++If you want to allow users to read system messages, you must turn on the user_dmesg boolean.
++
++.EX
++.B setsebool -P user_dmesg 1
++.EE
++
++.SH HOME_EXEC
++
++The SELinux user git_shell_u is able execute home content files.
++
++.SH TRANSITIONS
++
++Three things can happen when git_shell_t attempts to execute a program.
++
++\fB1.\fP SELinux Policy can deny git_shell_t from executing the program.
++
++.TP
++
++\fB2.\fP SELinux Policy can allow git_shell_t to execute the program in the current user type.
++
++Execute the following to see the types that the SELinux user git_shell_t can execute without transitioning:
++
++.B sesearch -A -s git_shell_t -c file -p execute_no_trans
++
++.TP
++
++\fB3.\fP SELinux can allow git_shell_t to execute the program and transition to a new type.
++
++Execute the following to see the types that the SELinux user git_shell_t can execute and transition:
++
++.B $ sesearch -A -s git_shell_t -c process -p transition
++
++
++.SH "COMMANDS"
++
++.B semanage login
++can also be used to manipulate the Linux User to SELinux User mappings
++
++.B semanage user
++can also be used to manipulate SELinux user definitions.
++
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was autogenerated by genuserman.py.
++
++.SH "SEE ALSO"
++selinux(8), semanage(8).
diff --git a/man/man8/gitosis_selinux.8 b/man/man8/gitosis_selinux.8
new file mode 100644
-index 0000000..6330704
+index 0000000..0db16b5
--- /dev/null
+++ b/man/man8/gitosis_selinux.8
-@@ -0,0 +1,102 @@
+@@ -0,0 +1,108 @@
+.TH "gitosis_selinux" "8" "gitosis" "dwalsh at redhat.com" "gitosis SELinux Policy documentation"
+.SH "NAME"
+gitosis_selinux \- Security Enhanced Linux Policy for the gitosis processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the gitosis processes via flexible mandatory access
++
++SELinux Linux secures
++.B gitosis
++(Tools for managing and hosting git repositories)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. gitosis policy is extremely flexible and has several booleans that allow you to manipulate the policy and run gitosis with the tightest access possible.
+
@@ -15807,7 +16629,7 @@ index 0000000..6330704
+/var/lib/gitolite(/.*)?, /var/lib/gitosis(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -15828,7 +16650,7 @@ index 0000000..6330704
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -15839,7 +16661,7 @@ index 0000000..6330704
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -15857,18 +16679,24 @@ index 0000000..6330704
\ No newline at end of file
diff --git a/man/man8/glance_selinux.8 b/man/man8/glance_selinux.8
new file mode 100644
-index 0000000..54d06b3
+index 0000000..5fe5fae
--- /dev/null
+++ b/man/man8/glance_selinux.8
-@@ -0,0 +1,161 @@
+@@ -0,0 +1,167 @@
+.TH "glance_selinux" "8" "glance" "dwalsh at redhat.com" "glance SELinux Policy documentation"
+.SH "NAME"
+glance_selinux \- Security Enhanced Linux Policy for the glance processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the glance processes via flexible mandatory access
++
++SELinux Linux secures
++.B glance
++(policy for glance)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -15953,7 +16781,7 @@ index 0000000..54d06b3
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -15997,7 +16825,7 @@ index 0000000..54d06b3
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -16008,7 +16836,7 @@ index 0000000..54d06b3
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -16024,18 +16852,24 @@ index 0000000..54d06b3
+selinux(8), glance(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/gnomeclock_selinux.8 b/man/man8/gnomeclock_selinux.8
new file mode 100644
-index 0000000..befa734
+index 0000000..9664dd6
--- /dev/null
+++ b/man/man8/gnomeclock_selinux.8
-@@ -0,0 +1,75 @@
+@@ -0,0 +1,81 @@
+.TH "gnomeclock_selinux" "8" "gnomeclock" "dwalsh at redhat.com" "gnomeclock SELinux Policy documentation"
+.SH "NAME"
+gnomeclock_selinux \- Security Enhanced Linux Policy for the gnomeclock processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the gnomeclock processes via flexible mandatory access
++
++SELinux Linux secures
++.B gnomeclock
++(Gnome clock handler for setting the time)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -16060,7 +16894,7 @@ index 0000000..befa734
+/usr/libexec/gsd-datetime-mechanism, /usr/libexec/kde(3|4)/kcmdatetimehelper, /usr/libexec/gnome-clock-applet-mechanism
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -16081,7 +16915,7 @@ index 0000000..befa734
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -16092,7 +16926,7 @@ index 0000000..befa734
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -16105,7 +16939,7 @@ index 0000000..befa734
+selinux(8), gnomeclock(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/gnomesystemmm_selinux.8 b/man/man8/gnomesystemmm_selinux.8
new file mode 100644
-index 0000000..871dff2
+index 0000000..d92b3e4
--- /dev/null
+++ b/man/man8/gnomesystemmm_selinux.8
@@ -0,0 +1,75 @@
@@ -16114,8 +16948,8 @@ index 0000000..871dff2
+gnomesystemmm_selinux \- Security Enhanced Linux Policy for the gnomesystemmm processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the gnomesystemmm processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -16141,7 +16975,7 @@ index 0000000..871dff2
+/usr/libexec/kde(3|4)/ksysguardprocesslist_helper, /usr/libexec/gnome-system-monitor-mechanism
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -16162,7 +16996,7 @@ index 0000000..871dff2
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -16173,7 +17007,7 @@ index 0000000..871dff2
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -16186,18 +17020,24 @@ index 0000000..871dff2
+selinux(8), gnomesystemmm(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/gpg_selinux.8 b/man/man8/gpg_selinux.8
new file mode 100644
-index 0000000..00db011
+index 0000000..9072646
--- /dev/null
+++ b/man/man8/gpg_selinux.8
-@@ -0,0 +1,171 @@
+@@ -0,0 +1,177 @@
+.TH "gpg_selinux" "8" "gpg" "dwalsh at redhat.com" "gpg SELinux Policy documentation"
+.SH "NAME"
+gpg_selinux \- Security Enhanced Linux Policy for the gpg processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the gpg processes via flexible mandatory access
++
++SELinux Linux secures
++.B gpg
++(Policy for GNU Privacy Guard and related programs)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. gpg policy is extremely flexible and has several booleans that allow you to manipulate the policy and run gpg with the tightest access possible.
+
@@ -16227,7 +17067,7 @@ index 0000000..00db011
+.B restorecon -F -R -v /var/gpg
+.pp
+.TP
-+Allow gpg servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_gpgd_anon_write boolean to be set.
++Allow gpg servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_gpg_anon_write boolean to be set.
+.PP
+.B
+semanage fcontext -a -t public_content_rw_t "/var/gpg/incoming(/.*)?"
@@ -16314,7 +17154,7 @@ index 0000000..00db011
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -16335,7 +17175,7 @@ index 0000000..00db011
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -16346,7 +17186,7 @@ index 0000000..00db011
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -16364,18 +17204,24 @@ index 0000000..00db011
\ No newline at end of file
diff --git a/man/man8/gpm_selinux.8 b/man/man8/gpm_selinux.8
new file mode 100644
-index 0000000..9cbaad7
+index 0000000..7c67dba
--- /dev/null
+++ b/man/man8/gpm_selinux.8
-@@ -0,0 +1,107 @@
+@@ -0,0 +1,113 @@
+.TH "gpm_selinux" "8" "gpm" "dwalsh at redhat.com" "gpm SELinux Policy documentation"
+.SH "NAME"
+gpm_selinux \- Security Enhanced Linux Policy for the gpm processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the gpm processes via flexible mandatory access
++
++SELinux Linux secures
++.B gpm
++(General Purpose Mouse driver)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -16432,7 +17278,7 @@ index 0000000..9cbaad7
+/dev/gpmctl, /dev/gpmdata
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -16453,7 +17299,7 @@ index 0000000..9cbaad7
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -16464,7 +17310,7 @@ index 0000000..9cbaad7
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -16477,18 +17323,24 @@ index 0000000..9cbaad7
+selinux(8), gpm(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/gpsd_selinux.8 b/man/man8/gpsd_selinux.8
new file mode 100644
-index 0000000..44a67f2
+index 0000000..804e552
--- /dev/null
+++ b/man/man8/gpsd_selinux.8
-@@ -0,0 +1,125 @@
+@@ -0,0 +1,131 @@
+.TH "gpsd_selinux" "8" "gpsd" "dwalsh at redhat.com" "gpsd SELinux Policy documentation"
+.SH "NAME"
+gpsd_selinux \- Security Enhanced Linux Policy for the gpsd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the gpsd processes via flexible mandatory access
++
++SELinux Linux secures
++.B gpsd
++(gpsd monitor daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -16537,7 +17389,7 @@ index 0000000..44a67f2
+/var/run/gpsd\.sock, /var/run/gpsd\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -16581,7 +17433,7 @@ index 0000000..44a67f2
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -16592,7 +17444,7 @@ index 0000000..44a67f2
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -16608,7 +17460,7 @@ index 0000000..44a67f2
+selinux(8), gpsd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/greylist_selinux.8 b/man/man8/greylist_selinux.8
new file mode 100644
-index 0000000..e549305
+index 0000000..893c92e
--- /dev/null
+++ b/man/man8/greylist_selinux.8
@@ -0,0 +1,83 @@
@@ -16617,8 +17469,8 @@ index 0000000..e549305
+greylist_selinux \- Security Enhanced Linux Policy for the greylist processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the greylist processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -16652,7 +17504,7 @@ index 0000000..e549305
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -16673,7 +17525,7 @@ index 0000000..e549305
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -16684,7 +17536,7 @@ index 0000000..e549305
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -16697,7 +17549,7 @@ index 0000000..e549305
+selinux(8), greylist(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/groupadd_selinux.8 b/man/man8/groupadd_selinux.8
new file mode 100644
-index 0000000..2cca129
+index 0000000..7774b5f
--- /dev/null
+++ b/man/man8/groupadd_selinux.8
@@ -0,0 +1,75 @@
@@ -16706,8 +17558,8 @@ index 0000000..2cca129
+groupadd_selinux \- Security Enhanced Linux Policy for the groupadd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the groupadd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -16733,7 +17585,7 @@ index 0000000..2cca129
+/usr/sbin/gpasswd, /usr/bin/gpasswd, /usr/sbin/groupdel, /usr/sbin/groupadd, /usr/sbin/groupmod
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -16754,7 +17606,7 @@ index 0000000..2cca129
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -16765,7 +17617,7 @@ index 0000000..2cca129
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -16778,7 +17630,7 @@ index 0000000..2cca129
+selinux(8), groupadd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/groupd_selinux.8 b/man/man8/groupd_selinux.8
new file mode 100644
-index 0000000..7d9f0d1
+index 0000000..7285b15
--- /dev/null
+++ b/man/man8/groupd_selinux.8
@@ -0,0 +1,95 @@
@@ -16787,8 +17639,8 @@ index 0000000..7d9f0d1
+groupd_selinux \- Security Enhanced Linux Policy for the groupd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the groupd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -16834,7 +17686,7 @@ index 0000000..7d9f0d1
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -16855,7 +17707,7 @@ index 0000000..7d9f0d1
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -16866,7 +17718,7 @@ index 0000000..7d9f0d1
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -16879,7 +17731,7 @@ index 0000000..7d9f0d1
+selinux(8), groupd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/gssd_selinux.8 b/man/man8/gssd_selinux.8
new file mode 100644
-index 0000000..ab14eb8
+index 0000000..2e36991
--- /dev/null
+++ b/man/man8/gssd_selinux.8
@@ -0,0 +1,106 @@
@@ -16888,8 +17740,8 @@ index 0000000..ab14eb8
+gssd_selinux \- Security Enhanced Linux Policy for the gssd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the gssd processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. gssd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run gssd with the tightest access possible.
@@ -16942,7 +17794,7 @@ index 0000000..ab14eb8
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -16963,7 +17815,7 @@ index 0000000..ab14eb8
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -16974,7 +17826,7 @@ index 0000000..ab14eb8
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -16990,20 +17842,220 @@ index 0000000..ab14eb8
+selinux(8), gssd(8), semanage(8), restorecon(8), chcon(1)
+, setsebool(8)
\ No newline at end of file
+diff --git a/man/man8/guest_selinux.8 b/man/man8/guest_selinux.8
+new file mode 100644
+index 0000000..faeeaf7
+--- /dev/null
++++ b/man/man8/guest_selinux.8
+@@ -0,0 +1,188 @@
++.TH "guest_selinux" "8" "guest" "mgrepl at redhat.com" "guest SELinux Policy documentation"
++.SH "NAME"
++guest_u \- \fBLeast privledge terminal user role\fP - Security Enhanced Linux Policy
++
++.SH DESCRIPTION
++
++\fBguest_u\fP is an SELinux User defined in the SELinux
++policy. SELinux users have default roles, \fBguest_r\fP. The
++default role has a default type, \fBguest_t\fP, associated with it.
++
++The SELinux user will usually login to a system with a context that looks like:
++
++.B guest_u:guest_r:guest_u:s0-s0:c0.c1023
++
++Linux users are automatically assigned an SELinux users at login.
++Login programs use the SELinux User to assign initial context to the user's shell.
++
++SELinux policy uses the context to control the user's access.
++
++By default all users are assigned to the SELinux user via the \fB__default__\fP flag
++
++On Targeted policy systems the \fB__default__\fP user is assigned to the \fBunconfined_u\fP SELinux user.
++
++You can list all Linux User to SELinux user mapping using:
++
++.B semanage login -l
++
++If you wanted to change the default user mapping to use the guest_u user, you would execute:
++
++.B semanage login -m -s guest_u __default__
++
++
++If you want to map the one Linux user (joe) to the SELinux user guest, you would execute:
++
++.B $ semanage login -a -s guest_u joe
++
++
++.SH USER DESCRIPTION
++
++The SELinux user guest_u is defined in policy as a unprivileged user. SELinux prevents unprivileged users from doing administration tasks without transitioning to a different role.
++
++.SH SUDO
++
++The SELinux type guest_t is not allowed to execute sudo.
++
++.SH X WINDOWS LOGIN
++
++The SELinux user guest_u is not able to X Windows login.
++
++.SH TERMINAL LOGIN
++
++The SELinux user guest_u is able to terminal login.
++
++.SH NETWORK
++
++.TP
++The SELinux user guest_u is able to connect to the following tcp ports.
++
++.B dns_port_t: 53
++
++.B ocsp_port_t: 9080
++
++.B kerberos_port_t: 88,750,4444
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. guest_t policy is extremely flexible and has several booleans that allow you to manipulate the policy and run guest_t with the tightest access possible.
++
++
++.PP
++If you want to allow users to connect to the local mysql server, you must turn on the allow_user_mysql_connect boolean.
++
++.EX
++.B setsebool -P allow_user_mysql_connect 1
++.EE
++
++.PP
++If you want to control users use of ping and traceroute, you must turn on the user_ping boolean.
++
++.EX
++.B setsebool -P user_ping 1
++.EE
++
++.PP
++If you want to allow w to display everyone, you must turn on the user_ttyfile_stat boolean.
++
++.EX
++.B setsebool -P user_ttyfile_stat 1
++.EE
++
++.PP
++If you want to allow user music sharing, you must turn on the user_share_music boolean.
++
++.EX
++.B setsebool -P user_share_music 1
++.EE
++
++.PP
++If you want to allow regular users direct dri device access, you must turn on the user_direct_dri boolean.
++
++.EX
++.B setsebool -P user_direct_dri 1
++.EE
++
++.PP
++If you want to allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY), you must turn on the user_rw_noexattrfile boolean.
++
++.EX
++.B setsebool -P user_rw_noexattrfile 1
++.EE
++
++.PP
++If you want to allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols, you must turn on the user_tcp_server boolean.
++
++.EX
++.B setsebool -P user_tcp_server 1
++.EE
++
++.PP
++If you want to allow regular users direct mouse access, you must turn on the user_direct_mouse boolean.
++
++.EX
++.B setsebool -P user_direct_mouse 1
++.EE
++
++.PP
++If you want to allow user processes to change their priority, you must turn on the user_setrlimit boolean.
++
++.EX
++.B setsebool -P user_setrlimit 1
++.EE
++
++.PP
++If you want to allow users to connect to PostgreSQL, you must turn on the allow_user_postgresql_connect boolean.
++
++.EX
++.B setsebool -P allow_user_postgresql_connect 1
++.EE
++
++.PP
++If you want to allow users to read system messages, you must turn on the user_dmesg boolean.
++
++.EX
++.B setsebool -P user_dmesg 1
++.EE
++
++.SH HOME_EXEC
++
++The SELinux user guest_u is able execute home content files.
++
++.SH TRANSITIONS
++
++Three things can happen when guest_t attempts to execute a program.
++
++\fB1.\fP SELinux Policy can deny guest_t from executing the program.
++
++.TP
++
++\fB2.\fP SELinux Policy can allow guest_t to execute the program in the current user type.
++
++Execute the following to see the types that the SELinux user guest_t can execute without transitioning:
++
++.B sesearch -A -s guest_t -c file -p execute_no_trans
++
++.TP
++
++\fB3.\fP SELinux can allow guest_t to execute the program and transition to a new type.
++
++Execute the following to see the types that the SELinux user guest_t can execute and transition:
++
++.B $ sesearch -A -s guest_t -c process -p transition
++
++
++.SH "COMMANDS"
++
++.B semanage login
++can also be used to manipulate the Linux User to SELinux User mappings
++
++.B semanage user
++can also be used to manipulate SELinux user definitions.
++
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was autogenerated by genuserman.py.
++
++.SH "SEE ALSO"
++selinux(8), semanage(8).
diff --git a/man/man8/hddtemp_selinux.8 b/man/man8/hddtemp_selinux.8
new file mode 100644
-index 0000000..01e72f6
+index 0000000..132cb89
--- /dev/null
+++ b/man/man8/hddtemp_selinux.8
-@@ -0,0 +1,113 @@
+@@ -0,0 +1,119 @@
+.TH "hddtemp_selinux" "8" "hddtemp" "dwalsh at redhat.com" "hddtemp SELinux Policy documentation"
+.SH "NAME"
+hddtemp_selinux \- Security Enhanced Linux Policy for the hddtemp processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the hddtemp processes via flexible mandatory access
++
++SELinux Linux secures
++.B hddtemp
++(hddtemp hard disk temperature tool running as a daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -17040,7 +18092,7 @@ index 0000000..01e72f6
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -17084,7 +18136,7 @@ index 0000000..01e72f6
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -17095,7 +18147,7 @@ index 0000000..01e72f6
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -17111,18 +18163,24 @@ index 0000000..01e72f6
+selinux(8), hddtemp(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/hostname_selinux.8 b/man/man8/hostname_selinux.8
new file mode 100644
-index 0000000..cb71cf9
+index 0000000..519b849
--- /dev/null
+++ b/man/man8/hostname_selinux.8
-@@ -0,0 +1,75 @@
+@@ -0,0 +1,81 @@
+.TH "hostname_selinux" "8" "hostname" "dwalsh at redhat.com" "hostname SELinux Policy documentation"
+.SH "NAME"
+hostname_selinux \- Security Enhanced Linux Policy for the hostname processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the hostname processes via flexible mandatory access
++
++SELinux Linux secures
++.B hostname
++(Policy for changing the system host name)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -17147,7 +18205,7 @@ index 0000000..cb71cf9
+/bin/hostname, /usr/bin/hostname
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -17168,7 +18226,7 @@ index 0000000..cb71cf9
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -17179,7 +18237,7 @@ index 0000000..cb71cf9
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -17192,7 +18250,7 @@ index 0000000..cb71cf9
+selinux(8), hostname(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/hplip_selinux.8 b/man/man8/hplip_selinux.8
new file mode 100644
-index 0000000..fc05d18
+index 0000000..05353ce
--- /dev/null
+++ b/man/man8/hplip_selinux.8
@@ -0,0 +1,137 @@
@@ -17201,8 +18259,8 @@ index 0000000..fc05d18
+hplip_selinux \- Security Enhanced Linux Policy for the hplip processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the hplip processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -17264,7 +18322,7 @@ index 0000000..fc05d18
+/var/run/hp.*\.pid, /var/run/hp.*\.port
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -17308,7 +18366,7 @@ index 0000000..fc05d18
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -17319,7 +18377,7 @@ index 0000000..fc05d18
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -17334,10 +18392,10 @@ index 0000000..fc05d18
+.SH "SEE ALSO"
+selinux(8), hplip(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/httpd_selinux.8 b/man/man8/httpd_selinux.8
-index 16e8b13..2e65351 100644
+index 16e8b13..9c093cd 100644
--- a/man/man8/httpd_selinux.8
+++ b/man/man8/httpd_selinux.8
-@@ -1,120 +1,1508 @@
+@@ -1,120 +1,1514 @@
-.TH "httpd_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "httpd Selinux Policy documentation"
-.de EX
-.nf
@@ -17354,10 +18412,16 @@ index 16e8b13..2e65351 100644
.SH "DESCRIPTION"
-Security-Enhanced Linux secures the httpd server via flexible mandatory access
-+Security-Enhanced Linux secures the httpd processes via flexible mandatory access
++
++SELinux Linux secures
++.B httpd
++(Apache web server)
++processes via flexible mandatory access
control.
-.SH FILE_CONTEXTS
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. httpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run httpd with the tightest access possible.
+
@@ -17576,7 +18640,7 @@ index 16e8b13..2e65351 100644
+.B restorecon -F -R -v /var/httpd
+.pp
+.TP
-+Allow httpd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_httpdd_anon_write boolean to be set.
++Allow httpd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_httpd_anon_write boolean to be set.
+.PP
+.B
+semanage fcontext -a -t public_content_rw_t "/var/httpd/incoming(/.*)?"
@@ -17641,7 +18705,7 @@ index 16e8b13..2e65351 100644
.EE
-- Set files with httpd_sys_content_rw_t if you want httpd_sys_script_exec_t scripts and the daemon to read/write the data, and disallow other non sys scripts from access.
+
-+- Set files with the httpd_apcupsd_cgi_ra_content_t type, if you want to treat the files as httpd apcupsd cgi read/append content.
++- Set files with the httpd_apcupsd_cgi_ra_content_t type, if you want to treat the files as httpd apcupsd cgi read/append content.
+
+
.EX
@@ -17665,155 +18729,147 @@ index 16e8b13..2e65351 100644
-.SH NOTE
-With certain policies you can define additional file contexts based on roles like user or staff. httpd_user_script_exec_t can be defined where it would only have access to "user" contexts.
+- Set files with the httpd_apcupsd_cgi_script_exec_t type, if you want to transition an executable to the httpd_apcupsd_cgi_script_t domain.
-+
+
+-.SH SHARING FILES
+-If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for httpd you would execute:
+.br
+.TP 5
+Paths:
+/var/www/apcupsd/upsfstats\.cgi, /var/www/apcupsd/upsstats\.cgi, /var/www/apcupsd/upsimage\.cgi, /var/www/apcupsd/multimon\.cgi, /var/www/cgi-bin/apcgui(/.*)?
-+
-+.EX
-+.PP
-+.B httpd_awstats_content_t
-+.EE
-+
-+- Set files with the httpd_awstats_content_t type, if you want to treat the files as httpd awstats content.
-
--.SH SHARING FILES
--If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for httpd you would execute:
.EX
-setsebool -P allow_httpd_anon_write=1
+.PP
-+.B httpd_awstats_htaccess_t
++.B httpd_awstats_content_t
.EE
-or
-+- Set files with the httpd_awstats_htaccess_t type, if you want to treat the file as a httpd awstats access file.
++- Set files with the httpd_awstats_content_t type, if you want to treat the files as httpd awstats content.
+
.EX
-setsebool -P allow_httpd_sys_script_anon_write=1
+.PP
-+.B httpd_awstats_ra_content_t
++.B httpd_awstats_htaccess_t
.EE
-.SH BOOLEANS
-SELinux policy is customizable based on least access required. SELinux can be setup to prevent certain http scripts from working. httpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run httpd with the tightest access possible.
-+- Set files with the httpd_awstats_ra_content_t type, if you want to treat the files as httpd awstats read/append content.
++- Set files with the httpd_awstats_htaccess_t type, if you want to treat the file as a httpd awstats access file.
+
+
+.EX
+.PP
-+.B httpd_awstats_rw_content_t
++.B httpd_awstats_ra_content_t
+.EE
+
-+- Set files with the httpd_awstats_rw_content_t type, if you want to treat the files as httpd awstats read/write content.
++- Set files with the httpd_awstats_ra_content_t type, if you want to treat the files as httpd awstats read/append content.
+
+
+.EX
.PP
-httpd can be setup to allow cgi scripts to be executed, set httpd_enable_cgi to allow this
-+.B httpd_awstats_script_exec_t
++.B httpd_awstats_rw_content_t
+.EE
+
-+- Set files with the httpd_awstats_script_exec_t type, if you want to transition an executable to the httpd_awstats_script_t domain.
++- Set files with the httpd_awstats_rw_content_t type, if you want to treat the files as httpd awstats read/write content.
+
.EX
-setsebool -P httpd_enable_cgi 1
+.PP
-+.B httpd_bugzilla_content_t
++.B httpd_awstats_script_exec_t
.EE
-+- Set files with the httpd_bugzilla_content_t type, if you want to treat the files as httpd bugzilla content.
++- Set files with the httpd_awstats_script_exec_t type, if you want to transition an executable to the httpd_awstats_script_t domain.
+
+
+.EX
.PP
-SELinux policy for httpd can be setup to not allowed to access users home directories. If you want to allow access to users home directories you need to set the httpd_enable_homedirs boolean and change the context of the files that you want people to access off the home dir.
-+.B httpd_bugzilla_htaccess_t
++.B httpd_bugzilla_content_t
+.EE
+
-+- Set files with the httpd_bugzilla_htaccess_t type, if you want to treat the file as a httpd bugzilla access file.
++- Set files with the httpd_bugzilla_content_t type, if you want to treat the files as httpd bugzilla content.
+
.EX
-setsebool -P httpd_enable_homedirs 1
-chcon -R -t httpd_sys_content_t ~user/public_html
+.PP
-+.B httpd_bugzilla_ra_content_t
++.B httpd_bugzilla_htaccess_t
.EE
-+- Set files with the httpd_bugzilla_ra_content_t type, if you want to treat the files as httpd bugzilla read/append content.
++- Set files with the httpd_bugzilla_htaccess_t type, if you want to treat the file as a httpd bugzilla access file.
+
+
+.EX
.PP
-SELinux policy for httpd can be setup to not allow access to the controlling terminal. In most cases this is preferred, because an intruder might be able to use the access to the terminal to gain privileges. But in certain situations httpd needs to prompt for a password to open a certificate file, in these cases, terminal access is required. Set the httpd_tty_comm boolean to allow terminal access.
-+.B httpd_bugzilla_rw_content_t
++.B httpd_bugzilla_ra_content_t
+.EE
+
-+- Set files with the httpd_bugzilla_rw_content_t type, if you want to treat the files as httpd bugzilla read/write content.
++- Set files with the httpd_bugzilla_ra_content_t type, if you want to treat the files as httpd bugzilla read/append content.
+
.EX
-setsebool -P httpd_tty_comm 1
+.PP
-+.B httpd_bugzilla_script_exec_t
++.B httpd_bugzilla_rw_content_t
.EE
-+- Set files with the httpd_bugzilla_script_exec_t type, if you want to transition an executable to the httpd_bugzilla_script_t domain.
++- Set files with the httpd_bugzilla_rw_content_t type, if you want to treat the files as httpd bugzilla read/write content.
+
+
+.EX
.PP
-httpd can be configured to not differentiate file controls based on context, i.e. all files labeled as httpd context can be read/write/execute. Setting this boolean to false allows you to setup the security policy such that one httpd service can not interfere with another.
-+.B httpd_bugzilla_tmp_t
++.B httpd_bugzilla_script_exec_t
+.EE
+
-+- Set files with the httpd_bugzilla_tmp_t type, if you want to store httpd bugzilla temporary files in the /tmp directories.
++- Set files with the httpd_bugzilla_script_exec_t type, if you want to transition an executable to the httpd_bugzilla_script_t domain.
+
.EX
-setsebool -P httpd_unified 0
+.PP
-+.B httpd_cache_t
++.B httpd_bugzilla_tmp_t
.EE
-+- Set files with the httpd_cache_t type, if you want to store the files under the /var/cache directory.
++- Set files with the httpd_bugzilla_tmp_t type, if you want to store httpd bugzilla temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/var/cache/php-.*, /var/cache/mediawiki(/.*)?, /var/cache/php-eaccelerator(/.*)?, /var/cache/lighttpd(/.*)?, /var/cache/php-mmcache(/.*)?, /var/cache/mod_gnutls(/.*)?, /var/cache/mod_ssl(/.*)?, /var/cache/jetty(/.*)?, /var/cache/mod_.*, /var/cache/ssl.*\.sem, /var/cache/httpd(/.*)?, /var/cache/rt3(/.*)?, /var/cache/mason(/.*)?, /var/cache/mod_proxy(/.*)?
+
+.EX
.PP
-SELinu policy for httpd can be configured to turn on sending email. This is a security feature, since it would prevent a vulnerabiltiy in http from causing a spam attack. I certain situations, you may want http modules to send mail. You can turn on the httpd_send_mail boolean.
-+.B httpd_cobbler_content_t
++.B httpd_cache_t
+.EE
+
-+- Set files with the httpd_cobbler_content_t type, if you want to treat the files as httpd cobbler content.
++- Set files with the httpd_cache_t type, if you want to store the files under the /var/cache directory.
+
++.br
++.TP 5
++Paths:
++/var/cache/php-.*, /var/cache/mediawiki(/.*)?, /var/cache/php-eaccelerator(/.*)?, /var/cache/lighttpd(/.*)?, /var/cache/php-mmcache(/.*)?, /var/cache/mod_gnutls(/.*)?, /var/cache/mod_ssl(/.*)?, /var/cache/jetty(/.*)?, /var/cache/mod_.*, /var/cache/ssl.*\.sem, /var/cache/httpd(/.*)?, /var/cache/rt3(/.*)?, /var/cache/mason(/.*)?, /var/cache/mod_proxy(/.*)?
.EX
-setsebool -P httpd_can_sendmail 1
.PP
-httpd can be configured to turn off internal scripting (PHP). PHP and other
-loadable modules run under the same context as httpd. Therefore several policy rules allow httpd greater access to the system then is needed if you only use external cgi scripts.
-+.B httpd_cobbler_htaccess_t
++.B httpd_cobbler_content_t
+.EE
+
-+- Set files with the httpd_cobbler_htaccess_t type, if you want to treat the file as a httpd cobbler access file.
++- Set files with the httpd_cobbler_content_t type, if you want to treat the files as httpd cobbler content.
+
.EX
-setsebool -P httpd_builtin_scripting 0
+.PP
-+.B httpd_cobbler_ra_content_t
++.B httpd_cobbler_htaccess_t
.EE
-+- Set files with the httpd_cobbler_ra_content_t type, if you want to treat the files as httpd cobbler read/append content.
++- Set files with the httpd_cobbler_htaccess_t type, if you want to treat the file as a httpd cobbler access file.
+
+
+.EX
@@ -17821,19 +18877,19 @@ index 16e8b13..2e65351 100644
-SELinux policy can be setup such that httpd scripts are not allowed to connect out to the network.
-This would prevent a hacker from breaking into you httpd server and attacking
-other machines. If you need scripts to be able to connect you can set the httpd_can_network_connect boolean on.
-+.B httpd_cobbler_rw_content_t
++.B httpd_cobbler_ra_content_t
+.EE
+
-+- Set files with the httpd_cobbler_rw_content_t type, if you want to treat the files as httpd cobbler read/write content.
++- Set files with the httpd_cobbler_ra_content_t type, if you want to treat the files as httpd cobbler read/append content.
+
.EX
-setsebool -P httpd_can_network_connect 1
+.PP
-+.B httpd_cobbler_script_exec_t
++.B httpd_cobbler_rw_content_t
.EE
-+- Set files with the httpd_cobbler_script_exec_t type, if you want to transition an executable to the httpd_cobbler_script_t domain.
++- Set files with the httpd_cobbler_rw_content_t type, if you want to treat the files as httpd cobbler read/write content.
+
+
+.EX
@@ -17841,16 +18897,24 @@ index 16e8b13..2e65351 100644
-system-config-selinux is a GUI tool available to customize SELinux policy settings.
-.SH AUTHOR
-This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-+.B httpd_collectd_content_t
++.B httpd_cobbler_script_exec_t
+.EE
-.SH "SEE ALSO"
-selinux(8), httpd(8), chcon(1), setsebool(8)
-+- Set files with the httpd_collectd_content_t type, if you want to treat the files as httpd collectd content.
++- Set files with the httpd_cobbler_script_exec_t type, if you want to transition an executable to the httpd_cobbler_script_t domain.
+.EX
+.PP
++.B httpd_collectd_content_t
++.EE
++
++- Set files with the httpd_collectd_content_t type, if you want to treat the files as httpd collectd content.
++
++
++.EX
++.PP
+.B httpd_collectd_htaccess_t
+.EE
+
@@ -17862,7 +18926,7 @@ index 16e8b13..2e65351 100644
+.B httpd_collectd_ra_content_t
+.EE
+
-+- Set files with the httpd_collectd_ra_content_t type, if you want to treat the files as httpd collectd read/append content.
++- Set files with the httpd_collectd_ra_content_t type, if you want to treat the files as httpd collectd read/append content.
+
+
+.EX
@@ -17914,7 +18978,7 @@ index 16e8b13..2e65351 100644
+.B httpd_cvs_ra_content_t
+.EE
+
-+- Set files with the httpd_cvs_ra_content_t type, if you want to treat the files as httpd cvs read/append content.
++- Set files with the httpd_cvs_ra_content_t type, if you want to treat the files as httpd cvs read/append content.
+
+
+.EX
@@ -17958,7 +19022,7 @@ index 16e8b13..2e65351 100644
+.B httpd_dirsrvadmin_ra_content_t
+.EE
+
-+- Set files with the httpd_dirsrvadmin_ra_content_t type, if you want to treat the files as httpd dirsrvadmin read/append content.
++- Set files with the httpd_dirsrvadmin_ra_content_t type, if you want to treat the files as httpd dirsrvadmin read/append content.
+
+
+.EX
@@ -18002,7 +19066,7 @@ index 16e8b13..2e65351 100644
+.B httpd_dspam_ra_content_t
+.EE
+
-+- Set files with the httpd_dspam_ra_content_t type, if you want to treat the files as httpd dspam read/append content.
++- Set files with the httpd_dspam_ra_content_t type, if you want to treat the files as httpd dspam read/append content.
+
+
+.EX
@@ -18054,7 +19118,7 @@ index 16e8b13..2e65351 100644
+.B httpd_git_ra_content_t
+.EE
+
-+- Set files with the httpd_git_ra_content_t type, if you want to treat the files as httpd git read/append content.
++- Set files with the httpd_git_ra_content_t type, if you want to treat the files as httpd git read/append content.
+
+
+.EX
@@ -18130,7 +19194,7 @@ index 16e8b13..2e65351 100644
+.B httpd_libra_ra_content_t
+.EE
+
-+- Set files with the httpd_libra_ra_content_t type, if you want to treat the files as httpd libra read/append content.
++- Set files with the httpd_libra_ra_content_t type, if you want to treat the files as httpd libra read/append content.
+
+
+.EX
@@ -18194,7 +19258,7 @@ index 16e8b13..2e65351 100644
+.B httpd_mediawiki_ra_content_t
+.EE
+
-+- Set files with the httpd_mediawiki_ra_content_t type, if you want to treat the files as httpd mediawiki read/append content.
++- Set files with the httpd_mediawiki_ra_content_t type, if you want to treat the files as httpd mediawiki read/append content.
+
+
+.EX
@@ -18250,7 +19314,7 @@ index 16e8b13..2e65351 100644
+.B httpd_mojomojo_ra_content_t
+.EE
+
-+- Set files with the httpd_mojomojo_ra_content_t type, if you want to treat the files as httpd mojomojo read/append content.
++- Set files with the httpd_mojomojo_ra_content_t type, if you want to treat the files as httpd mojomojo read/append content.
+
+
+.EX
@@ -18298,7 +19362,7 @@ index 16e8b13..2e65351 100644
+.B httpd_munin_ra_content_t
+.EE
+
-+- Set files with the httpd_munin_ra_content_t type, if you want to treat the files as httpd munin read/append content.
++- Set files with the httpd_munin_ra_content_t type, if you want to treat the files as httpd munin read/append content.
+
+
+.EX
@@ -18338,7 +19402,7 @@ index 16e8b13..2e65351 100644
+.B httpd_nagios_ra_content_t
+.EE
+
-+- Set files with the httpd_nagios_ra_content_t type, if you want to treat the files as httpd nagios read/append content.
++- Set files with the httpd_nagios_ra_content_t type, if you want to treat the files as httpd nagios read/append content.
+
+
+.EX
@@ -18382,7 +19446,7 @@ index 16e8b13..2e65351 100644
+.B httpd_nutups_cgi_ra_content_t
+.EE
+
-+- Set files with the httpd_nutups_cgi_ra_content_t type, if you want to treat the files as httpd nutups cgi read/append content.
++- Set files with the httpd_nutups_cgi_ra_content_t type, if you want to treat the files as httpd nutups cgi read/append content.
+
+
+.EX
@@ -18450,7 +19514,7 @@ index 16e8b13..2e65351 100644
+.B httpd_prewikka_ra_content_t
+.EE
+
-+- Set files with the httpd_prewikka_ra_content_t type, if you want to treat the files as httpd prewikka read/append content.
++- Set files with the httpd_prewikka_ra_content_t type, if you want to treat the files as httpd prewikka read/append content.
+
+
+.EX
@@ -18498,7 +19562,7 @@ index 16e8b13..2e65351 100644
+.B httpd_smokeping_cgi_ra_content_t
+.EE
+
-+- Set files with the httpd_smokeping_cgi_ra_content_t type, if you want to treat the files as httpd smokeping cgi read/append content.
++- Set files with the httpd_smokeping_cgi_ra_content_t type, if you want to treat the files as httpd smokeping cgi read/append content.
+
+
+.EX
@@ -18538,7 +19602,7 @@ index 16e8b13..2e65351 100644
+.B httpd_squid_ra_content_t
+.EE
+
-+- Set files with the httpd_squid_ra_content_t type, if you want to treat the files as httpd squid read/append content.
++- Set files with the httpd_squid_ra_content_t type, if you want to treat the files as httpd squid read/append content.
+
+
+.EX
@@ -18610,7 +19674,7 @@ index 16e8b13..2e65351 100644
+.B httpd_sys_ra_content_t
+.EE
+
-+- Set files with the httpd_sys_ra_content_t type, if you want to treat the files as httpd sys read/append content.
++- Set files with the httpd_sys_ra_content_t type, if you want to treat the files as httpd sys read/append content.
+
+
+.EX
@@ -18686,7 +19750,7 @@ index 16e8b13..2e65351 100644
+.B httpd_user_ra_content_t
+.EE
+
-+- Set files with the httpd_user_ra_content_t type, if you want to treat the files as httpd user read/append content.
++- Set files with the httpd_user_ra_content_t type, if you want to treat the files as httpd user read/append content.
+
+
+.EX
@@ -18750,7 +19814,7 @@ index 16e8b13..2e65351 100644
+.B httpd_w3c_validator_ra_content_t
+.EE
+
-+- Set files with the httpd_w3c_validator_ra_content_t type, if you want to treat the files as httpd w3c validator read/append content.
++- Set files with the httpd_w3c_validator_ra_content_t type, if you want to treat the files as httpd w3c validator read/append content.
+
+
+.EX
@@ -18802,7 +19866,7 @@ index 16e8b13..2e65351 100644
+.B httpd_zoneminder_ra_content_t
+.EE
+
-+- Set files with the httpd_zoneminder_ra_content_t type, if you want to treat the files as httpd zoneminder read/append content.
++- Set files with the httpd_zoneminder_ra_content_t type, if you want to treat the files as httpd zoneminder read/append content.
+
+
+.EX
@@ -18822,7 +19886,7 @@ index 16e8b13..2e65351 100644
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -18877,7 +19941,7 @@ index 16e8b13..2e65351 100644
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -18888,7 +19952,7 @@ index 16e8b13..2e65351 100644
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -18909,7 +19973,7 @@ index 16e8b13..2e65351 100644
\ No newline at end of file
diff --git a/man/man8/hwclock_selinux.8 b/man/man8/hwclock_selinux.8
new file mode 100644
-index 0000000..6aadb66
+index 0000000..1928dc4
--- /dev/null
+++ b/man/man8/hwclock_selinux.8
@@ -0,0 +1,75 @@
@@ -18918,8 +19982,8 @@ index 0000000..6aadb66
+hwclock_selinux \- Security Enhanced Linux Policy for the hwclock processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the hwclock processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -18945,7 +20009,7 @@ index 0000000..6aadb66
+/usr/sbin/hwclock, /sbin/hwclock
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -18966,7 +20030,7 @@ index 0000000..6aadb66
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -18977,7 +20041,7 @@ index 0000000..6aadb66
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -18990,7 +20054,7 @@ index 0000000..6aadb66
+selinux(8), hwclock(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/iceauth_selinux.8 b/man/man8/iceauth_selinux.8
new file mode 100644
-index 0000000..27f0838
+index 0000000..53e495f
--- /dev/null
+++ b/man/man8/iceauth_selinux.8
@@ -0,0 +1,87 @@
@@ -18999,8 +20063,8 @@ index 0000000..27f0838
+iceauth_selinux \- Security Enhanced Linux Policy for the iceauth processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the iceauth processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -19038,7 +20102,7 @@ index 0000000..27f0838
+/root/\.DCOP.*, /root/\.ICEauthority.*
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -19059,7 +20123,7 @@ index 0000000..27f0838
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -19070,7 +20134,7 @@ index 0000000..27f0838
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -19083,18 +20147,24 @@ index 0000000..27f0838
+selinux(8), iceauth(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/icecast_selinux.8 b/man/man8/icecast_selinux.8
new file mode 100644
-index 0000000..3e2d6b5
+index 0000000..ca10859
--- /dev/null
+++ b/man/man8/icecast_selinux.8
-@@ -0,0 +1,110 @@
+@@ -0,0 +1,116 @@
+.TH "icecast_selinux" "8" "icecast" "dwalsh at redhat.com" "icecast SELinux Policy documentation"
+.SH "NAME"
+icecast_selinux \- Security Enhanced Linux Policy for the icecast processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the icecast processes via flexible mandatory access
++
++SELinux Linux secures
++.B icecast
++( ShoutCast compatible streaming media server)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. icecast policy is extremely flexible and has several booleans that allow you to manipulate the policy and run icecast with the tightest access possible.
+
@@ -19150,7 +20220,7 @@ index 0000000..3e2d6b5
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -19171,7 +20241,7 @@ index 0000000..3e2d6b5
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -19182,7 +20252,7 @@ index 0000000..3e2d6b5
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -19200,7 +20270,7 @@ index 0000000..3e2d6b5
\ No newline at end of file
diff --git a/man/man8/ifconfig_selinux.8 b/man/man8/ifconfig_selinux.8
new file mode 100644
-index 0000000..838638b
+index 0000000..b2444a2
--- /dev/null
+++ b/man/man8/ifconfig_selinux.8
@@ -0,0 +1,75 @@
@@ -19209,8 +20279,8 @@ index 0000000..838638b
+ifconfig_selinux \- Security Enhanced Linux Policy for the ifconfig processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ifconfig processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -19236,7 +20306,7 @@ index 0000000..838638b
+/usr/sbin/ipx_internal_net, /sbin/ipx_configure, /sbin/tc, /usr/sbin/ipx_configure, /usr/sbin/iwconfig, /usr/sbin/ipx_interface, /usr/sbin/mii-tool, /usr/sbin/ethtool, /sbin/ipx_internal_net, /usr/sbin/ifconfig, /bin/ip, /usr/bin/ip, /usr/sbin/tc, /sbin/iwconfig, /sbin/ifconfig, /sbin/mii-tool, /sbin/ethtool, /usr/sbin/ip, /sbin/ipx_interface, /sbin/ip
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -19257,7 +20327,7 @@ index 0000000..838638b
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -19268,7 +20338,7 @@ index 0000000..838638b
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -19281,18 +20351,24 @@ index 0000000..838638b
+selinux(8), ifconfig(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/inetd_selinux.8 b/man/man8/inetd_selinux.8
new file mode 100644
-index 0000000..d7267d0
+index 0000000..122a8f9
--- /dev/null
+++ b/man/man8/inetd_selinux.8
-@@ -0,0 +1,153 @@
+@@ -0,0 +1,159 @@
+.TH "inetd_selinux" "8" "inetd" "dwalsh at redhat.com" "inetd SELinux Policy documentation"
+.SH "NAME"
+inetd_selinux \- Security Enhanced Linux Policy for the inetd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the inetd processes via flexible mandatory access
++
++SELinux Linux secures
++.B inetd
++(Internet services daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -19369,7 +20445,7 @@ index 0000000..d7267d0
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -19413,7 +20489,7 @@ index 0000000..d7267d0
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -19424,7 +20500,7 @@ index 0000000..d7267d0
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -19440,18 +20516,24 @@ index 0000000..d7267d0
+selinux(8), inetd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/init_selinux.8 b/man/man8/init_selinux.8
new file mode 100644
-index 0000000..3029ce8
+index 0000000..d01e375
--- /dev/null
+++ b/man/man8/init_selinux.8
-@@ -0,0 +1,161 @@
+@@ -0,0 +1,167 @@
+.TH "init_selinux" "8" "init" "dwalsh at redhat.com" "init SELinux Policy documentation"
+.SH "NAME"
+init_selinux \- Security Enhanced Linux Policy for the init processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the init processes via flexible mandatory access
++
++SELinux Linux secures
++.B init
++(System initialization programs (init and init scripts))
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. init policy is extremely flexible and has several booleans that allow you to manipulate the policy and run init with the tightest access possible.
+
@@ -19558,7 +20640,7 @@ index 0000000..3029ce8
+/var/run/setmixer_flag, /var/run/runlevel\.dir, /var/run/random-seed, /var/run/utmp
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -19579,7 +20661,7 @@ index 0000000..3029ce8
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -19590,7 +20672,7 @@ index 0000000..3029ce8
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -19608,7 +20690,7 @@ index 0000000..3029ce8
\ No newline at end of file
diff --git a/man/man8/initrc_selinux.8 b/man/man8/initrc_selinux.8
new file mode 100644
-index 0000000..e74b9b0
+index 0000000..de7621b
--- /dev/null
+++ b/man/man8/initrc_selinux.8
@@ -0,0 +1,111 @@
@@ -19617,8 +20699,8 @@ index 0000000..e74b9b0
+initrc_selinux \- Security Enhanced Linux Policy for the initrc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the initrc processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -19680,7 +20762,7 @@ index 0000000..e74b9b0
+/var/run/setmixer_flag, /var/run/runlevel\.dir, /var/run/random-seed, /var/run/utmp
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -19701,7 +20783,7 @@ index 0000000..e74b9b0
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -19712,7 +20794,7 @@ index 0000000..e74b9b0
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -19725,7 +20807,7 @@ index 0000000..e74b9b0
+selinux(8), initrc(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/innd_selinux.8 b/man/man8/innd_selinux.8
new file mode 100644
-index 0000000..efe59c3
+index 0000000..be60ba6
--- /dev/null
+++ b/man/man8/innd_selinux.8
@@ -0,0 +1,145 @@
@@ -19734,8 +20816,8 @@ index 0000000..efe59c3
+innd_selinux \- Security Enhanced Linux Policy for the innd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the innd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -19805,7 +20887,7 @@ index 0000000..efe59c3
+/var/run/innd(/.*)?, /var/run/news(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -19849,7 +20931,7 @@ index 0000000..efe59c3
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -19860,7 +20942,7 @@ index 0000000..efe59c3
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -19876,7 +20958,7 @@ index 0000000..efe59c3
+selinux(8), innd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/insmod_selinux.8 b/man/man8/insmod_selinux.8
new file mode 100644
-index 0000000..6e3f598
+index 0000000..0e25a12
--- /dev/null
+++ b/man/man8/insmod_selinux.8
@@ -0,0 +1,105 @@
@@ -19885,8 +20967,8 @@ index 0000000..6e3f598
+insmod_selinux \- Security Enhanced Linux Policy for the insmod processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the insmod processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. insmod policy is extremely flexible and has several booleans that allow you to manipulate the policy and run insmod with the tightest access possible.
@@ -19938,7 +21020,7 @@ index 0000000..6e3f598
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -19959,7 +21041,7 @@ index 0000000..6e3f598
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -19970,7 +21052,7 @@ index 0000000..6e3f598
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -19988,18 +21070,24 @@ index 0000000..6e3f598
\ No newline at end of file
diff --git a/man/man8/ipsec_selinux.8 b/man/man8/ipsec_selinux.8
new file mode 100644
-index 0000000..3a0bcd9
+index 0000000..3273369
--- /dev/null
+++ b/man/man8/ipsec_selinux.8
-@@ -0,0 +1,193 @@
+@@ -0,0 +1,199 @@
+.TH "ipsec_selinux" "8" "ipsec" "dwalsh at redhat.com" "ipsec SELinux Policy documentation"
+.SH "NAME"
+ipsec_selinux \- Security Enhanced Linux Policy for the ipsec processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ipsec processes via flexible mandatory access
++
++SELinux Linux secures
++.B ipsec
++(TCP/IP encryption)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -20116,7 +21204,7 @@ index 0000000..3a0bcd9
+/var/run/racoon\.pid, /var/run/pluto(/.*)?, /var/racoon(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -20160,7 +21248,7 @@ index 0000000..3a0bcd9
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -20171,7 +21259,7 @@ index 0000000..3a0bcd9
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -20187,18 +21275,24 @@ index 0000000..3a0bcd9
+selinux(8), ipsec(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/iptables_selinux.8 b/man/man8/iptables_selinux.8
new file mode 100644
-index 0000000..2eecf00
+index 0000000..50e4467
--- /dev/null
+++ b/man/man8/iptables_selinux.8
-@@ -0,0 +1,130 @@
+@@ -0,0 +1,136 @@
+.TH "iptables_selinux" "8" "iptables" "dwalsh at redhat.com" "iptables SELinux Policy documentation"
+.SH "NAME"
+iptables_selinux \- Security Enhanced Linux Policy for the iptables processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the iptables processes via flexible mandatory access
++
++SELinux Linux secures
++.B iptables
++(Policy for iptables)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. iptables policy is extremely flexible and has several booleans that allow you to manipulate the policy and run iptables with the tightest access possible.
+
@@ -20274,7 +21368,7 @@ index 0000000..2eecf00
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -20295,7 +21389,7 @@ index 0000000..2eecf00
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -20306,7 +21400,7 @@ index 0000000..2eecf00
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -20324,18 +21418,24 @@ index 0000000..2eecf00
\ No newline at end of file
diff --git a/man/man8/irc_selinux.8 b/man/man8/irc_selinux.8
new file mode 100644
-index 0000000..2452ce7
+index 0000000..6bd8081
--- /dev/null
+++ b/man/man8/irc_selinux.8
-@@ -0,0 +1,117 @@
+@@ -0,0 +1,123 @@
+.TH "irc_selinux" "8" "irc" "dwalsh at redhat.com" "irc SELinux Policy documentation"
+.SH "NAME"
+irc_selinux \- Security Enhanced Linux Policy for the irc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the irc processes via flexible mandatory access
++
++SELinux Linux secures
++.B irc
++(IRC client policy)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -20376,7 +21476,7 @@ index 0000000..2452ce7
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -20420,7 +21520,7 @@ index 0000000..2452ce7
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -20431,7 +21531,7 @@ index 0000000..2452ce7
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -20447,18 +21547,24 @@ index 0000000..2452ce7
+selinux(8), irc(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/irqbalance_selinux.8 b/man/man8/irqbalance_selinux.8
new file mode 100644
-index 0000000..ffdb49d
+index 0000000..daf7657
--- /dev/null
+++ b/man/man8/irqbalance_selinux.8
-@@ -0,0 +1,79 @@
+@@ -0,0 +1,85 @@
+.TH "irqbalance_selinux" "8" "irqbalance" "dwalsh at redhat.com" "irqbalance SELinux Policy documentation"
+.SH "NAME"
+irqbalance_selinux \- Security Enhanced Linux Policy for the irqbalance processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the irqbalance processes via flexible mandatory access
++
++SELinux Linux secures
++.B irqbalance
++(IRQ balancing daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -20487,7 +21593,7 @@ index 0000000..ffdb49d
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -20508,7 +21614,7 @@ index 0000000..ffdb49d
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -20519,7 +21625,7 @@ index 0000000..ffdb49d
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -20532,7 +21638,7 @@ index 0000000..ffdb49d
+selinux(8), irqbalance(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/irssi_selinux.8 b/man/man8/irssi_selinux.8
new file mode 100644
-index 0000000..c50713e
+index 0000000..3320869
--- /dev/null
+++ b/man/man8/irssi_selinux.8
@@ -0,0 +1,102 @@
@@ -20541,8 +21647,8 @@ index 0000000..c50713e
+irssi_selinux \- Security Enhanced Linux Policy for the irssi processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the irssi processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. irssi policy is extremely flexible and has several booleans that allow you to manipulate the policy and run irssi with the tightest access possible.
@@ -20591,7 +21697,7 @@ index 0000000..c50713e
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -20612,7 +21718,7 @@ index 0000000..c50713e
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -20623,7 +21729,7 @@ index 0000000..c50713e
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -20641,7 +21747,7 @@ index 0000000..c50713e
\ No newline at end of file
diff --git a/man/man8/iscsid_selinux.8 b/man/man8/iscsid_selinux.8
new file mode 100644
-index 0000000..f2ab88d
+index 0000000..c15d800
--- /dev/null
+++ b/man/man8/iscsid_selinux.8
@@ -0,0 +1,101 @@
@@ -20650,8 +21756,8 @@ index 0000000..f2ab88d
+iscsid_selinux \- Security Enhanced Linux Policy for the iscsid processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the iscsid processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -20677,7 +21783,7 @@ index 0000000..f2ab88d
+/sbin/brcm_iscsiuio, /sbin/iscsiuio, /usr/sbin/iscsiuio, /usr/sbin/iscsid, /usr/sbin/brcm_iscsiuio, /sbin/iscsid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -20721,7 +21827,7 @@ index 0000000..f2ab88d
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -20732,7 +21838,7 @@ index 0000000..f2ab88d
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -20748,7 +21854,7 @@ index 0000000..f2ab88d
+selinux(8), iscsid(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/iwhd_selinux.8 b/man/man8/iwhd_selinux.8
new file mode 100644
-index 0000000..766e5af
+index 0000000..2031201
--- /dev/null
+++ b/man/man8/iwhd_selinux.8
@@ -0,0 +1,103 @@
@@ -20757,8 +21863,8 @@ index 0000000..766e5af
+iwhd_selinux \- Security Enhanced Linux Policy for the iwhd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the iwhd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -20812,7 +21918,7 @@ index 0000000..766e5af
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -20833,7 +21939,7 @@ index 0000000..766e5af
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -20844,7 +21950,7 @@ index 0000000..766e5af
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -20857,7 +21963,7 @@ index 0000000..766e5af
+selinux(8), iwhd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/jabberd_selinux.8 b/man/man8/jabberd_selinux.8
new file mode 100644
-index 0000000..b5a997c
+index 0000000..5f3d39d
--- /dev/null
+++ b/man/man8/jabberd_selinux.8
@@ -0,0 +1,151 @@
@@ -20866,8 +21972,8 @@ index 0000000..b5a997c
+jabberd_selinux \- Security Enhanced Linux Policy for the jabberd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the jabberd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -20921,7 +22027,7 @@ index 0000000..b5a997c
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -20987,7 +22093,7 @@ index 0000000..b5a997c
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -20998,7 +22104,7 @@ index 0000000..b5a997c
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -21014,7 +22120,7 @@ index 0000000..b5a997c
+selinux(8), jabberd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/kadmind_selinux.8 b/man/man8/kadmind_selinux.8
new file mode 100644
-index 0000000..00cc2c6
+index 0000000..b56c5c1
--- /dev/null
+++ b/man/man8/kadmind_selinux.8
@@ -0,0 +1,99 @@
@@ -21023,8 +22129,8 @@ index 0000000..00cc2c6
+kadmind_selinux \- Security Enhanced Linux Policy for the kadmind processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the kadmind processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -21074,7 +22180,7 @@ index 0000000..00cc2c6
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -21095,7 +22201,7 @@ index 0000000..00cc2c6
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -21106,7 +22212,7 @@ index 0000000..00cc2c6
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -21119,18 +22225,24 @@ index 0000000..00cc2c6
+selinux(8), kadmind(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/kdump_selinux.8 b/man/man8/kdump_selinux.8
new file mode 100644
-index 0000000..4364216
+index 0000000..b47a14d
--- /dev/null
+++ b/man/man8/kdump_selinux.8
-@@ -0,0 +1,115 @@
+@@ -0,0 +1,121 @@
+.TH "kdump_selinux" "8" "kdump" "dwalsh at redhat.com" "kdump SELinux Policy documentation"
+.SH "NAME"
+kdump_selinux \- Security Enhanced Linux Policy for the kdump processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the kdump processes via flexible mandatory access
++
++SELinux Linux secures
++.B kdump
++(Kernel crash dumping mechanism)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -21195,7 +22307,7 @@ index 0000000..4364216
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -21216,7 +22328,7 @@ index 0000000..4364216
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -21227,7 +22339,7 @@ index 0000000..4364216
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -21240,18 +22352,24 @@ index 0000000..4364216
+selinux(8), kdump(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/kdumpgui_selinux.8 b/man/man8/kdumpgui_selinux.8
new file mode 100644
-index 0000000..ad3bde6
+index 0000000..82754b0
--- /dev/null
+++ b/man/man8/kdumpgui_selinux.8
-@@ -0,0 +1,79 @@
+@@ -0,0 +1,85 @@
+.TH "kdumpgui_selinux" "8" "kdumpgui" "dwalsh at redhat.com" "kdumpgui SELinux Policy documentation"
+.SH "NAME"
+kdumpgui_selinux \- Security Enhanced Linux Policy for the kdumpgui processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the kdumpgui processes via flexible mandatory access
++
++SELinux Linux secures
++.B kdumpgui
++(system-config-kdump GUI)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -21280,7 +22398,7 @@ index 0000000..ad3bde6
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -21301,7 +22419,7 @@ index 0000000..ad3bde6
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -21312,7 +22430,7 @@ index 0000000..ad3bde6
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -21325,18 +22443,24 @@ index 0000000..ad3bde6
+selinux(8), kdumpgui(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/keyboardd_selinux.8 b/man/man8/keyboardd_selinux.8
new file mode 100644
-index 0000000..ab69c3b
+index 0000000..782e48f
--- /dev/null
+++ b/man/man8/keyboardd_selinux.8
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,77 @@
+.TH "keyboardd_selinux" "8" "keyboardd" "dwalsh at redhat.com" "keyboardd SELinux Policy documentation"
+.SH "NAME"
+keyboardd_selinux \- Security Enhanced Linux Policy for the keyboardd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the keyboardd processes via flexible mandatory access
++
++SELinux Linux secures
++.B keyboardd
++(policy for system-setup-keyboard daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -21357,7 +22481,7 @@ index 0000000..ab69c3b
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -21378,7 +22502,7 @@ index 0000000..ab69c3b
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -21389,7 +22513,7 @@ index 0000000..ab69c3b
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -21402,18 +22526,24 @@ index 0000000..ab69c3b
+selinux(8), keyboardd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/kismet_selinux.8 b/man/man8/kismet_selinux.8
new file mode 100644
-index 0000000..e1f3b32
+index 0000000..678bdc4
--- /dev/null
+++ b/man/man8/kismet_selinux.8
-@@ -0,0 +1,145 @@
+@@ -0,0 +1,151 @@
+.TH "kismet_selinux" "8" "kismet" "dwalsh at redhat.com" "kismet SELinux Policy documentation"
+.SH "NAME"
+kismet_selinux \- Security Enhanced Linux Policy for the kismet processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the kismet processes via flexible mandatory access
++
++SELinux Linux secures
++.B kismet
++(Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -21482,7 +22612,7 @@ index 0000000..e1f3b32
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -21526,7 +22656,7 @@ index 0000000..e1f3b32
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -21537,7 +22667,7 @@ index 0000000..e1f3b32
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -21553,7 +22683,7 @@ index 0000000..e1f3b32
+selinux(8), kismet(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/klogd_selinux.8 b/man/man8/klogd_selinux.8
new file mode 100644
-index 0000000..f2ee399
+index 0000000..9dcdb4f
--- /dev/null
+++ b/man/man8/klogd_selinux.8
@@ -0,0 +1,91 @@
@@ -21562,8 +22692,8 @@ index 0000000..f2ee399
+klogd_selinux \- Security Enhanced Linux Policy for the klogd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the klogd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -21605,7 +22735,7 @@ index 0000000..f2ee399
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -21626,7 +22756,7 @@ index 0000000..f2ee399
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -21637,7 +22767,7 @@ index 0000000..f2ee399
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -21650,7 +22780,7 @@ index 0000000..f2ee399
+selinux(8), klogd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/kpropd_selinux.8 b/man/man8/kpropd_selinux.8
new file mode 100644
-index 0000000..8de9916
+index 0000000..5ad7425
--- /dev/null
+++ b/man/man8/kpropd_selinux.8
@@ -0,0 +1,97 @@
@@ -21659,8 +22789,8 @@ index 0000000..8de9916
+kpropd_selinux \- Security Enhanced Linux Policy for the kpropd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the kpropd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -21682,7 +22812,7 @@ index 0000000..8de9916
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -21726,7 +22856,7 @@ index 0000000..8de9916
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -21737,7 +22867,7 @@ index 0000000..8de9916
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -21753,7 +22883,7 @@ index 0000000..8de9916
+selinux(8), kpropd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/krb5kdc_selinux.8 b/man/man8/krb5kdc_selinux.8
new file mode 100644
-index 0000000..bc8517e
+index 0000000..8a01b27
--- /dev/null
+++ b/man/man8/krb5kdc_selinux.8
@@ -0,0 +1,131 @@
@@ -21762,8 +22892,8 @@ index 0000000..bc8517e
+krb5kdc_selinux \- Security Enhanced Linux Policy for the krb5kdc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the krb5kdc processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -21845,7 +22975,7 @@ index 0000000..bc8517e
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -21866,7 +22996,7 @@ index 0000000..bc8517e
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -21877,7 +23007,7 @@ index 0000000..bc8517e
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -21890,18 +23020,24 @@ index 0000000..bc8517e
+selinux(8), krb5kdc(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ksmtuned_selinux.8 b/man/man8/ksmtuned_selinux.8
new file mode 100644
-index 0000000..0741744
+index 0000000..5874ff2
--- /dev/null
+++ b/man/man8/ksmtuned_selinux.8
-@@ -0,0 +1,95 @@
+@@ -0,0 +1,101 @@
+.TH "ksmtuned_selinux" "8" "ksmtuned" "dwalsh at redhat.com" "ksmtuned SELinux Policy documentation"
+.SH "NAME"
+ksmtuned_selinux \- Security Enhanced Linux Policy for the ksmtuned processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ksmtuned processes via flexible mandatory access
++
++SELinux Linux secures
++.B ksmtuned
++(Kernel Samepage Merging (KSM) Tuning Daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -21946,7 +23082,7 @@ index 0000000..0741744
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -21967,7 +23103,7 @@ index 0000000..0741744
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -21978,7 +23114,7 @@ index 0000000..0741744
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -21991,7 +23127,7 @@ index 0000000..0741744
+selinux(8), ksmtuned(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ktalkd_selinux.8 b/man/man8/ktalkd_selinux.8
new file mode 100644
-index 0000000..324869b
+index 0000000..2b084b7
--- /dev/null
+++ b/man/man8/ktalkd_selinux.8
@@ -0,0 +1,125 @@
@@ -22000,8 +23136,8 @@ index 0000000..324869b
+ktalkd_selinux \- Security Enhanced Linux Policy for the ktalkd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ktalkd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -22051,7 +23187,7 @@ index 0000000..324869b
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -22095,7 +23231,7 @@ index 0000000..324869b
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -22106,7 +23242,7 @@ index 0000000..324869b
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -22122,18 +23258,24 @@ index 0000000..324869b
+selinux(8), ktalkd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/l2tpd_selinux.8 b/man/man8/l2tpd_selinux.8
new file mode 100644
-index 0000000..deb4542
+index 0000000..be9e0f9
--- /dev/null
+++ b/man/man8/l2tpd_selinux.8
-@@ -0,0 +1,107 @@
+@@ -0,0 +1,105 @@
+.TH "l2tpd_selinux" "8" "l2tpd" "dwalsh at redhat.com" "l2tpd SELinux Policy documentation"
+.SH "NAME"
+l2tpd_selinux \- Security Enhanced Linux Policy for the l2tpd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the l2tpd processes via flexible mandatory access
++
++SELinux Linux secures
++.B l2tpd
++(policy for l2tpd)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -22171,14 +23313,6 @@ index 0000000..deb4542
+
+.EX
+.PP
-+.B l2tpd_tmp_t
-+.EE
-+
-+- Set files with the l2tpd_tmp_t type, if you want to store l2tpd temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
+.B l2tpd_var_run_t
+.EE
+
@@ -22190,7 +23324,7 @@ index 0000000..deb4542
+/var/run/xl2tpd(/.*)?, /var/run/xl2tpd\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -22211,7 +23345,7 @@ index 0000000..deb4542
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -22222,7 +23356,7 @@ index 0000000..deb4542
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -22235,7 +23369,7 @@ index 0000000..deb4542
+selinux(8), l2tpd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ldconfig_selinux.8 b/man/man8/ldconfig_selinux.8
new file mode 100644
-index 0000000..671bb09
+index 0000000..488c36b
--- /dev/null
+++ b/man/man8/ldconfig_selinux.8
@@ -0,0 +1,91 @@
@@ -22244,8 +23378,8 @@ index 0000000..671bb09
+ldconfig_selinux \- Security Enhanced Linux Policy for the ldconfig processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ldconfig processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -22287,7 +23421,7 @@ index 0000000..671bb09
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -22308,7 +23442,7 @@ index 0000000..671bb09
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -22319,7 +23453,7 @@ index 0000000..671bb09
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -22332,7 +23466,7 @@ index 0000000..671bb09
+selinux(8), ldconfig(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/libra_selinux.8 b/man/man8/libra_selinux.8
new file mode 100644
-index 0000000..98838a9
+index 0000000..8b6ac6e
--- /dev/null
+++ b/man/man8/libra_selinux.8
@@ -0,0 +1,173 @@
@@ -22341,8 +23475,8 @@ index 0000000..98838a9
+libra_selinux \- Security Enhanced Linux Policy for the libra processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the libra processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -22440,7 +23574,7 @@ index 0000000..98838a9
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -22484,7 +23618,7 @@ index 0000000..98838a9
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -22495,7 +23629,7 @@ index 0000000..98838a9
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -22511,18 +23645,24 @@ index 0000000..98838a9
+selinux(8), libra(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/lircd_selinux.8 b/man/man8/lircd_selinux.8
new file mode 100644
-index 0000000..42bf721
+index 0000000..6b5ddb1
--- /dev/null
+++ b/man/man8/lircd_selinux.8
-@@ -0,0 +1,129 @@
+@@ -0,0 +1,135 @@
+.TH "lircd_selinux" "8" "lircd" "dwalsh at redhat.com" "lircd SELinux Policy documentation"
+.SH "NAME"
+lircd_selinux \- Security Enhanced Linux Policy for the lircd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the lircd processes via flexible mandatory access
++
++SELinux Linux secures
++.B lircd
++(Linux infared remote control daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -22575,7 +23715,7 @@ index 0000000..42bf721
+/var/run/lirc(/.*)?, /var/run/lircd(/.*)?, /var/run/lircd\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -22619,7 +23759,7 @@ index 0000000..42bf721
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -22630,7 +23770,7 @@ index 0000000..42bf721
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -22646,18 +23786,24 @@ index 0000000..42bf721
+selinux(8), lircd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/livecd_selinux.8 b/man/man8/livecd_selinux.8
new file mode 100644
-index 0000000..deddf24
+index 0000000..01c43d5
--- /dev/null
+++ b/man/man8/livecd_selinux.8
-@@ -0,0 +1,79 @@
+@@ -0,0 +1,85 @@
+.TH "livecd_selinux" "8" "livecd" "dwalsh at redhat.com" "livecd SELinux Policy documentation"
+.SH "NAME"
+livecd_selinux \- Security Enhanced Linux Policy for the livecd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the livecd processes via flexible mandatory access
++
++SELinux Linux secures
++.B livecd
++(Livecd tool for building alternate livecd for different os and policy versions)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -22686,7 +23832,7 @@ index 0000000..deddf24
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -22707,7 +23853,7 @@ index 0000000..deddf24
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -22718,7 +23864,7 @@ index 0000000..deddf24
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -22731,18 +23877,24 @@ index 0000000..deddf24
+selinux(8), livecd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/lldpad_selinux.8 b/man/man8/lldpad_selinux.8
new file mode 100644
-index 0000000..b83dbe6
+index 0000000..25e0ebf
--- /dev/null
+++ b/man/man8/lldpad_selinux.8
-@@ -0,0 +1,103 @@
+@@ -0,0 +1,109 @@
+.TH "lldpad_selinux" "8" "lldpad" "dwalsh at redhat.com" "lldpad SELinux Policy documentation"
+.SH "NAME"
+lldpad_selinux \- Security Enhanced Linux Policy for the lldpad processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the lldpad processes via flexible mandatory access
++
++SELinux Linux secures
++.B lldpad
++(policy for lldpad)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -22795,7 +23947,7 @@ index 0000000..b83dbe6
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -22816,7 +23968,7 @@ index 0000000..b83dbe6
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -22827,7 +23979,7 @@ index 0000000..b83dbe6
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -22840,7 +23992,7 @@ index 0000000..b83dbe6
+selinux(8), lldpad(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/load_selinux.8 b/man/man8/load_selinux.8
new file mode 100644
-index 0000000..bf48263
+index 0000000..27bf215
--- /dev/null
+++ b/man/man8/load_selinux.8
@@ -0,0 +1,116 @@
@@ -22849,8 +24001,8 @@ index 0000000..bf48263
+load_selinux \- Security Enhanced Linux Policy for the load processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the load processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. load policy is extremely flexible and has several booleans that allow you to manipulate the policy and run load with the tightest access possible.
@@ -22913,7 +24065,7 @@ index 0000000..bf48263
+/bin/unikeys, /usr/bin/unikeys, /bin/loadkeys, /usr/bin/loadkeys
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -22934,7 +24086,7 @@ index 0000000..bf48263
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -22945,7 +24097,7 @@ index 0000000..bf48263
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -22963,18 +24115,24 @@ index 0000000..bf48263
\ No newline at end of file
diff --git a/man/man8/loadkeys_selinux.8 b/man/man8/loadkeys_selinux.8
new file mode 100644
-index 0000000..d6b82cd
+index 0000000..7ea5471
--- /dev/null
+++ b/man/man8/loadkeys_selinux.8
-@@ -0,0 +1,75 @@
+@@ -0,0 +1,81 @@
+.TH "loadkeys_selinux" "8" "loadkeys" "dwalsh at redhat.com" "loadkeys SELinux Policy documentation"
+.SH "NAME"
+loadkeys_selinux \- Security Enhanced Linux Policy for the loadkeys processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the loadkeys processes via flexible mandatory access
++
++SELinux Linux secures
++.B loadkeys
++(Load keyboard mappings)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -22999,7 +24157,7 @@ index 0000000..d6b82cd
+/bin/unikeys, /usr/bin/unikeys, /bin/loadkeys, /usr/bin/loadkeys
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -23020,7 +24178,7 @@ index 0000000..d6b82cd
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -23031,7 +24189,7 @@ index 0000000..d6b82cd
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -23044,7 +24202,7 @@ index 0000000..d6b82cd
+selinux(8), loadkeys(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/locate_selinux.8 b/man/man8/locate_selinux.8
new file mode 100644
-index 0000000..7c3d369
+index 0000000..d9c0a33
--- /dev/null
+++ b/man/man8/locate_selinux.8
@@ -0,0 +1,87 @@
@@ -23053,8 +24211,8 @@ index 0000000..7c3d369
+locate_selinux \- Security Enhanced Linux Policy for the locate processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the locate processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -23092,7 +24250,7 @@ index 0000000..7c3d369
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -23113,7 +24271,7 @@ index 0000000..7c3d369
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -23124,7 +24282,7 @@ index 0000000..7c3d369
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -23137,18 +24295,24 @@ index 0000000..7c3d369
+selinux(8), locate(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/lockdev_selinux.8 b/man/man8/lockdev_selinux.8
new file mode 100644
-index 0000000..0996a05
+index 0000000..c899a1b
--- /dev/null
+++ b/man/man8/lockdev_selinux.8
-@@ -0,0 +1,79 @@
+@@ -0,0 +1,85 @@
+.TH "lockdev_selinux" "8" "lockdev" "dwalsh at redhat.com" "lockdev SELinux Policy documentation"
+.SH "NAME"
+lockdev_selinux \- Security Enhanced Linux Policy for the lockdev processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the lockdev processes via flexible mandatory access
++
++SELinux Linux secures
++.B lockdev
++(device locking policy for lockdev)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -23177,7 +24341,7 @@ index 0000000..0996a05
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -23198,7 +24362,7 @@ index 0000000..0996a05
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -23209,7 +24373,7 @@ index 0000000..0996a05
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -23220,20 +24384,97 @@ index 0000000..0996a05
+
+.SH "SEE ALSO"
+selinux(8), lockdev(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/logadm_selinux.8 b/man/man8/logadm_selinux.8
+new file mode 100644
+index 0000000..0edd73f
+--- /dev/null
++++ b/man/man8/logadm_selinux.8
+@@ -0,0 +1,65 @@
++.TH "logadm_selinux" "8" "logadm" "mgrepl at redhat.com" "logadm SELinux Policy documentation"
++.SH "NAME"
++logadm_r \- \fBLog administrator role\fP - Security Enhanced Linux Policy
++
++.SH DESCRIPTION
++
++SELinux supports Roles Based Access Control, some Linux roles are login roles, while other roles need to be transition to.
++
++Note: The examples in the man page will user the staff_u user.
++
++Non login roles are usually used for administrative tasks.
++
++Roles usually have default types assigned to them.
++
++The default type for the logadm_r role is logadm_t.
++
++You can use the
++.B newrole
++program to transition directly to this role.
++
++.B newrole -r logadm_r -t logadm_t
++
++.B sudo
++can also be setup to transition to this role using the visudo command.
++
++USERNAME ALL=(ALL) ROLE=logadm_r TYPE=logadm_t COMMAND
++.br
++sudo will run COMMAND as staff_u:logadm_r:logadm_t:LEVEL
++
++If you want to use a non login role, you need to make sure the SELinux user you are using can reach this role.
++
++You can see all of the assigned SELinux roles using the following
++
++.B semanage user -l
++
++If you wanted to add logadm_r to the staff_u user, you would execute:
++
++.B $ semanage user -m -R 'staff_r logadm_r' staff_u
++
++
++
++SELinux policy also controls which roles can transition to a different role.
++You can list these rules using the following command.
++
++.B sesearch --role_allow
++
++SELinux policy allows the staff_r role can transition to the logadm_r role.
++
++
++.SH "COMMANDS"
++
++.B semanage login
++can also be used to manipulate the Linux User to SELinux User mappings
++
++.B semanage user
++can also be used to manipulate SELinux user definitions.
++
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was autogenerated by genuserman.py.
++
++.SH "SEE ALSO"
++selinux(8), semanage(8).
diff --git a/man/man8/logrotate_selinux.8 b/man/man8/logrotate_selinux.8
new file mode 100644
-index 0000000..d1175ed
+index 0000000..7f01fd7
--- /dev/null
+++ b/man/man8/logrotate_selinux.8
-@@ -0,0 +1,107 @@
+@@ -0,0 +1,113 @@
+.TH "logrotate_selinux" "8" "logrotate" "dwalsh at redhat.com" "logrotate SELinux Policy documentation"
+.SH "NAME"
+logrotate_selinux \- Security Enhanced Linux Policy for the logrotate processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the logrotate processes via flexible mandatory access
++
++SELinux Linux secures
++.B logrotate
++(Rotate and archive system logs)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -23290,7 +24531,7 @@ index 0000000..d1175ed
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -23311,7 +24552,7 @@ index 0000000..d1175ed
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -23322,7 +24563,7 @@ index 0000000..d1175ed
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -23335,18 +24576,24 @@ index 0000000..d1175ed
+selinux(8), logrotate(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/logwatch_selinux.8 b/man/man8/logwatch_selinux.8
new file mode 100644
-index 0000000..1b28304
+index 0000000..a03fd51
--- /dev/null
+++ b/man/man8/logwatch_selinux.8
-@@ -0,0 +1,119 @@
+@@ -0,0 +1,125 @@
+.TH "logwatch_selinux" "8" "logwatch" "dwalsh at redhat.com" "logwatch SELinux Policy documentation"
+.SH "NAME"
+logwatch_selinux \- Security Enhanced Linux Policy for the logwatch processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the logwatch processes via flexible mandatory access
++
++SELinux Linux secures
++.B logwatch
++(System log analyzer and reporter)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -23415,7 +24662,7 @@ index 0000000..1b28304
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -23436,7 +24683,7 @@ index 0000000..1b28304
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -23447,7 +24694,7 @@ index 0000000..1b28304
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -23460,18 +24707,24 @@ index 0000000..1b28304
+selinux(8), logwatch(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/lpd_selinux.8 b/man/man8/lpd_selinux.8
new file mode 100644
-index 0000000..b3cc89a
+index 0000000..f69947a
--- /dev/null
+++ b/man/man8/lpd_selinux.8
-@@ -0,0 +1,106 @@
+@@ -0,0 +1,112 @@
+.TH "lpd_selinux" "8" "lpd" "dwalsh at redhat.com" "lpd SELinux Policy documentation"
+.SH "NAME"
+lpd_selinux \- Security Enhanced Linux Policy for the lpd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the lpd processes via flexible mandatory access
++
++SELinux Linux secures
++.B lpd
++(Line printer daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. lpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run lpd with the tightest access possible.
+
@@ -23523,7 +24776,7 @@ index 0000000..b3cc89a
+/var/run/lprng(/.*)?, /var/spool/turboprint(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -23544,7 +24797,7 @@ index 0000000..b3cc89a
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -23555,7 +24808,7 @@ index 0000000..b3cc89a
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -23573,7 +24826,7 @@ index 0000000..b3cc89a
\ No newline at end of file
diff --git a/man/man8/lpr_selinux.8 b/man/man8/lpr_selinux.8
new file mode 100644
-index 0000000..5365989
+index 0000000..d9bcb8b
--- /dev/null
+++ b/man/man8/lpr_selinux.8
@@ -0,0 +1,83 @@
@@ -23582,8 +24835,8 @@ index 0000000..5365989
+lpr_selinux \- Security Enhanced Linux Policy for the lpr processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the lpr processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -23617,7 +24870,7 @@ index 0000000..5365989
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -23638,7 +24891,7 @@ index 0000000..5365989
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -23649,7 +24902,7 @@ index 0000000..5365989
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -23662,7 +24915,7 @@ index 0000000..5365989
+selinux(8), lpr(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/lsassd_selinux.8 b/man/man8/lsassd_selinux.8
new file mode 100644
-index 0000000..0f54934
+index 0000000..087cd7b
--- /dev/null
+++ b/man/man8/lsassd_selinux.8
@@ -0,0 +1,111 @@
@@ -23671,8 +24924,8 @@ index 0000000..0f54934
+lsassd_selinux \- Security Enhanced Linux Policy for the lsassd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the lsassd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -23734,7 +24987,7 @@ index 0000000..0f54934
+/var/lib/likewise-open/rpc/lsass, /var/lib/likewise-open/\.lsassd, /var/lib/likewise-open/\.ntlmd
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -23755,7 +25008,7 @@ index 0000000..0f54934
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -23766,7 +25019,7 @@ index 0000000..0f54934
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -23779,18 +25032,24 @@ index 0000000..0f54934
+selinux(8), lsassd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/lvm_selinux.8 b/man/man8/lvm_selinux.8
new file mode 100644
-index 0000000..3f8682b
+index 0000000..6c83eec
--- /dev/null
+++ b/man/man8/lvm_selinux.8
-@@ -0,0 +1,135 @@
+@@ -0,0 +1,141 @@
+.TH "lvm_selinux" "8" "lvm" "dwalsh at redhat.com" "lvm SELinux Policy documentation"
+.SH "NAME"
+lvm_selinux \- Security Enhanced Linux Policy for the lvm processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the lvm processes via flexible mandatory access
++
++SELinux Linux secures
++.B lvm
++(Policy for logical volume management programs)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -23875,7 +25134,7 @@ index 0000000..3f8682b
+/var/run/lvm(/.*)?, /var/run/multipathd\.sock, /var/run/dmevent.*
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -23896,7 +25155,7 @@ index 0000000..3f8682b
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -23907,7 +25166,7 @@ index 0000000..3f8682b
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -23920,7 +25179,7 @@ index 0000000..3f8682b
+selinux(8), lvm(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/lwiod_selinux.8 b/man/man8/lwiod_selinux.8
new file mode 100644
-index 0000000..cd80258
+index 0000000..39b80fc
--- /dev/null
+++ b/man/man8/lwiod_selinux.8
@@ -0,0 +1,95 @@
@@ -23929,8 +25188,8 @@ index 0000000..cd80258
+lwiod_selinux \- Security Enhanced Linux Policy for the lwiod processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the lwiod processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -23976,7 +25235,7 @@ index 0000000..cd80258
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -23997,7 +25256,7 @@ index 0000000..cd80258
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -24008,7 +25267,7 @@ index 0000000..cd80258
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -24021,7 +25280,7 @@ index 0000000..cd80258
+selinux(8), lwiod(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/lwregd_selinux.8 b/man/man8/lwregd_selinux.8
new file mode 100644
-index 0000000..faa403c
+index 0000000..e954cd1
--- /dev/null
+++ b/man/man8/lwregd_selinux.8
@@ -0,0 +1,99 @@
@@ -24030,8 +25289,8 @@ index 0000000..faa403c
+lwregd_selinux \- Security Enhanced Linux Policy for the lwregd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the lwregd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -24081,7 +25340,7 @@ index 0000000..faa403c
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -24102,7 +25361,7 @@ index 0000000..faa403c
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -24113,7 +25372,7 @@ index 0000000..faa403c
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -24126,7 +25385,7 @@ index 0000000..faa403c
+selinux(8), lwregd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/lwsmd_selinux.8 b/man/man8/lwsmd_selinux.8
new file mode 100644
-index 0000000..dabf317
+index 0000000..96c1b69
--- /dev/null
+++ b/man/man8/lwsmd_selinux.8
@@ -0,0 +1,95 @@
@@ -24135,8 +25394,8 @@ index 0000000..dabf317
+lwsmd_selinux \- Security Enhanced Linux Policy for the lwsmd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the lwsmd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -24182,7 +25441,7 @@ index 0000000..dabf317
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -24203,7 +25462,7 @@ index 0000000..dabf317
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -24214,7 +25473,7 @@ index 0000000..dabf317
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -24227,7 +25486,7 @@ index 0000000..dabf317
+selinux(8), lwsmd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/mail_selinux.8 b/man/man8/mail_selinux.8
new file mode 100644
-index 0000000..98a5752
+index 0000000..c4d1d16
--- /dev/null
+++ b/man/man8/mail_selinux.8
@@ -0,0 +1,269 @@
@@ -24236,8 +25495,8 @@ index 0000000..98a5752
+mail_selinux \- Security Enhanced Linux Policy for the mail processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mail processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. mail policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mail with the tightest access possible.
@@ -24427,7 +25686,7 @@ index 0000000..98a5752
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -24471,7 +25730,7 @@ index 0000000..98a5752
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -24482,7 +25741,7 @@ index 0000000..98a5752
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -24503,18 +25762,24 @@ index 0000000..98a5752
\ No newline at end of file
diff --git a/man/man8/mailman_selinux.8 b/man/man8/mailman_selinux.8
new file mode 100644
-index 0000000..e2d200a
+index 0000000..1b5f5f7
--- /dev/null
+++ b/man/man8/mailman_selinux.8
-@@ -0,0 +1,163 @@
+@@ -0,0 +1,169 @@
+.TH "mailman_selinux" "8" "mailman" "dwalsh at redhat.com" "mailman SELinux Policy documentation"
+.SH "NAME"
+mailman_selinux \- Security Enhanced Linux Policy for the mailman processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mailman processes via flexible mandatory access
++
++SELinux Linux secures
++.B mailman
++(Mailman is for managing electronic mail discussion and e-newsletter lists)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -24627,7 +25892,7 @@ index 0000000..e2d200a
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -24648,7 +25913,7 @@ index 0000000..e2d200a
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -24659,7 +25924,7 @@ index 0000000..e2d200a
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -24672,18 +25937,24 @@ index 0000000..e2d200a
+selinux(8), mailman(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/matahari_selinux.8 b/man/man8/matahari_selinux.8
new file mode 100644
-index 0000000..751d7de
+index 0000000..378c15f
--- /dev/null
+++ b/man/man8/matahari_selinux.8
-@@ -0,0 +1,165 @@
+@@ -0,0 +1,223 @@
+.TH "matahari_selinux" "8" "matahari" "dwalsh at redhat.com" "matahari SELinux Policy documentation"
+.SH "NAME"
+matahari_selinux \- Security Enhanced Linux Policy for the matahari processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the matahari processes via flexible mandatory access
++
++SELinux Linux secures
++.B matahari
++(policy for matahari)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -24709,6 +25980,18 @@ index 0000000..751d7de
+
+.EX
+.PP
++.B matahari_hostd_unit_file_t
++.EE
++
++- Set files with the matahari_hostd_unit_file_t type, if you want to treat the files as matahari hostd unit content.
++
++.br
++.TP 5
++Paths:
++/usr/lib/systemd/system/matahari-host\.service, /lib/systemd/system/matahari-host\.service
++
++.EX
++.PP
+.B matahari_initrc_exec_t
+.EE
+
@@ -24717,7 +26000,7 @@ index 0000000..751d7de
+.br
+.TP 5
+Paths:
-+/etc/rc\.d/init\.d/matahari-service, /etc/rc\.d/init\.d/matahari-sysconfig, /etc/rc\.d/init\.d/matahari-host, /etc/rc\.d/init\.d/matahari-net
++/etc/rc\.d/init\.d/matahari-sysconfig, /etc/rc\.d/init\.d/matahari-host, /etc/rc\.d/init\.d/matahari-service, /etc/init.d/matahari-sysconfig-console, /etc/rc\.d/init\.d/matahari-net
+
+.EX
+.PP
@@ -24733,6 +26016,18 @@ index 0000000..751d7de
+
+.EX
+.PP
++.B matahari_netd_unit_file_t
++.EE
++
++- Set files with the matahari_netd_unit_file_t type, if you want to treat the files as matahari netd unit content.
++
++.br
++.TP 5
++Paths:
++/usr/lib/systemd/system/matahari-network\.service, /lib/systemd/system/matahari-network\.service
++
++.EX
++.PP
+.B matahari_serviced_exec_t
+.EE
+
@@ -24745,11 +26040,39 @@ index 0000000..751d7de
+
+.EX
+.PP
++.B matahari_serviced_unit_file_t
++.EE
++
++- Set files with the matahari_serviced_unit_file_t type, if you want to treat the files as matahari serviced unit content.
++
++.br
++.TP 5
++Paths:
++/usr/lib/systemd/system/matahari-service\.service, /lib/systemd/system/matahari-service\.service
++
++.EX
++.PP
+.B matahari_sysconfigd_exec_t
+.EE
+
+- Set files with the matahari_sysconfigd_exec_t type, if you want to transition an executable to the matahari_sysconfigd_t domain.
+
++.br
++.TP 5
++Paths:
++/usr/sbin/matahari-qmf-sysconfigd, /usr/sbin/matahari-qmf-sysconfig-consoled
++
++.EX
++.PP
++.B matahari_sysconfigd_unit_file_t
++.EE
++
++- Set files with the matahari_sysconfigd_unit_file_t type, if you want to treat the files as matahari sysconfigd unit content.
++
++.br
++.TP 5
++Paths:
++/usr/lib/systemd/system/matahari-sysconfig-console\.service, /lib/systemd/system/matahari-sysconfig\.service, /usr/lib/systemd/system/matahari-sysconfig\.service, /lib/systemd/system/matahari-sysconfig-console\.service
+
+.EX
+.PP
@@ -24772,7 +26095,7 @@ index 0000000..751d7de
+/var/run/matahari(/.*)?, /var/run/matahari\.pid, /var/run/matahari-broker\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -24816,7 +26139,7 @@ index 0000000..751d7de
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -24827,7 +26150,7 @@ index 0000000..751d7de
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -24843,18 +26166,24 @@ index 0000000..751d7de
+selinux(8), matahari(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/mcelog_selinux.8 b/man/man8/mcelog_selinux.8
new file mode 100644
-index 0000000..3081a08
+index 0000000..7292383
--- /dev/null
+++ b/man/man8/mcelog_selinux.8
-@@ -0,0 +1,87 @@
+@@ -0,0 +1,93 @@
+.TH "mcelog_selinux" "8" "mcelog" "dwalsh at redhat.com" "mcelog SELinux Policy documentation"
+.SH "NAME"
+mcelog_selinux \- Security Enhanced Linux Policy for the mcelog processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mcelog processes via flexible mandatory access
++
++SELinux Linux secures
++.B mcelog
++(policy for mcelog)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -24891,7 +26220,7 @@ index 0000000..3081a08
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -24912,7 +26241,7 @@ index 0000000..3081a08
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -24923,7 +26252,7 @@ index 0000000..3081a08
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -24936,7 +26265,7 @@ index 0000000..3081a08
+selinux(8), mcelog(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/mdadm_selinux.8 b/man/man8/mdadm_selinux.8
new file mode 100644
-index 0000000..6cc1b72
+index 0000000..ab79be5
--- /dev/null
+++ b/man/man8/mdadm_selinux.8
@@ -0,0 +1,87 @@
@@ -24945,8 +26274,8 @@ index 0000000..6cc1b72
+mdadm_selinux \- Security Enhanced Linux Policy for the mdadm processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mdadm processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -24984,7 +26313,7 @@ index 0000000..6cc1b72
+/var/run/mdadm(/.*)?, /dev/md/.*, /dev/.mdadm\.map
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -25005,7 +26334,7 @@ index 0000000..6cc1b72
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -25016,7 +26345,7 @@ index 0000000..6cc1b72
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -25029,18 +26358,24 @@ index 0000000..6cc1b72
+selinux(8), mdadm(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/memcached_selinux.8 b/man/man8/memcached_selinux.8
new file mode 100644
-index 0000000..5cb811c
+index 0000000..62d286c
--- /dev/null
+++ b/man/man8/memcached_selinux.8
-@@ -0,0 +1,132 @@
+@@ -0,0 +1,138 @@
+.TH "memcached_selinux" "8" "memcached" "dwalsh at redhat.com" "memcached SELinux Policy documentation"
+.SH "NAME"
+memcached_selinux \- Security Enhanced Linux Policy for the memcached processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the memcached processes via flexible mandatory access
++
++SELinux Linux secures
++.B memcached
++(high-performance memory object caching system)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. memcached policy is extremely flexible and has several booleans that allow you to manipulate the policy and run memcached with the tightest access possible.
+
@@ -25092,7 +26427,7 @@ index 0000000..5cb811c
+/var/run/ipa_memcached(/.*)?, /var/run/memcached(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -25136,7 +26471,7 @@ index 0000000..5cb811c
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -25147,7 +26482,7 @@ index 0000000..5cb811c
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -25168,7 +26503,7 @@ index 0000000..5cb811c
\ No newline at end of file
diff --git a/man/man8/mencoder_selinux.8 b/man/man8/mencoder_selinux.8
new file mode 100644
-index 0000000..d67874c
+index 0000000..aa093ee
--- /dev/null
+++ b/man/man8/mencoder_selinux.8
@@ -0,0 +1,71 @@
@@ -25177,8 +26512,8 @@ index 0000000..d67874c
+mencoder_selinux \- Security Enhanced Linux Policy for the mencoder processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mencoder processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -25200,7 +26535,7 @@ index 0000000..d67874c
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -25221,7 +26556,7 @@ index 0000000..d67874c
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -25232,7 +26567,7 @@ index 0000000..d67874c
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -25245,18 +26580,24 @@ index 0000000..d67874c
+selinux(8), mencoder(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/mock_selinux.8 b/man/man8/mock_selinux.8
new file mode 100644
-index 0000000..4dbe413
+index 0000000..e7cc7e3
--- /dev/null
+++ b/man/man8/mock_selinux.8
-@@ -0,0 +1,126 @@
+@@ -0,0 +1,132 @@
+.TH "mock_selinux" "8" "mock" "dwalsh at redhat.com" "mock SELinux Policy documentation"
+.SH "NAME"
+mock_selinux \- Security Enhanced Linux Policy for the mock processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mock processes via flexible mandatory access
++
++SELinux Linux secures
++.B mock
++(policy for mock)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. mock policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mock with the tightest access possible.
+
@@ -25328,7 +26669,7 @@ index 0000000..4dbe413
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -25349,7 +26690,7 @@ index 0000000..4dbe413
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -25360,7 +26701,7 @@ index 0000000..4dbe413
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -25378,18 +26719,24 @@ index 0000000..4dbe413
\ No newline at end of file
diff --git a/man/man8/modemmanager_selinux.8 b/man/man8/modemmanager_selinux.8
new file mode 100644
-index 0000000..20f01ce
+index 0000000..3772dfe
--- /dev/null
+++ b/man/man8/modemmanager_selinux.8
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,77 @@
+.TH "modemmanager_selinux" "8" "modemmanager" "dwalsh at redhat.com" "modemmanager SELinux Policy documentation"
+.SH "NAME"
+modemmanager_selinux \- Security Enhanced Linux Policy for the modemmanager processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the modemmanager processes via flexible mandatory access
++
++SELinux Linux secures
++.B modemmanager
++(Provides a DBus interface to communicate with mobile broadband (GSM, CDMA, UMTS, ...) cards)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -25410,7 +26757,7 @@ index 0000000..20f01ce
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -25431,7 +26778,7 @@ index 0000000..20f01ce
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -25442,7 +26789,7 @@ index 0000000..20f01ce
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -25455,7 +26802,7 @@ index 0000000..20f01ce
+selinux(8), modemmanager(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/mongod_selinux.8 b/man/man8/mongod_selinux.8
new file mode 100644
-index 0000000..4bfbb17
+index 0000000..7282fb2
--- /dev/null
+++ b/man/man8/mongod_selinux.8
@@ -0,0 +1,145 @@
@@ -25464,8 +26811,8 @@ index 0000000..4bfbb17
+mongod_selinux \- Security Enhanced Linux Policy for the mongod processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mongod processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -25535,7 +26882,7 @@ index 0000000..4bfbb17
+/var/run/mongodb(/.*)?, /var/run/aeolus/dbomatic\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -25579,7 +26926,7 @@ index 0000000..4bfbb17
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -25590,7 +26937,7 @@ index 0000000..4bfbb17
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -25606,18 +26953,24 @@ index 0000000..4bfbb17
+selinux(8), mongod(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/mount_selinux.8 b/man/man8/mount_selinux.8
new file mode 100644
-index 0000000..4f40270
+index 0000000..9744fa7
--- /dev/null
+++ b/man/man8/mount_selinux.8
-@@ -0,0 +1,125 @@
+@@ -0,0 +1,131 @@
+.TH "mount_selinux" "8" "mount" "dwalsh at redhat.com" "mount SELinux Policy documentation"
+.SH "NAME"
+mount_selinux \- Security Enhanced Linux Policy for the mount processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mount processes via flexible mandatory access
++
++SELinux Linux secures
++.B mount
++(Policy for mount)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. mount policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mount with the tightest access possible.
+
@@ -25688,7 +27041,7 @@ index 0000000..4f40270
+/run/mount(/.*)?, /dev/\.mount(/.*)?, /var/run/mount(/.*)?, /var/run/davfs2(/.*)?, /var/cache/davfs2(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -25709,7 +27062,7 @@ index 0000000..4f40270
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -25720,7 +27073,7 @@ index 0000000..4f40270
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -25738,18 +27091,24 @@ index 0000000..4f40270
\ No newline at end of file
diff --git a/man/man8/mozilla_selinux.8 b/man/man8/mozilla_selinux.8
new file mode 100644
-index 0000000..5ae82ea
+index 0000000..905f994
--- /dev/null
+++ b/man/man8/mozilla_selinux.8
-@@ -0,0 +1,173 @@
+@@ -0,0 +1,179 @@
+.TH "mozilla_selinux" "8" "mozilla" "dwalsh at redhat.com" "mozilla SELinux Policy documentation"
+.SH "NAME"
+mozilla_selinux \- Security Enhanced Linux Policy for the mozilla processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mozilla processes via flexible mandatory access
++
++SELinux Linux secures
++.B mozilla
++(Policy for Mozilla and related web browsers)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. mozilla policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mozilla with the tightest access possible.
+
@@ -25868,7 +27227,7 @@ index 0000000..5ae82ea
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -25889,7 +27248,7 @@ index 0000000..5ae82ea
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -25900,7 +27259,7 @@ index 0000000..5ae82ea
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -25918,18 +27277,24 @@ index 0000000..5ae82ea
\ No newline at end of file
diff --git a/man/man8/mpd_selinux.8 b/man/man8/mpd_selinux.8
new file mode 100644
-index 0000000..4603580
+index 0000000..76210f5
--- /dev/null
+++ b/man/man8/mpd_selinux.8
-@@ -0,0 +1,200 @@
+@@ -0,0 +1,206 @@
+.TH "mpd_selinux" "8" "mpd" "dwalsh at redhat.com" "mpd SELinux Policy documentation"
+.SH "NAME"
+mpd_selinux \- Security Enhanced Linux Policy for the mpd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mpd processes via flexible mandatory access
++
++SELinux Linux secures
++.B mpd
++(Music Player Daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. mpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mpd with the tightest access possible.
+
@@ -26049,7 +27414,7 @@ index 0000000..4603580
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -26093,7 +27458,7 @@ index 0000000..4603580
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -26104,7 +27469,7 @@ index 0000000..4603580
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -26125,18 +27490,24 @@ index 0000000..4603580
\ No newline at end of file
diff --git a/man/man8/mplayer_selinux.8 b/man/man8/mplayer_selinux.8
new file mode 100644
-index 0000000..295c459
+index 0000000..0098b19
--- /dev/null
+++ b/man/man8/mplayer_selinux.8
-@@ -0,0 +1,121 @@
+@@ -0,0 +1,127 @@
+.TH "mplayer_selinux" "8" "mplayer" "dwalsh at redhat.com" "mplayer SELinux Policy documentation"
+.SH "NAME"
+mplayer_selinux \- Security Enhanced Linux Policy for the mplayer processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mplayer processes via flexible mandatory access
++
++SELinux Linux secures
++.B mplayer
++(Mplayer media player and encoder)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. mplayer policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mplayer with the tightest access possible.
+
@@ -26203,7 +27574,7 @@ index 0000000..295c459
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -26224,7 +27595,7 @@ index 0000000..295c459
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -26235,7 +27606,7 @@ index 0000000..295c459
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -26253,18 +27624,24 @@ index 0000000..295c459
\ No newline at end of file
diff --git a/man/man8/mrtg_selinux.8 b/man/man8/mrtg_selinux.8
new file mode 100644
-index 0000000..6fc2f14
+index 0000000..0ca59e6
--- /dev/null
+++ b/man/man8/mrtg_selinux.8
-@@ -0,0 +1,115 @@
+@@ -0,0 +1,121 @@
+.TH "mrtg_selinux" "8" "mrtg" "dwalsh at redhat.com" "mrtg SELinux Policy documentation"
+.SH "NAME"
+mrtg_selinux \- Security Enhanced Linux Policy for the mrtg processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mrtg processes via flexible mandatory access
++
++SELinux Linux secures
++.B mrtg
++(Network traffic graphing)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -26329,7 +27706,7 @@ index 0000000..6fc2f14
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -26350,7 +27727,7 @@ index 0000000..6fc2f14
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -26361,7 +27738,7 @@ index 0000000..6fc2f14
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -26374,7 +27751,7 @@ index 0000000..6fc2f14
+selinux(8), mrtg(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/mscan_selinux.8 b/man/man8/mscan_selinux.8
new file mode 100644
-index 0000000..6439622
+index 0000000..1b9091c
--- /dev/null
+++ b/man/man8/mscan_selinux.8
@@ -0,0 +1,122 @@
@@ -26383,8 +27760,8 @@ index 0000000..6439622
+mscan_selinux \- Security Enhanced Linux Policy for the mscan processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mscan processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. mscan policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mscan with the tightest access possible.
@@ -26453,7 +27830,7 @@ index 0000000..6439622
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -26474,7 +27851,7 @@ index 0000000..6439622
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -26485,7 +27862,7 @@ index 0000000..6439622
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -26503,18 +27880,24 @@ index 0000000..6439622
\ No newline at end of file
diff --git a/man/man8/munin_selinux.8 b/man/man8/munin_selinux.8
new file mode 100644
-index 0000000..72c70fd
+index 0000000..17b161d
--- /dev/null
+++ b/man/man8/munin_selinux.8
-@@ -0,0 +1,157 @@
+@@ -0,0 +1,163 @@
+.TH "munin_selinux" "8" "munin" "dwalsh at redhat.com" "munin SELinux Policy documentation"
+.SH "NAME"
+munin_selinux \- Security Enhanced Linux Policy for the munin processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the munin processes via flexible mandatory access
++
++SELinux Linux secures
++.B munin
++(Munin network-wide load graphing (formerly LRRD))
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -26595,7 +27978,7 @@ index 0000000..72c70fd
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -26639,7 +28022,7 @@ index 0000000..72c70fd
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -26650,7 +28033,7 @@ index 0000000..72c70fd
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -26666,7 +28049,7 @@ index 0000000..72c70fd
+selinux(8), munin(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/mysqld_selinux.8 b/man/man8/mysqld_selinux.8
new file mode 100644
-index 0000000..f265a3e
+index 0000000..9f5bb25
--- /dev/null
+++ b/man/man8/mysqld_selinux.8
@@ -0,0 +1,214 @@
@@ -26675,8 +28058,8 @@ index 0000000..f265a3e
+mysqld_selinux \- Security Enhanced Linux Policy for the mysqld processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mysqld processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. mysqld policy is extremely flexible and has several booleans that allow you to manipulate the policy and run mysqld with the tightest access possible.
@@ -26800,7 +28183,7 @@ index 0000000..f265a3e
+/var/run/mysqld(/.*)?, /var/lib/mysql/mysql\.sock
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -26855,7 +28238,7 @@ index 0000000..f265a3e
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -26866,7 +28249,7 @@ index 0000000..f265a3e
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -26887,7 +28270,7 @@ index 0000000..f265a3e
\ No newline at end of file
diff --git a/man/man8/mysqlmanagerd_selinux.8 b/man/man8/mysqlmanagerd_selinux.8
new file mode 100644
-index 0000000..783ac4b
+index 0000000..6bce1f8
--- /dev/null
+++ b/man/man8/mysqlmanagerd_selinux.8
@@ -0,0 +1,113 @@
@@ -26896,8 +28279,8 @@ index 0000000..783ac4b
+mysqlmanagerd_selinux \- Security Enhanced Linux Policy for the mysqlmanagerd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the mysqlmanagerd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -26935,7 +28318,7 @@ index 0000000..783ac4b
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -26979,7 +28362,7 @@ index 0000000..783ac4b
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -26990,7 +28373,7 @@ index 0000000..783ac4b
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -27006,18 +28389,24 @@ index 0000000..783ac4b
+selinux(8), mysqlmanagerd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/nagios_selinux.8 b/man/man8/nagios_selinux.8
new file mode 100644
-index 0000000..5f5b90d
+index 0000000..f740a6e
--- /dev/null
+++ b/man/man8/nagios_selinux.8
-@@ -0,0 +1,203 @@
+@@ -0,0 +1,217 @@
+.TH "nagios_selinux" "8" "nagios" "dwalsh at redhat.com" "nagios SELinux Policy documentation"
+.SH "NAME"
+nagios_selinux \- Security Enhanced Linux Policy for the nagios processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the nagios processes via flexible mandatory access
++
++SELinux Linux secures
++.B nagios
++(Net Saint / NAGIOS - network monitoring server)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -27059,6 +28448,14 @@ index 0000000..5f5b90d
+
+.EX
+.PP
++.B nagios_eventhandler_plugin_exec_t
++.EE
++
++- Set files with the nagios_eventhandler_plugin_exec_t type, if you want to transition an executable to the nagios_eventhandler_plugin_t domain.
++
++
++.EX
++.PP
+.B nagios_exec_t
+.EE
+
@@ -27170,7 +28567,7 @@ index 0000000..5f5b90d
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -27187,11 +28584,11 @@ index 0000000..5f5b90d
+The following process types are defined for nagios:
+
+.EX
-+.B nagios_t, nagios_mail_plugin_t, nagios_checkdisk_plugin_t, nagios_services_plugin_t, nagios_system_plugin_t, nagios_unconfined_plugin_t, nagios_admin_plugin_t
++.B nagios_t, nagios_mail_plugin_t, nagios_checkdisk_plugin_t, nagios_services_plugin_t, nagios_eventhandler_plugin_t, nagios_system_plugin_t, nagios_unconfined_plugin_t, nagios_admin_plugin_t
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -27202,7 +28599,7 @@ index 0000000..5f5b90d
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -27214,10 +28611,10 @@ index 0000000..5f5b90d
+.SH "SEE ALSO"
+selinux(8), nagios(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/named_selinux.8 b/man/man8/named_selinux.8
-index fce0b48..3c01657 100644
+index fce0b48..b3031fd 100644
--- a/man/man8/named_selinux.8
+++ b/man/man8/named_selinux.8
-@@ -1,30 +1,205 @@
+@@ -1,30 +1,211 @@
-.TH "named_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "named Selinux Policy documentation"
-.de EX
-.nf
@@ -27234,9 +28631,15 @@ index fce0b48..3c01657 100644
.SH "DESCRIPTION"
-Security-Enhanced Linux secures the named server via flexible mandatory access
-+Security-Enhanced Linux secures the named processes via flexible mandatory access
++
++SELinux Linux secures
++.B named
++(Berkeley internet name domain DNS server)
++processes via flexible mandatory access
control.
+
++
++
.SH BOOLEANS
-SELinux policy is customizable based on least access required. So by
-default SELinux policy does not allow named to write master zone files. If you want to have named update the master zone files you need to set the named_write_master_zones boolean.
@@ -27336,8 +28739,8 @@ index fce0b48..3c01657 100644
+.EE
+
+- Set files with the named_keytab_t type, if you want to treat the files as kerberos keytab files.
-
-
++
++
+.EX
+.PP
+.B named_log_t
@@ -27374,9 +28777,9 @@ index fce0b48..3c01657 100644
+.PP
+.B named_var_run_t
+.EE
-+
+
+- Set files with the named_var_run_t type, if you want to store the named files under the /run directory.
-+
+
+.br
+.TP 5
+Paths:
@@ -27395,7 +28798,7 @@ index fce0b48..3c01657 100644
+/var/named/chroot/var/named(/.*)?, /var/named(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -27416,7 +28819,7 @@ index fce0b48..3c01657 100644
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -27427,7 +28830,7 @@ index fce0b48..3c01657 100644
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -27445,18 +28848,24 @@ index fce0b48..3c01657 100644
\ No newline at end of file
diff --git a/man/man8/namespace_selinux.8 b/man/man8/namespace_selinux.8
new file mode 100644
-index 0000000..829b5d2
+index 0000000..7572442
--- /dev/null
+++ b/man/man8/namespace_selinux.8
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,77 @@
+.TH "namespace_selinux" "8" "namespace" "dwalsh at redhat.com" "namespace SELinux Policy documentation"
+.SH "NAME"
+namespace_selinux \- Security Enhanced Linux Policy for the namespace processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the namespace processes via flexible mandatory access
++
++SELinux Linux secures
++.B namespace
++(policy for namespace)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -27477,7 +28886,7 @@ index 0000000..829b5d2
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -27498,7 +28907,7 @@ index 0000000..829b5d2
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -27509,7 +28918,7 @@ index 0000000..829b5d2
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -27522,18 +28931,24 @@ index 0000000..829b5d2
+selinux(8), namespace(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ncftool_selinux.8 b/man/man8/ncftool_selinux.8
new file mode 100644
-index 0000000..eefc21d
+index 0000000..394997f
--- /dev/null
+++ b/man/man8/ncftool_selinux.8
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,77 @@
+.TH "ncftool_selinux" "8" "ncftool" "dwalsh at redhat.com" "ncftool SELinux Policy documentation"
+.SH "NAME"
+ncftool_selinux \- Security Enhanced Linux Policy for the ncftool processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ncftool processes via flexible mandatory access
++
++SELinux Linux secures
++.B ncftool
++(Netcf network configuration tool (ncftool))
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -27554,7 +28969,7 @@ index 0000000..eefc21d
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -27575,7 +28990,7 @@ index 0000000..eefc21d
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -27586,7 +29001,7 @@ index 0000000..eefc21d
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -27599,7 +29014,7 @@ index 0000000..eefc21d
+selinux(8), ncftool(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ndc_selinux.8 b/man/man8/ndc_selinux.8
new file mode 100644
-index 0000000..ce455f6
+index 0000000..fe49fef
--- /dev/null
+++ b/man/man8/ndc_selinux.8
@@ -0,0 +1,71 @@
@@ -27608,8 +29023,8 @@ index 0000000..ce455f6
+ndc_selinux \- Security Enhanced Linux Policy for the ndc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ndc processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -27631,7 +29046,7 @@ index 0000000..ce455f6
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -27652,7 +29067,7 @@ index 0000000..ce455f6
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -27663,7 +29078,7 @@ index 0000000..ce455f6
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -27676,18 +29091,24 @@ index 0000000..ce455f6
+selinux(8), ndc(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/netlabel_selinux.8 b/man/man8/netlabel_selinux.8
new file mode 100644
-index 0000000..aa50b50
+index 0000000..8d7e496
--- /dev/null
+++ b/man/man8/netlabel_selinux.8
-@@ -0,0 +1,75 @@
+@@ -0,0 +1,81 @@
+.TH "netlabel_selinux" "8" "netlabel" "dwalsh at redhat.com" "netlabel SELinux Policy documentation"
+.SH "NAME"
+netlabel_selinux \- Security Enhanced Linux Policy for the netlabel processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the netlabel processes via flexible mandatory access
++
++SELinux Linux secures
++.B netlabel
++(NetLabel/CIPSO labeled networking management)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -27712,7 +29133,7 @@ index 0000000..aa50b50
+/sbin/netlabelctl, /usr/sbin/netlabelctl
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -27733,7 +29154,7 @@ index 0000000..aa50b50
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -27744,7 +29165,7 @@ index 0000000..aa50b50
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -27757,7 +29178,7 @@ index 0000000..aa50b50
+selinux(8), netlabel(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/netlogond_selinux.8 b/man/man8/netlogond_selinux.8
new file mode 100644
-index 0000000..b1987b3
+index 0000000..3e7dc32
--- /dev/null
+++ b/man/man8/netlogond_selinux.8
@@ -0,0 +1,99 @@
@@ -27766,8 +29187,8 @@ index 0000000..b1987b3
+netlogond_selinux \- Security Enhanced Linux Policy for the netlogond processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the netlogond processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -27817,7 +29238,7 @@ index 0000000..b1987b3
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -27838,7 +29259,7 @@ index 0000000..b1987b3
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -27849,7 +29270,7 @@ index 0000000..b1987b3
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -27862,18 +29283,24 @@ index 0000000..b1987b3
+selinux(8), netlogond(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/netutils_selinux.8 b/man/man8/netutils_selinux.8
new file mode 100644
-index 0000000..f9ac78f
+index 0000000..55eb6c1
--- /dev/null
+++ b/man/man8/netutils_selinux.8
-@@ -0,0 +1,83 @@
+@@ -0,0 +1,89 @@
+.TH "netutils_selinux" "8" "netutils" "dwalsh at redhat.com" "netutils SELinux Policy documentation"
+.SH "NAME"
+netutils_selinux \- Security Enhanced Linux Policy for the netutils processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the netutils processes via flexible mandatory access
++
++SELinux Linux secures
++.B netutils
++(Network analysis utilities)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -27906,7 +29333,7 @@ index 0000000..f9ac78f
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -27927,7 +29354,7 @@ index 0000000..f9ac78f
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -27938,7 +29365,7 @@ index 0000000..f9ac78f
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -27951,7 +29378,7 @@ index 0000000..f9ac78f
+selinux(8), netutils(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/newrole_selinux.8 b/man/man8/newrole_selinux.8
new file mode 100644
-index 0000000..b3f9ff9
+index 0000000..bdc4376
--- /dev/null
+++ b/man/man8/newrole_selinux.8
@@ -0,0 +1,71 @@
@@ -27960,8 +29387,8 @@ index 0000000..b3f9ff9
+newrole_selinux \- Security Enhanced Linux Policy for the newrole processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the newrole processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -27983,7 +29410,7 @@ index 0000000..b3f9ff9
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -28004,7 +29431,7 @@ index 0000000..b3f9ff9
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -28015,7 +29442,7 @@ index 0000000..b3f9ff9
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -28028,7 +29455,7 @@ index 0000000..b3f9ff9
+selinux(8), newrole(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/nfsd_selinux.8 b/man/man8/nfsd_selinux.8
new file mode 100644
-index 0000000..f6172eb
+index 0000000..531f1ee
--- /dev/null
+++ b/man/man8/nfsd_selinux.8
@@ -0,0 +1,276 @@
@@ -28037,8 +29464,8 @@ index 0000000..f6172eb
+nfsd_selinux \- Security Enhanced Linux Policy for the nfsd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the nfsd processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. nfsd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run nfsd with the tightest access possible.
@@ -28160,7 +29587,7 @@ index 0000000..f6172eb
+.B restorecon -F -R -v /var/nfsd
+.pp
+.TP
-+Allow nfsd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_nfsdd_anon_write boolean to be set.
++Allow nfsd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_nfsd_anon_write boolean to be set.
+.PP
+.B
+semanage fcontext -a -t public_content_rw_t "/var/nfsd/incoming(/.*)?"
@@ -28235,7 +29662,7 @@ index 0000000..f6172eb
+/lib/systemd/system/nfs.*, /usr/lib/systemd/system/nfs.*
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -28279,7 +29706,7 @@ index 0000000..f6172eb
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -28290,7 +29717,7 @@ index 0000000..f6172eb
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -28311,7 +29738,7 @@ index 0000000..f6172eb
\ No newline at end of file
diff --git a/man/man8/nginx_selinux.8 b/man/man8/nginx_selinux.8
new file mode 100644
-index 0000000..47d6c9b
+index 0000000..87983d6
--- /dev/null
+++ b/man/man8/nginx_selinux.8
@@ -0,0 +1,103 @@
@@ -28320,8 +29747,8 @@ index 0000000..47d6c9b
+nginx_selinux \- Security Enhanced Linux Policy for the nginx processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the nginx processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -28375,7 +29802,7 @@ index 0000000..47d6c9b
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -28396,7 +29823,7 @@ index 0000000..47d6c9b
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -28407,7 +29834,7 @@ index 0000000..47d6c9b
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -28420,7 +29847,7 @@ index 0000000..47d6c9b
+selinux(8), nginx(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/nmbd_selinux.8 b/man/man8/nmbd_selinux.8
new file mode 100644
-index 0000000..65e627d
+index 0000000..bfcd1db
--- /dev/null
+++ b/man/man8/nmbd_selinux.8
@@ -0,0 +1,109 @@
@@ -28429,8 +29856,8 @@ index 0000000..65e627d
+nmbd_selinux \- Security Enhanced Linux Policy for the nmbd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the nmbd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -28464,7 +29891,7 @@ index 0000000..65e627d
+/var/run/samba/messages\.tdb, /var/run/samba/namelist\.debug, /var/run/nmbd(/.*)?, /var/run/samba/unexpected\.tdb, /var/run/samba/nmbd\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -28508,7 +29935,7 @@ index 0000000..65e627d
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -28519,7 +29946,7 @@ index 0000000..65e627d
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -28535,18 +29962,24 @@ index 0000000..65e627d
+selinux(8), nmbd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/nova_selinux.8 b/man/man8/nova_selinux.8
new file mode 100644
-index 0000000..e9235ad
+index 0000000..8739378
--- /dev/null
+++ b/man/man8/nova_selinux.8
-@@ -0,0 +1,231 @@
+@@ -0,0 +1,237 @@
+.TH "nova_selinux" "8" "nova" "dwalsh at redhat.com" "nova SELinux Policy documentation"
+.SH "NAME"
+nova_selinux \- Security Enhanced Linux Policy for the nova processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the nova processes via flexible mandatory access
++
++SELinux Linux secures
++.B nova
++(openstack-nova)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -28727,7 +30160,7 @@ index 0000000..e9235ad
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -28748,7 +30181,7 @@ index 0000000..e9235ad
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -28759,7 +30192,7 @@ index 0000000..e9235ad
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -28772,7 +30205,7 @@ index 0000000..e9235ad
+selinux(8), nova(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/nrpe_selinux.8 b/man/man8/nrpe_selinux.8
new file mode 100644
-index 0000000..b337b81
+index 0000000..f6a3c05
--- /dev/null
+++ b/man/man8/nrpe_selinux.8
@@ -0,0 +1,87 @@
@@ -28781,8 +30214,8 @@ index 0000000..b337b81
+nrpe_selinux \- Security Enhanced Linux Policy for the nrpe processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the nrpe processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -28820,7 +30253,7 @@ index 0000000..b337b81
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -28841,7 +30274,7 @@ index 0000000..b337b81
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -28852,7 +30285,7 @@ index 0000000..b337b81
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -28865,18 +30298,24 @@ index 0000000..b337b81
+selinux(8), nrpe(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/nscd_selinux.8 b/man/man8/nscd_selinux.8
new file mode 100644
-index 0000000..13f8c73
+index 0000000..01045df
--- /dev/null
+++ b/man/man8/nscd_selinux.8
-@@ -0,0 +1,122 @@
+@@ -0,0 +1,128 @@
+.TH "nscd_selinux" "8" "nscd" "dwalsh at redhat.com" "nscd SELinux Policy documentation"
+.SH "NAME"
+nscd_selinux \- Security Enhanced Linux Policy for the nscd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the nscd processes via flexible mandatory access
++
++SELinux Linux secures
++.B nscd
++(Name service cache daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. nscd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run nscd with the tightest access possible.
+
@@ -28944,7 +30383,7 @@ index 0000000..13f8c73
+/var/run/nscd\.pid, /var/run/nscd(/.*)?, /var/db/nscd(/.*)?, /var/run/\.nscd_socket, /var/cache/nscd(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -28965,7 +30404,7 @@ index 0000000..13f8c73
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -28976,7 +30415,7 @@ index 0000000..13f8c73
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -28994,18 +30433,24 @@ index 0000000..13f8c73
\ No newline at end of file
diff --git a/man/man8/nslcd_selinux.8 b/man/man8/nslcd_selinux.8
new file mode 100644
-index 0000000..00415da
+index 0000000..a9a427d
--- /dev/null
+++ b/man/man8/nslcd_selinux.8
-@@ -0,0 +1,95 @@
+@@ -0,0 +1,101 @@
+.TH "nslcd_selinux" "8" "nslcd" "dwalsh at redhat.com" "nslcd SELinux Policy documentation"
+.SH "NAME"
+nslcd_selinux \- Security Enhanced Linux Policy for the nslcd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the nslcd processes via flexible mandatory access
++
++SELinux Linux secures
++.B nslcd
++(nslcd - local LDAP name service daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -29050,7 +30495,7 @@ index 0000000..00415da
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -29071,7 +30516,7 @@ index 0000000..00415da
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -29082,7 +30527,7 @@ index 0000000..00415da
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -29095,18 +30540,24 @@ index 0000000..00415da
+selinux(8), nslcd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ntop_selinux.8 b/man/man8/ntop_selinux.8
new file mode 100644
-index 0000000..0d7dc6d
+index 0000000..cb7f3a4
--- /dev/null
+++ b/man/man8/ntop_selinux.8
-@@ -0,0 +1,137 @@
+@@ -0,0 +1,143 @@
+.TH "ntop_selinux" "8" "ntop" "dwalsh at redhat.com" "ntop SELinux Policy documentation"
+.SH "NAME"
+ntop_selinux \- Security Enhanced Linux Policy for the ntop processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ntop processes via flexible mandatory access
++
++SELinux Linux secures
++.B ntop
++(Network Top)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -29167,7 +30618,7 @@ index 0000000..0d7dc6d
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -29211,7 +30662,7 @@ index 0000000..0d7dc6d
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -29222,7 +30673,7 @@ index 0000000..0d7dc6d
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -29238,7 +30689,7 @@ index 0000000..0d7dc6d
+selinux(8), ntop(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ntpd_selinux.8 b/man/man8/ntpd_selinux.8
new file mode 100644
-index 0000000..53358ad
+index 0000000..00413de
--- /dev/null
+++ b/man/man8/ntpd_selinux.8
@@ -0,0 +1,177 @@
@@ -29247,8 +30698,8 @@ index 0000000..53358ad
+ntpd_selinux \- Security Enhanced Linux Policy for the ntpd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ntpd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -29350,7 +30801,7 @@ index 0000000..53358ad
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -29394,7 +30845,7 @@ index 0000000..53358ad
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -29405,7 +30856,7 @@ index 0000000..53358ad
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -29421,18 +30872,24 @@ index 0000000..53358ad
+selinux(8), ntpd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/nut_selinux.8 b/man/man8/nut_selinux.8
new file mode 100644
-index 0000000..f9b1c07
+index 0000000..fe354e5
--- /dev/null
+++ b/man/man8/nut_selinux.8
-@@ -0,0 +1,107 @@
+@@ -0,0 +1,113 @@
+.TH "nut_selinux" "8" "nut" "dwalsh at redhat.com" "nut SELinux Policy documentation"
+.SH "NAME"
+nut_selinux \- Security Enhanced Linux Policy for the nut processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the nut processes via flexible mandatory access
++
++SELinux Linux secures
++.B nut
++(nut - Network UPS Tools )
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -29489,7 +30946,7 @@ index 0000000..f9b1c07
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -29510,7 +30967,7 @@ index 0000000..f9b1c07
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -29521,7 +30978,7 @@ index 0000000..f9b1c07
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -29534,18 +30991,24 @@ index 0000000..f9b1c07
+selinux(8), nut(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/nx_selinux.8 b/man/man8/nx_selinux.8
new file mode 100644
-index 0000000..6dc7277
+index 0000000..ef2c5aa
--- /dev/null
+++ b/man/man8/nx_selinux.8
-@@ -0,0 +1,115 @@
+@@ -0,0 +1,121 @@
+.TH "nx_selinux" "8" "nx" "dwalsh at redhat.com" "nx SELinux Policy documentation"
+.SH "NAME"
+nx_selinux \- Security Enhanced Linux Policy for the nx processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the nx processes via flexible mandatory access
++
++SELinux Linux secures
++.B nx
++(NX remote desktop)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -29610,7 +31073,7 @@ index 0000000..6dc7277
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -29631,7 +31094,7 @@ index 0000000..6dc7277
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -29642,7 +31105,7 @@ index 0000000..6dc7277
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -29653,20 +31116,88 @@ index 0000000..6dc7277
+
+.SH "SEE ALSO"
+selinux(8), nx(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/nx_server_selinux.8 b/man/man8/nx_server_selinux.8
+new file mode 100644
+index 0000000..2746ea3
+--- /dev/null
++++ b/man/man8/nx_server_selinux.8
+@@ -0,0 +1,56 @@
++.TH "nx_server_selinux" "8" "nx_server" "mgrepl at redhat.com" "nx_server SELinux Policy documentation"
++.SH "NAME"
++nx_server_r \- \fBnx_server user role\fP - Security Enhanced Linux Policy
++
++.SH DESCRIPTION
++
++SELinux supports Roles Based Access Control, some Linux roles are login roles, while other roles need to be transition to.
++
++Note: The examples in the man page will user the staff_u user.
++
++Non login roles are usually used for administrative tasks.
++
++Roles usually have default types assigned to them.
++
++The default type for the nx_server_r role is nx_server_t.
++
++You can use the
++.B newrole
++program to transition directly to this role.
++
++.B newrole -r nx_server_r -t nx_server_t
++
++.B sudo
++can also be setup to transition to this role using the visudo command.
++
++USERNAME ALL=(ALL) ROLE=nx_server_r TYPE=nx_server_t COMMAND
++.br
++sudo will run COMMAND as staff_u:nx_server_r:nx_server_t:LEVEL
++
++If you want to use a non login role, you need to make sure the SELinux user you are using can reach this role.
++
++You can see all of the assigned SELinux roles using the following
++
++.B semanage user -l
++
++If you wanted to add nx_server_r to the staff_u user, you would execute:
++
++.B $ semanage user -m -R 'staff_r nx_server_r' staff_u
++
++
++.SH "COMMANDS"
++
++.B semanage login
++can also be used to manipulate the Linux User to SELinux User mappings
++
++.B semanage user
++can also be used to manipulate SELinux user definitions.
++
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was autogenerated by genuserman.py.
++
++.SH "SEE ALSO"
++selinux(8), semanage(8).
diff --git a/man/man8/obex_selinux.8 b/man/man8/obex_selinux.8
new file mode 100644
-index 0000000..db0a02e
+index 0000000..a6b6598
--- /dev/null
+++ b/man/man8/obex_selinux.8
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,77 @@
+.TH "obex_selinux" "8" "obex" "dwalsh at redhat.com" "obex SELinux Policy documentation"
+.SH "NAME"
+obex_selinux \- Security Enhanced Linux Policy for the obex processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the obex processes via flexible mandatory access
++
++SELinux Linux secures
++.B obex
++(SELinux policy for obex-data-server)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -29687,7 +31218,7 @@ index 0000000..db0a02e
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -29708,7 +31239,7 @@ index 0000000..db0a02e
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -29719,7 +31250,7 @@ index 0000000..db0a02e
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -29732,18 +31263,28 @@ index 0000000..db0a02e
+selinux(8), obex(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/oddjob_selinux.8 b/man/man8/oddjob_selinux.8
new file mode 100644
-index 0000000..50c8584
+index 0000000..88a1ce7
--- /dev/null
+++ b/man/man8/oddjob_selinux.8
-@@ -0,0 +1,91 @@
+@@ -0,0 +1,101 @@
+.TH "oddjob_selinux" "8" "oddjob" "dwalsh at redhat.com" "oddjob SELinux Policy documentation"
+.SH "NAME"
+oddjob_selinux \- Security Enhanced Linux Policy for the oddjob processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the oddjob processes via flexible mandatory access
++
++SELinux Linux secures
++.B oddjob
++(
++Oddjob provides a mechanism by which unprivileged applications can
++request that specified privileged operations be performed on their
++behalf.
++)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -29784,7 +31325,7 @@ index 0000000..50c8584
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -29805,7 +31346,7 @@ index 0000000..50c8584
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -29816,7 +31357,7 @@ index 0000000..50c8584
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -29829,18 +31370,24 @@ index 0000000..50c8584
+selinux(8), oddjob(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/openct_selinux.8 b/man/man8/openct_selinux.8
new file mode 100644
-index 0000000..f3f6824
+index 0000000..b21e586
--- /dev/null
+++ b/man/man8/openct_selinux.8
-@@ -0,0 +1,83 @@
+@@ -0,0 +1,89 @@
+.TH "openct_selinux" "8" "openct" "dwalsh at redhat.com" "openct SELinux Policy documentation"
+.SH "NAME"
+openct_selinux \- Security Enhanced Linux Policy for the openct processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the openct processes via flexible mandatory access
++
++SELinux Linux secures
++.B openct
++(Service for handling smart card readers)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -29873,7 +31420,7 @@ index 0000000..f3f6824
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -29894,7 +31441,7 @@ index 0000000..f3f6824
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -29905,7 +31452,7 @@ index 0000000..f3f6824
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -29918,18 +31465,24 @@ index 0000000..f3f6824
+selinux(8), openct(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/openvpn_selinux.8 b/man/man8/openvpn_selinux.8
new file mode 100644
-index 0000000..e49d678
+index 0000000..9a9b8b8
--- /dev/null
+++ b/man/man8/openvpn_selinux.8
-@@ -0,0 +1,160 @@
+@@ -0,0 +1,166 @@
+.TH "openvpn_selinux" "8" "openvpn" "dwalsh at redhat.com" "openvpn SELinux Policy documentation"
+.SH "NAME"
+openvpn_selinux \- Security Enhanced Linux Policy for the openvpn processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the openvpn processes via flexible mandatory access
++
++SELinux Linux secures
++.B openvpn
++(full-featured SSL VPN solution)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. openvpn policy is extremely flexible and has several booleans that allow you to manipulate the policy and run openvpn with the tightest access possible.
+
@@ -30009,7 +31562,7 @@ index 0000000..e49d678
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -30053,7 +31606,7 @@ index 0000000..e49d678
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -30064,7 +31617,7 @@ index 0000000..e49d678
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -30085,18 +31638,24 @@ index 0000000..e49d678
\ No newline at end of file
diff --git a/man/man8/pads_selinux.8 b/man/man8/pads_selinux.8
new file mode 100644
-index 0000000..9b82aaa
+index 0000000..f2bc8e8
--- /dev/null
+++ b/man/man8/pads_selinux.8
-@@ -0,0 +1,99 @@
+@@ -0,0 +1,105 @@
+.TH "pads_selinux" "8" "pads" "dwalsh at redhat.com" "pads SELinux Policy documentation"
+.SH "NAME"
+pads_selinux \- Security Enhanced Linux Policy for the pads processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the pads processes via flexible mandatory access
++
++SELinux Linux secures
++.B pads
++(Passive Asset Detection System)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -30145,7 +31704,7 @@ index 0000000..9b82aaa
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -30166,7 +31725,7 @@ index 0000000..9b82aaa
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -30177,7 +31736,7 @@ index 0000000..9b82aaa
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -30190,18 +31749,24 @@ index 0000000..9b82aaa
+selinux(8), pads(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/passenger_selinux.8 b/man/man8/passenger_selinux.8
new file mode 100644
-index 0000000..17bda61
+index 0000000..872ce91
--- /dev/null
+++ b/man/man8/passenger_selinux.8
-@@ -0,0 +1,111 @@
+@@ -0,0 +1,117 @@
+.TH "passenger_selinux" "8" "passenger" "dwalsh at redhat.com" "passenger SELinux Policy documentation"
+.SH "NAME"
+passenger_selinux \- Security Enhanced Linux Policy for the passenger processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the passenger processes via flexible mandatory access
++
++SELinux Linux secures
++.B passenger
++(Ruby on rails deployment for Apache and Nginx servers)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -30262,7 +31827,7 @@ index 0000000..17bda61
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -30283,7 +31848,7 @@ index 0000000..17bda61
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -30294,7 +31859,7 @@ index 0000000..17bda61
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -30307,7 +31872,7 @@ index 0000000..17bda61
+selinux(8), passenger(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/passwd_selinux.8 b/man/man8/passwd_selinux.8
new file mode 100644
-index 0000000..af52eaa
+index 0000000..71d4cc4
--- /dev/null
+++ b/man/man8/passwd_selinux.8
@@ -0,0 +1,87 @@
@@ -30316,8 +31881,8 @@ index 0000000..af52eaa
+passwd_selinux \- Security Enhanced Linux Policy for the passwd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the passwd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -30355,7 +31920,7 @@ index 0000000..af52eaa
+/etc/passwd\.OLD, /etc/ptmptmp, /etc/passwd-?, /etc/group-?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -30376,7 +31941,7 @@ index 0000000..af52eaa
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -30387,7 +31952,7 @@ index 0000000..af52eaa
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -30400,18 +31965,24 @@ index 0000000..af52eaa
+selinux(8), passwd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/pcscd_selinux.8 b/man/man8/pcscd_selinux.8
new file mode 100644
-index 0000000..3b6b792
+index 0000000..18eb20c
--- /dev/null
+++ b/man/man8/pcscd_selinux.8
-@@ -0,0 +1,83 @@
+@@ -0,0 +1,89 @@
+.TH "pcscd_selinux" "8" "pcscd" "dwalsh at redhat.com" "pcscd SELinux Policy documentation"
+.SH "NAME"
+pcscd_selinux \- Security Enhanced Linux Policy for the pcscd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the pcscd processes via flexible mandatory access
++
++SELinux Linux secures
++.B pcscd
++(PCSC smart card service)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -30444,7 +32015,7 @@ index 0000000..3b6b792
+/var/run/pcscd\.pid, /var/run/pcscd\.comm, /var/run/pcscd\.pub, /var/run/pcscd\.events(/.*)?, /var/run/pcscd(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -30465,7 +32036,7 @@ index 0000000..3b6b792
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -30476,7 +32047,7 @@ index 0000000..3b6b792
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -30489,18 +32060,24 @@ index 0000000..3b6b792
+selinux(8), pcscd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/pegasus_selinux.8 b/man/man8/pegasus_selinux.8
new file mode 100644
-index 0000000..7bb97c4
+index 0000000..b015c87
--- /dev/null
+++ b/man/man8/pegasus_selinux.8
-@@ -0,0 +1,156 @@
+@@ -0,0 +1,162 @@
+.TH "pegasus_selinux" "8" "pegasus" "dwalsh at redhat.com" "pegasus SELinux Policy documentation"
+.SH "NAME"
+pegasus_selinux \- Security Enhanced Linux Policy for the pegasus processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the pegasus processes via flexible mandatory access
++
++SELinux Linux secures
++.B pegasus
++(The Open Group Pegasus CIM/WBEM Server)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -30569,7 +32146,7 @@ index 0000000..7bb97c4
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -30624,7 +32201,7 @@ index 0000000..7bb97c4
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -30635,7 +32212,7 @@ index 0000000..7bb97c4
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -30651,7 +32228,7 @@ index 0000000..7bb97c4
+selinux(8), pegasus(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ping_selinux.8 b/man/man8/ping_selinux.8
new file mode 100644
-index 0000000..bcae699
+index 0000000..bda0235
--- /dev/null
+++ b/man/man8/ping_selinux.8
@@ -0,0 +1,148 @@
@@ -30660,8 +32237,8 @@ index 0000000..bcae699
+ping_selinux \- Security Enhanced Linux Policy for the ping processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ping processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. ping policy is extremely flexible and has several booleans that allow you to manipulate the policy and run ping with the tightest access possible.
@@ -30730,7 +32307,7 @@ index 0000000..bcae699
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -30774,7 +32351,7 @@ index 0000000..bcae699
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -30785,7 +32362,7 @@ index 0000000..bcae699
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -30806,18 +32383,24 @@ index 0000000..bcae699
\ No newline at end of file
diff --git a/man/man8/pingd_selinux.8 b/man/man8/pingd_selinux.8
new file mode 100644
-index 0000000..5106b00
+index 0000000..df20aeb
--- /dev/null
+++ b/man/man8/pingd_selinux.8
-@@ -0,0 +1,136 @@
+@@ -0,0 +1,142 @@
+.TH "pingd_selinux" "8" "pingd" "dwalsh at redhat.com" "pingd SELinux Policy documentation"
+.SH "NAME"
+pingd_selinux \- Security Enhanced Linux Policy for the pingd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the pingd processes via flexible mandatory access
++
++SELinux Linux secures
++.B pingd
++(Pingd of the Whatsup cluster node up/down detection utility)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. pingd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run pingd with the tightest access possible.
+
@@ -30873,7 +32456,7 @@ index 0000000..5106b00
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -30917,7 +32500,7 @@ index 0000000..5106b00
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -30928,7 +32511,7 @@ index 0000000..5106b00
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -30949,18 +32532,24 @@ index 0000000..5106b00
\ No newline at end of file
diff --git a/man/man8/piranha_selinux.8 b/man/man8/piranha_selinux.8
new file mode 100644
-index 0000000..7551b8a
+index 0000000..cbd1451
--- /dev/null
+++ b/man/man8/piranha_selinux.8
-@@ -0,0 +1,232 @@
+@@ -0,0 +1,238 @@
+.TH "piranha_selinux" "8" "piranha" "dwalsh at redhat.com" "piranha SELinux Policy documentation"
+.SH "NAME"
+piranha_selinux \- Security Enhanced Linux Policy for the piranha processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the piranha processes via flexible mandatory access
++
++SELinux Linux secures
++.B piranha
++(policy for piranha)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. piranha policy is extremely flexible and has several booleans that allow you to manipulate the policy and run piranha with the tightest access possible.
+
@@ -31112,7 +32701,7 @@ index 0000000..7551b8a
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -31156,7 +32745,7 @@ index 0000000..7551b8a
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -31167,7 +32756,7 @@ index 0000000..7551b8a
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -31188,7 +32777,7 @@ index 0000000..7551b8a
\ No newline at end of file
diff --git a/man/man8/pki_selinux.8 b/man/man8/pki_selinux.8
new file mode 100644
-index 0000000..51c05de
+index 0000000..2272c46
--- /dev/null
+++ b/man/man8/pki_selinux.8
@@ -0,0 +1,504 @@
@@ -31197,8 +32786,8 @@ index 0000000..51c05de
+pki_selinux \- Security Enhanced Linux Policy for the pki processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the pki processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -31572,7 +33161,7 @@ index 0000000..51c05de
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -31671,7 +33260,7 @@ index 0000000..51c05de
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -31682,7 +33271,7 @@ index 0000000..51c05de
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -31698,7 +33287,7 @@ index 0000000..51c05de
+selinux(8), pki(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/plymouth_selinux.8 b/man/man8/plymouth_selinux.8
new file mode 100644
-index 0000000..54b9407
+index 0000000..581c9cb
--- /dev/null
+++ b/man/man8/plymouth_selinux.8
@@ -0,0 +1,119 @@
@@ -31707,8 +33296,8 @@ index 0000000..54b9407
+plymouth_selinux \- Security Enhanced Linux Policy for the plymouth processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the plymouth processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -31778,7 +33367,7 @@ index 0000000..54b9407
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -31799,7 +33388,7 @@ index 0000000..54b9407
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -31810,7 +33399,7 @@ index 0000000..54b9407
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -31823,18 +33412,24 @@ index 0000000..54b9407
+selinux(8), plymouth(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/plymouthd_selinux.8 b/man/man8/plymouthd_selinux.8
new file mode 100644
-index 0000000..16ea89e
+index 0000000..f314fca
--- /dev/null
+++ b/man/man8/plymouthd_selinux.8
-@@ -0,0 +1,107 @@
+@@ -0,0 +1,113 @@
+.TH "plymouthd_selinux" "8" "plymouthd" "dwalsh at redhat.com" "plymouthd SELinux Policy documentation"
+.SH "NAME"
+plymouthd_selinux \- Security Enhanced Linux Policy for the plymouthd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the plymouthd processes via flexible mandatory access
++
++SELinux Linux secures
++.B plymouthd
++(Plymouth graphical boot)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -31891,7 +33486,7 @@ index 0000000..16ea89e
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -31912,7 +33507,7 @@ index 0000000..16ea89e
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -31923,7 +33518,7 @@ index 0000000..16ea89e
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -31936,18 +33531,24 @@ index 0000000..16ea89e
+selinux(8), plymouthd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/podsleuth_selinux.8 b/man/man8/podsleuth_selinux.8
new file mode 100644
-index 0000000..5cbac87
+index 0000000..413dd33
--- /dev/null
+++ b/man/man8/podsleuth_selinux.8
-@@ -0,0 +1,99 @@
+@@ -0,0 +1,105 @@
+.TH "podsleuth_selinux" "8" "podsleuth" "dwalsh at redhat.com" "podsleuth SELinux Policy documentation"
+.SH "NAME"
+podsleuth_selinux \- Security Enhanced Linux Policy for the podsleuth processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the podsleuth processes via flexible mandatory access
++
++SELinux Linux secures
++.B podsleuth
++(Podsleuth is a tool to get information about an Apple (TM) iPod (TM))
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -31996,7 +33597,7 @@ index 0000000..5cbac87
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -32017,7 +33618,7 @@ index 0000000..5cbac87
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -32028,7 +33629,7 @@ index 0000000..5cbac87
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -32041,18 +33642,24 @@ index 0000000..5cbac87
+selinux(8), podsleuth(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/policykit_selinux.8 b/man/man8/policykit_selinux.8
new file mode 100644
-index 0000000..1e6a691
+index 0000000..b14cbf9
--- /dev/null
+++ b/man/man8/policykit_selinux.8
-@@ -0,0 +1,147 @@
+@@ -0,0 +1,153 @@
+.TH "policykit_selinux" "8" "policykit" "dwalsh at redhat.com" "policykit SELinux Policy documentation"
+.SH "NAME"
+policykit_selinux \- Security Enhanced Linux Policy for the policykit processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the policykit processes via flexible mandatory access
++
++SELinux Linux secures
++.B policykit
++(Policy framework for controlling privileges for system-wide services)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -32149,7 +33756,7 @@ index 0000000..1e6a691
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -32170,7 +33777,7 @@ index 0000000..1e6a691
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -32181,7 +33788,7 @@ index 0000000..1e6a691
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -32194,18 +33801,24 @@ index 0000000..1e6a691
+selinux(8), policykit(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/polipo_selinux.8 b/man/man8/polipo_selinux.8
new file mode 100644
-index 0000000..1c514b2
+index 0000000..2fdc963
--- /dev/null
+++ b/man/man8/polipo_selinux.8
-@@ -0,0 +1,177 @@
+@@ -0,0 +1,183 @@
+.TH "polipo_selinux" "8" "polipo" "dwalsh at redhat.com" "polipo SELinux Policy documentation"
+.SH "NAME"
+polipo_selinux \- Security Enhanced Linux Policy for the polipo processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the polipo processes via flexible mandatory access
++
++SELinux Linux secures
++.B polipo
++(Caching web proxy)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. polipo policy is extremely flexible and has several booleans that allow you to manipulate the policy and run polipo with the tightest access possible.
+
@@ -32328,7 +33941,7 @@ index 0000000..1c514b2
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -32349,7 +33962,7 @@ index 0000000..1c514b2
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -32360,7 +33973,7 @@ index 0000000..1c514b2
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -32378,18 +33991,24 @@ index 0000000..1c514b2
\ No newline at end of file
diff --git a/man/man8/portmap_selinux.8 b/man/man8/portmap_selinux.8
new file mode 100644
-index 0000000..b8ad3f2
+index 0000000..b868389
--- /dev/null
+++ b/man/man8/portmap_selinux.8
-@@ -0,0 +1,129 @@
+@@ -0,0 +1,135 @@
+.TH "portmap_selinux" "8" "portmap" "dwalsh at redhat.com" "portmap SELinux Policy documentation"
+.SH "NAME"
+portmap_selinux \- Security Enhanced Linux Policy for the portmap processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the portmap processes via flexible mandatory access
++
++SELinux Linux secures
++.B portmap
++(RPC port mapping service)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -32442,7 +34061,7 @@ index 0000000..b8ad3f2
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -32486,7 +34105,7 @@ index 0000000..b8ad3f2
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -32497,7 +34116,7 @@ index 0000000..b8ad3f2
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -32513,18 +34132,24 @@ index 0000000..b8ad3f2
+selinux(8), portmap(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/portreserve_selinux.8 b/man/man8/portreserve_selinux.8
new file mode 100644
-index 0000000..a527436
+index 0000000..909a5da
--- /dev/null
+++ b/man/man8/portreserve_selinux.8
-@@ -0,0 +1,99 @@
+@@ -0,0 +1,105 @@
+.TH "portreserve_selinux" "8" "portreserve" "dwalsh at redhat.com" "portreserve SELinux Policy documentation"
+.SH "NAME"
+portreserve_selinux \- Security Enhanced Linux Policy for the portreserve processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the portreserve processes via flexible mandatory access
++
++SELinux Linux secures
++.B portreserve
++(Reserve well-known ports in the RPC port range)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -32573,7 +34198,7 @@ index 0000000..a527436
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -32594,7 +34219,7 @@ index 0000000..a527436
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -32605,7 +34230,7 @@ index 0000000..a527436
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -32618,18 +34243,24 @@ index 0000000..a527436
+selinux(8), portreserve(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/postfix_selinux.8 b/man/man8/postfix_selinux.8
new file mode 100644
-index 0000000..74d4f01
+index 0000000..bb778bf
--- /dev/null
+++ b/man/man8/postfix_selinux.8
-@@ -0,0 +1,416 @@
+@@ -0,0 +1,422 @@
+.TH "postfix_selinux" "8" "postfix" "dwalsh at redhat.com" "postfix SELinux Policy documentation"
+.SH "NAME"
+postfix_selinux \- Security Enhanced Linux Policy for the postfix processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the postfix processes via flexible mandatory access
++
++SELinux Linux secures
++.B postfix
++(Postfix email server)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. postfix policy is extremely flexible and has several booleans that allow you to manipulate the policy and run postfix with the tightest access possible.
+
@@ -32965,7 +34596,7 @@ index 0000000..74d4f01
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -33009,7 +34640,7 @@ index 0000000..74d4f01
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -33020,7 +34651,7 @@ index 0000000..74d4f01
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -33041,18 +34672,24 @@ index 0000000..74d4f01
\ No newline at end of file
diff --git a/man/man8/postgresql_selinux.8 b/man/man8/postgresql_selinux.8
new file mode 100644
-index 0000000..dc5aade
+index 0000000..da21d07
--- /dev/null
+++ b/man/man8/postgresql_selinux.8
-@@ -0,0 +1,188 @@
+@@ -0,0 +1,194 @@
+.TH "postgresql_selinux" "8" "postgresql" "dwalsh at redhat.com" "postgresql SELinux Policy documentation"
+.SH "NAME"
+postgresql_selinux \- Security Enhanced Linux Policy for the postgresql processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the postgresql processes via flexible mandatory access
++
++SELinux Linux secures
++.B postgresql
++(PostgreSQL relational database)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. postgresql policy is extremely flexible and has several booleans that allow you to manipulate the policy and run postgresql with the tightest access possible.
+
@@ -33160,7 +34797,7 @@ index 0000000..dc5aade
+/var/run/postmaster.*, /var/run/postgresql(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -33204,7 +34841,7 @@ index 0000000..dc5aade
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -33215,7 +34852,7 @@ index 0000000..dc5aade
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -33236,18 +34873,24 @@ index 0000000..dc5aade
\ No newline at end of file
diff --git a/man/man8/postgrey_selinux.8 b/man/man8/postgrey_selinux.8
new file mode 100644
-index 0000000..f1d9fc7
+index 0000000..0d3079a
--- /dev/null
+++ b/man/man8/postgrey_selinux.8
-@@ -0,0 +1,141 @@
+@@ -0,0 +1,147 @@
+.TH "postgrey_selinux" "8" "postgrey" "dwalsh at redhat.com" "postgrey SELinux Policy documentation"
+.SH "NAME"
+postgrey_selinux \- Security Enhanced Linux Policy for the postgrey processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the postgrey processes via flexible mandatory access
++
++SELinux Linux secures
++.B postgrey
++(Postfix grey-listing server)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -33312,7 +34955,7 @@ index 0000000..f1d9fc7
+/var/run/postgrey\.pid, /var/run/postgrey(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -33356,7 +34999,7 @@ index 0000000..f1d9fc7
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -33367,7 +35010,7 @@ index 0000000..f1d9fc7
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -33383,7 +35026,7 @@ index 0000000..f1d9fc7
+selinux(8), postgrey(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/pppd_selinux.8 b/man/man8/pppd_selinux.8
new file mode 100644
-index 0000000..6e6d3b0
+index 0000000..c13ce92
--- /dev/null
+++ b/man/man8/pppd_selinux.8
@@ -0,0 +1,189 @@
@@ -33392,8 +35035,8 @@ index 0000000..6e6d3b0
+pppd_selinux \- Security Enhanced Linux Policy for the pppd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the pppd processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. pppd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run pppd with the tightest access possible.
@@ -33434,7 +35077,7 @@ index 0000000..6e6d3b0
+.br
+.TP 5
+Paths:
-+/etc/ppp(/.*)?, /etc/ppp/peers(/.*)?, /etc/ppp/resolv\.conf
++/etc/ppp(/.*)?, /etc/ppp/resolv\.conf, /etc/ppp/peers(/.*)?
+
+.EX
+.PP
@@ -33529,7 +35172,7 @@ index 0000000..6e6d3b0
+/var/run/pppd[0-9]*\.tdb, /var/run/ppp(/.*)?, /var/run/(i)?ppp.*pid[^/]*
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -33550,7 +35193,7 @@ index 0000000..6e6d3b0
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -33561,7 +35204,7 @@ index 0000000..6e6d3b0
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -33579,7 +35222,7 @@ index 0000000..6e6d3b0
\ No newline at end of file
diff --git a/man/man8/pptp_selinux.8 b/man/man8/pptp_selinux.8
new file mode 100644
-index 0000000..0139fab
+index 0000000..4f2fc1c
--- /dev/null
+++ b/man/man8/pptp_selinux.8
@@ -0,0 +1,113 @@
@@ -33588,8 +35231,8 @@ index 0000000..0139fab
+pptp_selinux \- Security Enhanced Linux Policy for the pptp processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the pptp processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -33627,7 +35270,7 @@ index 0000000..0139fab
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -33671,7 +35314,7 @@ index 0000000..0139fab
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -33682,7 +35325,7 @@ index 0000000..0139fab
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -33698,18 +35341,24 @@ index 0000000..0139fab
+selinux(8), pptp(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/prelink_selinux.8 b/man/man8/prelink_selinux.8
new file mode 100644
-index 0000000..9669e7a
+index 0000000..0be2626
--- /dev/null
+++ b/man/man8/prelink_selinux.8
-@@ -0,0 +1,127 @@
+@@ -0,0 +1,133 @@
+.TH "prelink_selinux" "8" "prelink" "dwalsh at redhat.com" "prelink SELinux Policy documentation"
+.SH "NAME"
+prelink_selinux \- Security Enhanced Linux Policy for the prelink processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the prelink processes via flexible mandatory access
++
++SELinux Linux secures
++.B prelink
++(Prelink ELF shared library mappings)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -33786,7 +35435,7 @@ index 0000000..9669e7a
+/var/lib/prelink(/.*)?, /var/lib/misc/prelink.*
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -33807,7 +35456,7 @@ index 0000000..9669e7a
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -33818,7 +35467,7 @@ index 0000000..9669e7a
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -33831,18 +35480,24 @@ index 0000000..9669e7a
+selinux(8), prelink(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/prelude_selinux.8 b/man/man8/prelude_selinux.8
new file mode 100644
-index 0000000..c238033
+index 0000000..3955442
--- /dev/null
+++ b/man/man8/prelude_selinux.8
-@@ -0,0 +1,205 @@
+@@ -0,0 +1,211 @@
+.TH "prelude_selinux" "8" "prelude" "dwalsh at redhat.com" "prelude SELinux Policy documentation"
+.SH "NAME"
+prelude_selinux \- Security Enhanced Linux Policy for the prelude processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the prelude processes via flexible mandatory access
++
++SELinux Linux secures
++.B prelude
++(Prelude hybrid intrusion detection system)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -33971,7 +35626,7 @@ index 0000000..c238033
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -34015,7 +35670,7 @@ index 0000000..c238033
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -34026,7 +35681,7 @@ index 0000000..c238033
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -34042,18 +35697,24 @@ index 0000000..c238033
+selinux(8), prelude(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/privoxy_selinux.8 b/man/man8/privoxy_selinux.8
new file mode 100644
-index 0000000..cdfce6e
+index 0000000..4371077
--- /dev/null
+++ b/man/man8/privoxy_selinux.8
-@@ -0,0 +1,118 @@
+@@ -0,0 +1,124 @@
+.TH "privoxy_selinux" "8" "privoxy" "dwalsh at redhat.com" "privoxy SELinux Policy documentation"
+.SH "NAME"
+privoxy_selinux \- Security Enhanced Linux Policy for the privoxy processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the privoxy processes via flexible mandatory access
++
++SELinux Linux secures
++.B privoxy
++(Privacy enhancing web proxy)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. privoxy policy is extremely flexible and has several booleans that allow you to manipulate the policy and run privoxy with the tightest access possible.
+
@@ -34117,7 +35778,7 @@ index 0000000..cdfce6e
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -34138,7 +35799,7 @@ index 0000000..cdfce6e
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -34149,7 +35810,7 @@ index 0000000..cdfce6e
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -34167,18 +35828,24 @@ index 0000000..cdfce6e
\ No newline at end of file
diff --git a/man/man8/procmail_selinux.8 b/man/man8/procmail_selinux.8
new file mode 100644
-index 0000000..d65ec02
+index 0000000..7a080ee
--- /dev/null
+++ b/man/man8/procmail_selinux.8
-@@ -0,0 +1,99 @@
+@@ -0,0 +1,105 @@
+.TH "procmail_selinux" "8" "procmail" "dwalsh at redhat.com" "procmail SELinux Policy documentation"
+.SH "NAME"
+procmail_selinux \- Security Enhanced Linux Policy for the procmail processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the procmail processes via flexible mandatory access
++
++SELinux Linux secures
++.B procmail
++(Procmail mail delivery agent)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -34227,7 +35894,7 @@ index 0000000..d65ec02
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -34248,7 +35915,7 @@ index 0000000..d65ec02
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -34259,7 +35926,7 @@ index 0000000..d65ec02
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -34272,18 +35939,24 @@ index 0000000..d65ec02
+selinux(8), procmail(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/psad_selinux.8 b/man/man8/psad_selinux.8
new file mode 100644
-index 0000000..ec9fe83
+index 0000000..f5331cf
--- /dev/null
+++ b/man/man8/psad_selinux.8
-@@ -0,0 +1,119 @@
+@@ -0,0 +1,125 @@
+.TH "psad_selinux" "8" "psad" "dwalsh at redhat.com" "psad SELinux Policy documentation"
+.SH "NAME"
+psad_selinux \- Security Enhanced Linux Policy for the psad processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the psad processes via flexible mandatory access
++
++SELinux Linux secures
++.B psad
++(Intrusion Detection and Log Analysis with iptables)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -34352,7 +36025,7 @@ index 0000000..ec9fe83
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -34373,7 +36046,7 @@ index 0000000..ec9fe83
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -34384,7 +36057,7 @@ index 0000000..ec9fe83
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -34397,7 +36070,7 @@ index 0000000..ec9fe83
+selinux(8), psad(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ptal_selinux.8 b/man/man8/ptal_selinux.8
new file mode 100644
-index 0000000..92799f3
+index 0000000..679eb3c
--- /dev/null
+++ b/man/man8/ptal_selinux.8
@@ -0,0 +1,121 @@
@@ -34406,8 +36079,8 @@ index 0000000..92799f3
+ptal_selinux \- Security Enhanced Linux Policy for the ptal processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ptal processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -34453,7 +36126,7 @@ index 0000000..92799f3
+/var/run/ptal-mlcd(/.*)?, /var/run/ptal-printd(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -34497,7 +36170,7 @@ index 0000000..92799f3
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -34508,7 +36181,7 @@ index 0000000..92799f3
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -34524,18 +36197,24 @@ index 0000000..92799f3
+selinux(8), ptal(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ptchown_selinux.8 b/man/man8/ptchown_selinux.8
new file mode 100644
-index 0000000..2d12021
+index 0000000..3e1f7ab
--- /dev/null
+++ b/man/man8/ptchown_selinux.8
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,77 @@
+.TH "ptchown_selinux" "8" "ptchown" "dwalsh at redhat.com" "ptchown SELinux Policy documentation"
+.SH "NAME"
+ptchown_selinux \- Security Enhanced Linux Policy for the ptchown processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ptchown processes via flexible mandatory access
++
++SELinux Linux secures
++.B ptchown
++(helper function for grantpt(3), changes ownship and permissions of pseudotty)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -34556,7 +36235,7 @@ index 0000000..2d12021
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -34577,7 +36256,7 @@ index 0000000..2d12021
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -34588,7 +36267,7 @@ index 0000000..2d12021
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -34601,18 +36280,24 @@ index 0000000..2d12021
+selinux(8), ptchown(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/publicfile_selinux.8 b/man/man8/publicfile_selinux.8
new file mode 100644
-index 0000000..c83994d
+index 0000000..0235c45
--- /dev/null
+++ b/man/man8/publicfile_selinux.8
-@@ -0,0 +1,83 @@
+@@ -0,0 +1,89 @@
+.TH "publicfile_selinux" "8" "publicfile" "dwalsh at redhat.com" "publicfile SELinux Policy documentation"
+.SH "NAME"
+publicfile_selinux \- Security Enhanced Linux Policy for the publicfile processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the publicfile processes via flexible mandatory access
++
++SELinux Linux secures
++.B publicfile
++(publicfile supplies files to the public through HTTP and FTP)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -34645,7 +36330,7 @@ index 0000000..c83994d
+/usr/bin/httpd, /usr/bin/ftpd
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -34666,7 +36351,7 @@ index 0000000..c83994d
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -34677,7 +36362,7 @@ index 0000000..c83994d
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -34690,18 +36375,24 @@ index 0000000..c83994d
+selinux(8), publicfile(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/pulseaudio_selinux.8 b/man/man8/pulseaudio_selinux.8
new file mode 100644
-index 0000000..8b95e54
+index 0000000..8ca72d3
--- /dev/null
+++ b/man/man8/pulseaudio_selinux.8
-@@ -0,0 +1,133 @@
+@@ -0,0 +1,139 @@
+.TH "pulseaudio_selinux" "8" "pulseaudio" "dwalsh at redhat.com" "pulseaudio SELinux Policy documentation"
+.SH "NAME"
+pulseaudio_selinux \- Security Enhanced Linux Policy for the pulseaudio processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the pulseaudio processes via flexible mandatory access
++
++SELinux Linux secures
++.B pulseaudio
++(Pulseaudio network sound server)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -34758,7 +36449,7 @@ index 0000000..8b95e54
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -34802,7 +36493,7 @@ index 0000000..8b95e54
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -34813,7 +36504,7 @@ index 0000000..8b95e54
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -34829,18 +36520,24 @@ index 0000000..8b95e54
+selinux(8), pulseaudio(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/puppet_selinux.8 b/man/man8/puppet_selinux.8
new file mode 100644
-index 0000000..fd9b696
+index 0000000..c558047
--- /dev/null
+++ b/man/man8/puppet_selinux.8
-@@ -0,0 +1,199 @@
+@@ -0,0 +1,205 @@
+.TH "puppet_selinux" "8" "puppet" "dwalsh at redhat.com" "puppet SELinux Policy documentation"
+.SH "NAME"
+puppet_selinux \- Security Enhanced Linux Policy for the puppet processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the puppet processes via flexible mandatory access
++
++SELinux Linux secures
++.B puppet
++(Puppet client daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. puppet policy is extremely flexible and has several booleans that allow you to manipulate the policy and run puppet with the tightest access possible.
+
@@ -34959,7 +36656,7 @@ index 0000000..fd9b696
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -35003,7 +36700,7 @@ index 0000000..fd9b696
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -35014,7 +36711,7 @@ index 0000000..fd9b696
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -35035,7 +36732,7 @@ index 0000000..fd9b696
\ No newline at end of file
diff --git a/man/man8/puppetca_selinux.8 b/man/man8/puppetca_selinux.8
new file mode 100644
-index 0000000..dd2e8b0
+index 0000000..eb647c7
--- /dev/null
+++ b/man/man8/puppetca_selinux.8
@@ -0,0 +1,71 @@
@@ -35044,8 +36741,8 @@ index 0000000..dd2e8b0
+puppetca_selinux \- Security Enhanced Linux Policy for the puppetca processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the puppetca processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -35067,7 +36764,7 @@ index 0000000..dd2e8b0
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -35088,7 +36785,7 @@ index 0000000..dd2e8b0
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -35099,7 +36796,7 @@ index 0000000..dd2e8b0
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -35112,7 +36809,7 @@ index 0000000..dd2e8b0
+selinux(8), puppetca(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/puppetmaster_selinux.8 b/man/man8/puppetmaster_selinux.8
new file mode 100644
-index 0000000..9fe2594
+index 0000000..5d07daa
--- /dev/null
+++ b/man/man8/puppetmaster_selinux.8
@@ -0,0 +1,102 @@
@@ -35121,8 +36818,8 @@ index 0000000..9fe2594
+puppetmaster_selinux \- Security Enhanced Linux Policy for the puppetmaster processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the puppetmaster processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. puppetmaster policy is extremely flexible and has several booleans that allow you to manipulate the policy and run puppetmaster with the tightest access possible.
@@ -35171,7 +36868,7 @@ index 0000000..9fe2594
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -35192,7 +36889,7 @@ index 0000000..9fe2594
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -35203,7 +36900,7 @@ index 0000000..9fe2594
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -35221,18 +36918,24 @@ index 0000000..9fe2594
\ No newline at end of file
diff --git a/man/man8/pyicqt_selinux.8 b/man/man8/pyicqt_selinux.8
new file mode 100644
-index 0000000..5143c5f
+index 0000000..7c291ab
--- /dev/null
+++ b/man/man8/pyicqt_selinux.8
-@@ -0,0 +1,95 @@
+@@ -0,0 +1,101 @@
+.TH "pyicqt_selinux" "8" "pyicqt" "dwalsh at redhat.com" "pyicqt SELinux Policy documentation"
+.SH "NAME"
+pyicqt_selinux \- Security Enhanced Linux Policy for the pyicqt processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the pyicqt processes via flexible mandatory access
++
++SELinux Linux secures
++.B pyicqt
++(PyICQt is an ICQ transport for XMPP server)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -35277,7 +36980,7 @@ index 0000000..5143c5f
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -35298,7 +37001,7 @@ index 0000000..5143c5f
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -35309,7 +37012,7 @@ index 0000000..5143c5f
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -35322,7 +37025,7 @@ index 0000000..5143c5f
+selinux(8), pyicqt(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/qdiskd_selinux.8 b/man/man8/qdiskd_selinux.8
new file mode 100644
-index 0000000..928e26d
+index 0000000..fe306cf
--- /dev/null
+++ b/man/man8/qdiskd_selinux.8
@@ -0,0 +1,103 @@
@@ -35331,8 +37034,8 @@ index 0000000..928e26d
+qdiskd_selinux \- Security Enhanced Linux Policy for the qdiskd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the qdiskd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -35386,7 +37089,7 @@ index 0000000..928e26d
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -35407,7 +37110,7 @@ index 0000000..928e26d
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -35418,7 +37121,7 @@ index 0000000..928e26d
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -35431,18 +37134,24 @@ index 0000000..928e26d
+selinux(8), qdiskd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/qemu_selinux.8 b/man/man8/qemu_selinux.8
new file mode 100644
-index 0000000..737e170
+index 0000000..1ca4c43
--- /dev/null
+++ b/man/man8/qemu_selinux.8
-@@ -0,0 +1,145 @@
+@@ -0,0 +1,151 @@
+.TH "qemu_selinux" "8" "qemu" "dwalsh at redhat.com" "qemu SELinux Policy documentation"
+.SH "NAME"
+qemu_selinux \- Security Enhanced Linux Policy for the qemu processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the qemu processes via flexible mandatory access
++
++SELinux Linux secures
++.B qemu
++(QEMU machine emulator and virtualizer)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. qemu policy is extremely flexible and has several booleans that allow you to manipulate the policy and run qemu with the tightest access possible.
+
@@ -35533,7 +37242,7 @@ index 0000000..737e170
+/var/run/libvirt/qemu(/.*)?, /var/lib/libvirt/qemu(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -35554,7 +37263,7 @@ index 0000000..737e170
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -35565,7 +37274,7 @@ index 0000000..737e170
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -35583,18 +37292,24 @@ index 0000000..737e170
\ No newline at end of file
diff --git a/man/man8/qmail_selinux.8 b/man/man8/qmail_selinux.8
new file mode 100644
-index 0000000..43bd13e
+index 0000000..d0f7752
--- /dev/null
+++ b/man/man8/qmail_selinux.8
-@@ -0,0 +1,207 @@
+@@ -0,0 +1,213 @@
+.TH "qmail_selinux" "8" "qmail" "dwalsh at redhat.com" "qmail SELinux Policy documentation"
+.SH "NAME"
+qmail_selinux \- Security Enhanced Linux Policy for the qmail processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the qmail processes via flexible mandatory access
++
++SELinux Linux secures
++.B qmail
++(Qmail Mail Server)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -35751,7 +37466,7 @@ index 0000000..43bd13e
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -35772,7 +37487,7 @@ index 0000000..43bd13e
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -35783,7 +37498,7 @@ index 0000000..43bd13e
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -35796,7 +37511,7 @@ index 0000000..43bd13e
+selinux(8), qmail(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/qpidd_selinux.8 b/man/man8/qpidd_selinux.8
new file mode 100644
-index 0000000..d9ba3a8
+index 0000000..712a06e
--- /dev/null
+++ b/man/man8/qpidd_selinux.8
@@ -0,0 +1,107 @@
@@ -35805,8 +37520,8 @@ index 0000000..d9ba3a8
+qpidd_selinux \- Security Enhanced Linux Policy for the qpidd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the qpidd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -35864,7 +37579,7 @@ index 0000000..d9ba3a8
+/var/run/qpidd(/.*)?, /var/run/qpidd\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -35885,7 +37600,7 @@ index 0000000..d9ba3a8
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -35896,7 +37611,7 @@ index 0000000..d9ba3a8
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -35909,18 +37624,24 @@ index 0000000..d9ba3a8
+selinux(8), qpidd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/quota_selinux.8 b/man/man8/quota_selinux.8
new file mode 100644
-index 0000000..22ef1f7
+index 0000000..70b46e9
--- /dev/null
+++ b/man/man8/quota_selinux.8
-@@ -0,0 +1,111 @@
+@@ -0,0 +1,117 @@
+.TH "quota_selinux" "8" "quota" "dwalsh at redhat.com" "quota SELinux Policy documentation"
+.SH "NAME"
+quota_selinux \- Security Enhanced Linux Policy for the quota processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the quota processes via flexible mandatory access
++
++SELinux Linux secures
++.B quota
++(File system quota management)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -35981,7 +37702,7 @@ index 0000000..22ef1f7
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -36002,7 +37723,7 @@ index 0000000..22ef1f7
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -36013,7 +37734,7 @@ index 0000000..22ef1f7
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -36026,18 +37747,24 @@ index 0000000..22ef1f7
+selinux(8), quota(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/rabbitmq_selinux.8 b/man/man8/rabbitmq_selinux.8
new file mode 100644
-index 0000000..bf1ec40
+index 0000000..dc1fda5
--- /dev/null
+++ b/man/man8/rabbitmq_selinux.8
-@@ -0,0 +1,95 @@
+@@ -0,0 +1,101 @@
+.TH "rabbitmq_selinux" "8" "rabbitmq" "dwalsh at redhat.com" "rabbitmq SELinux Policy documentation"
+.SH "NAME"
+rabbitmq_selinux \- Security Enhanced Linux Policy for the rabbitmq processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rabbitmq processes via flexible mandatory access
++
++SELinux Linux secures
++.B rabbitmq
++(policy for rabbitmq)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -36082,7 +37809,7 @@ index 0000000..bf1ec40
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -36103,7 +37830,7 @@ index 0000000..bf1ec40
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -36114,7 +37841,7 @@ index 0000000..bf1ec40
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -36127,7 +37854,7 @@ index 0000000..bf1ec40
+selinux(8), rabbitmq(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/racoon_selinux.8 b/man/man8/racoon_selinux.8
new file mode 100644
-index 0000000..b6e30ce
+index 0000000..d573221
--- /dev/null
+++ b/man/man8/racoon_selinux.8
@@ -0,0 +1,94 @@
@@ -36136,8 +37863,8 @@ index 0000000..b6e30ce
+racoon_selinux \- Security Enhanced Linux Policy for the racoon processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the racoon processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. racoon policy is extremely flexible and has several booleans that allow you to manipulate the policy and run racoon with the tightest access possible.
@@ -36178,7 +37905,7 @@ index 0000000..b6e30ce
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -36199,7 +37926,7 @@ index 0000000..b6e30ce
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -36210,7 +37937,7 @@ index 0000000..b6e30ce
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -36228,7 +37955,7 @@ index 0000000..b6e30ce
\ No newline at end of file
diff --git a/man/man8/radiusd_selinux.8 b/man/man8/radiusd_selinux.8
new file mode 100644
-index 0000000..62d5d95
+index 0000000..6494aab
--- /dev/null
+++ b/man/man8/radiusd_selinux.8
@@ -0,0 +1,172 @@
@@ -36237,8 +37964,8 @@ index 0000000..62d5d95
+radiusd_selinux \- Security Enhanced Linux Policy for the radiusd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the radiusd processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. radiusd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run radiusd with the tightest access possible.
@@ -36331,7 +38058,7 @@ index 0000000..62d5d95
+/var/run/radiusd\.pid, /var/run/radiusd(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -36375,7 +38102,7 @@ index 0000000..62d5d95
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -36386,7 +38113,7 @@ index 0000000..62d5d95
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -36407,18 +38134,24 @@ index 0000000..62d5d95
\ No newline at end of file
diff --git a/man/man8/radvd_selinux.8 b/man/man8/radvd_selinux.8
new file mode 100644
-index 0000000..d6691fd
+index 0000000..e7f45e9
--- /dev/null
+++ b/man/man8/radvd_selinux.8
-@@ -0,0 +1,99 @@
+@@ -0,0 +1,105 @@
+.TH "radvd_selinux" "8" "radvd" "dwalsh at redhat.com" "radvd SELinux Policy documentation"
+.SH "NAME"
+radvd_selinux \- Security Enhanced Linux Policy for the radvd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the radvd processes via flexible mandatory access
++
++SELinux Linux secures
++.B radvd
++(IPv6 router advertisement daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -36467,7 +38200,7 @@ index 0000000..d6691fd
+/var/run/radvd(/.*)?, /var/run/radvd\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -36488,7 +38221,7 @@ index 0000000..d6691fd
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -36499,7 +38232,7 @@ index 0000000..d6691fd
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -36512,18 +38245,24 @@ index 0000000..d6691fd
+selinux(8), radvd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/rdisc_selinux.8 b/man/man8/rdisc_selinux.8
new file mode 100644
-index 0000000..264a0bc
+index 0000000..63759ab
--- /dev/null
+++ b/man/man8/rdisc_selinux.8
-@@ -0,0 +1,75 @@
+@@ -0,0 +1,81 @@
+.TH "rdisc_selinux" "8" "rdisc" "dwalsh at redhat.com" "rdisc SELinux Policy documentation"
+.SH "NAME"
+rdisc_selinux \- Security Enhanced Linux Policy for the rdisc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rdisc processes via flexible mandatory access
++
++SELinux Linux secures
++.B rdisc
++(Network router discovery daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -36548,7 +38287,7 @@ index 0000000..264a0bc
+/usr/sbin/rdisc, /sbin/rdisc
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -36569,7 +38308,7 @@ index 0000000..264a0bc
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -36580,7 +38319,7 @@ index 0000000..264a0bc
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -36593,18 +38332,24 @@ index 0000000..264a0bc
+selinux(8), rdisc(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/readahead_selinux.8 b/man/man8/readahead_selinux.8
new file mode 100644
-index 0000000..ed57482
+index 0000000..7966b58
--- /dev/null
+++ b/man/man8/readahead_selinux.8
-@@ -0,0 +1,95 @@
+@@ -0,0 +1,101 @@
+.TH "readahead_selinux" "8" "readahead" "dwalsh at redhat.com" "readahead SELinux Policy documentation"
+.SH "NAME"
+readahead_selinux \- Security Enhanced Linux Policy for the readahead processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the readahead processes via flexible mandatory access
++
++SELinux Linux secures
++.B readahead
++(Readahead, read files into page cache for improved performance)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -36649,7 +38394,7 @@ index 0000000..ed57482
+/var/run/systemd/readahead(/.*)?, /dev/\.systemd/readahead(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -36670,7 +38415,7 @@ index 0000000..ed57482
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -36681,7 +38426,7 @@ index 0000000..ed57482
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -36694,7 +38439,7 @@ index 0000000..ed57482
+selinux(8), readahead(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/regex_selinux.8 b/man/man8/regex_selinux.8
new file mode 100644
-index 0000000..71b2383
+index 0000000..529dc44
--- /dev/null
+++ b/man/man8/regex_selinux.8
@@ -0,0 +1,79 @@
@@ -36703,8 +38448,8 @@ index 0000000..71b2383
+regex_selinux \- Security Enhanced Linux Policy for the regex processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the regex processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -36734,7 +38479,7 @@ index 0000000..71b2383
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -36755,7 +38500,7 @@ index 0000000..71b2383
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -36766,7 +38511,7 @@ index 0000000..71b2383
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -36779,7 +38524,7 @@ index 0000000..71b2383
+selinux(8), regex(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/restorecond_selinux.8 b/man/man8/restorecond_selinux.8
new file mode 100644
-index 0000000..b547ac0
+index 0000000..5258999
--- /dev/null
+++ b/man/man8/restorecond_selinux.8
@@ -0,0 +1,79 @@
@@ -36788,8 +38533,8 @@ index 0000000..b547ac0
+restorecond_selinux \- Security Enhanced Linux Policy for the restorecond processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the restorecond processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -36819,7 +38564,7 @@ index 0000000..b547ac0
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -36840,7 +38585,7 @@ index 0000000..b547ac0
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -36851,7 +38596,7 @@ index 0000000..b547ac0
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -36864,18 +38609,24 @@ index 0000000..b547ac0
+selinux(8), restorecond(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/rgmanager_selinux.8 b/man/man8/rgmanager_selinux.8
new file mode 100644
-index 0000000..0c85a7b
+index 0000000..b003935
--- /dev/null
+++ b/man/man8/rgmanager_selinux.8
-@@ -0,0 +1,130 @@
+@@ -0,0 +1,136 @@
+.TH "rgmanager_selinux" "8" "rgmanager" "dwalsh at redhat.com" "rgmanager SELinux Policy documentation"
+.SH "NAME"
+rgmanager_selinux \- Security Enhanced Linux Policy for the rgmanager processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rgmanager processes via flexible mandatory access
++
++SELinux Linux secures
++.B rgmanager
++(rgmanager - Resource Group Manager)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. rgmanager policy is extremely flexible and has several booleans that allow you to manipulate the policy and run rgmanager with the tightest access possible.
+
@@ -36951,7 +38702,7 @@ index 0000000..0c85a7b
+/var/run/rgmanager\.pid, /var/run/cluster/rgmanager\.sk
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -36972,7 +38723,7 @@ index 0000000..0c85a7b
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -36983,7 +38734,7 @@ index 0000000..0c85a7b
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -37001,18 +38752,24 @@ index 0000000..0c85a7b
\ No newline at end of file
diff --git a/man/man8/rhev_selinux.8 b/man/man8/rhev_selinux.8
new file mode 100644
-index 0000000..24368e4
+index 0000000..36bcd5b
--- /dev/null
+++ b/man/man8/rhev_selinux.8
-@@ -0,0 +1,111 @@
+@@ -0,0 +1,117 @@
+.TH "rhev_selinux" "8" "rhev" "dwalsh at redhat.com" "rhev SELinux Policy documentation"
+.SH "NAME"
+rhev_selinux \- Security Enhanced Linux Policy for the rhev processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rhev processes via flexible mandatory access
++
++SELinux Linux secures
++.B rhev
++(rhev polic module contains policies for rhev apps)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -37073,7 +38830,7 @@ index 0000000..24368e4
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -37094,7 +38851,7 @@ index 0000000..24368e4
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -37105,7 +38862,7 @@ index 0000000..24368e4
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -37118,18 +38875,24 @@ index 0000000..24368e4
+selinux(8), rhev(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/rhgb_selinux.8 b/man/man8/rhgb_selinux.8
new file mode 100644
-index 0000000..9449828
+index 0000000..af7a010
--- /dev/null
+++ b/man/man8/rhgb_selinux.8
-@@ -0,0 +1,79 @@
+@@ -0,0 +1,85 @@
+.TH "rhgb_selinux" "8" "rhgb" "dwalsh at redhat.com" "rhgb SELinux Policy documentation"
+.SH "NAME"
+rhgb_selinux \- Security Enhanced Linux Policy for the rhgb processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rhgb processes via flexible mandatory access
++
++SELinux Linux secures
++.B rhgb
++( Red Hat Graphical Boot )
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -37158,7 +38921,7 @@ index 0000000..9449828
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -37179,7 +38942,7 @@ index 0000000..9449828
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -37190,7 +38953,7 @@ index 0000000..9449828
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -37203,18 +38966,24 @@ index 0000000..9449828
+selinux(8), rhgb(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/rhsmcertd_selinux.8 b/man/man8/rhsmcertd_selinux.8
new file mode 100644
-index 0000000..9475654
+index 0000000..0ba79be
--- /dev/null
+++ b/man/man8/rhsmcertd_selinux.8
-@@ -0,0 +1,111 @@
+@@ -0,0 +1,117 @@
+.TH "rhsmcertd_selinux" "8" "rhsmcertd" "dwalsh at redhat.com" "rhsmcertd SELinux Policy documentation"
+.SH "NAME"
+rhsmcertd_selinux \- Security Enhanced Linux Policy for the rhsmcertd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rhsmcertd processes via flexible mandatory access
++
++SELinux Linux secures
++.B rhsmcertd
++(Subscription Management Certificate Daemon policy)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -37275,7 +39044,7 @@ index 0000000..9475654
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -37296,7 +39065,7 @@ index 0000000..9475654
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -37307,7 +39076,7 @@ index 0000000..9475654
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -37320,18 +39089,24 @@ index 0000000..9475654
+selinux(8), rhsmcertd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ricci_selinux.8 b/man/man8/ricci_selinux.8
new file mode 100644
-index 0000000..3535205
+index 0000000..3a36033
--- /dev/null
+++ b/man/man8/ricci_selinux.8
-@@ -0,0 +1,240 @@
+@@ -0,0 +1,246 @@
+.TH "ricci_selinux" "8" "ricci" "dwalsh at redhat.com" "ricci SELinux Policy documentation"
+.SH "NAME"
+ricci_selinux \- Security Enhanced Linux Policy for the ricci processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ricci processes via flexible mandatory access
++
++SELinux Linux secures
++.B ricci
++(Ricci cluster management agent)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -37484,7 +39259,7 @@ index 0000000..3535205
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -37539,7 +39314,7 @@ index 0000000..3535205
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -37550,7 +39325,7 @@ index 0000000..3535205
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -37566,7 +39341,7 @@ index 0000000..3535205
+selinux(8), ricci(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/rlogind_selinux.8 b/man/man8/rlogind_selinux.8
new file mode 100644
-index 0000000..f68d8ef
+index 0000000..b86f39b
--- /dev/null
+++ b/man/man8/rlogind_selinux.8
@@ -0,0 +1,137 @@
@@ -37575,8 +39350,8 @@ index 0000000..f68d8ef
+rlogind_selinux \- Security Enhanced Linux Policy for the rlogind processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rlogind processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -37638,7 +39413,7 @@ index 0000000..f68d8ef
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -37682,7 +39457,7 @@ index 0000000..f68d8ef
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -37693,7 +39468,7 @@ index 0000000..f68d8ef
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -37709,18 +39484,24 @@ index 0000000..f68d8ef
+selinux(8), rlogind(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/roundup_selinux.8 b/man/man8/roundup_selinux.8
new file mode 100644
-index 0000000..163cf1f
+index 0000000..5269077
--- /dev/null
+++ b/man/man8/roundup_selinux.8
-@@ -0,0 +1,95 @@
+@@ -0,0 +1,101 @@
+.TH "roundup_selinux" "8" "roundup" "dwalsh at redhat.com" "roundup SELinux Policy documentation"
+.SH "NAME"
+roundup_selinux \- Security Enhanced Linux Policy for the roundup processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the roundup processes via flexible mandatory access
++
++SELinux Linux secures
++.B roundup
++(Roundup Issue Tracking System policy)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -37765,7 +39546,7 @@ index 0000000..163cf1f
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -37786,7 +39567,7 @@ index 0000000..163cf1f
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -37797,7 +39578,7 @@ index 0000000..163cf1f
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -37810,18 +39591,24 @@ index 0000000..163cf1f
+selinux(8), roundup(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/rpcbind_selinux.8 b/man/man8/rpcbind_selinux.8
new file mode 100644
-index 0000000..3c49300
+index 0000000..8fdfc21
--- /dev/null
+++ b/man/man8/rpcbind_selinux.8
-@@ -0,0 +1,107 @@
+@@ -0,0 +1,113 @@
+.TH "rpcbind_selinux" "8" "rpcbind" "dwalsh at redhat.com" "rpcbind SELinux Policy documentation"
+.SH "NAME"
+rpcbind_selinux \- Security Enhanced Linux Policy for the rpcbind processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rpcbind processes via flexible mandatory access
++
++SELinux Linux secures
++.B rpcbind
++(Universal Addresses to RPC Program Number Mapper)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -37878,7 +39665,7 @@ index 0000000..3c49300
+/var/run/rpcbind\.sock, /var/run/rpcbind\.lock, /var/run/rpc.statd\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -37899,7 +39686,7 @@ index 0000000..3c49300
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -37910,7 +39697,7 @@ index 0000000..3c49300
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -37923,7 +39710,7 @@ index 0000000..3c49300
+selinux(8), rpcbind(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/rpcd_selinux.8 b/man/man8/rpcd_selinux.8
new file mode 100644
-index 0000000..1897cbf
+index 0000000..b122acb
--- /dev/null
+++ b/man/man8/rpcd_selinux.8
@@ -0,0 +1,111 @@
@@ -37932,8 +39719,8 @@ index 0000000..1897cbf
+rpcd_selinux \- Security Enhanced Linux Policy for the rpcd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rpcd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -37995,7 +39782,7 @@ index 0000000..1897cbf
+/var/run/rpc\.statd(/.*)?, /var/run/rpc\.statd\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -38016,7 +39803,7 @@ index 0000000..1897cbf
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -38027,7 +39814,7 @@ index 0000000..1897cbf
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -38040,18 +39827,24 @@ index 0000000..1897cbf
+selinux(8), rpcd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/rpm_selinux.8 b/man/man8/rpm_selinux.8
new file mode 100644
-index 0000000..13dc1c5
+index 0000000..2c01fa3
--- /dev/null
+++ b/man/man8/rpm_selinux.8
-@@ -0,0 +1,171 @@
+@@ -0,0 +1,177 @@
+.TH "rpm_selinux" "8" "rpm" "dwalsh at redhat.com" "rpm SELinux Policy documentation"
+.SH "NAME"
+rpm_selinux \- Security Enhanced Linux Policy for the rpm processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rpm processes via flexible mandatory access
++
++SELinux Linux secures
++.B rpm
++(Policy for the RPM package manager)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -38172,7 +39965,7 @@ index 0000000..13dc1c5
+/var/run/PackageKit(/.*)?, /var/run/yum.*
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -38193,7 +39986,7 @@ index 0000000..13dc1c5
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -38204,7 +39997,7 @@ index 0000000..13dc1c5
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -38217,18 +40010,24 @@ index 0000000..13dc1c5
+selinux(8), rpm(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/rshd_selinux.8 b/man/man8/rshd_selinux.8
new file mode 100644
-index 0000000..99e4004
+index 0000000..929f616
--- /dev/null
+++ b/man/man8/rshd_selinux.8
-@@ -0,0 +1,109 @@
+@@ -0,0 +1,115 @@
+.TH "rshd_selinux" "8" "rshd" "dwalsh at redhat.com" "rshd SELinux Policy documentation"
+.SH "NAME"
+rshd_selinux \- Security Enhanced Linux Policy for the rshd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rshd processes via flexible mandatory access
++
++SELinux Linux secures
++.B rshd
++(Remote shell service)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -38261,7 +40060,7 @@ index 0000000..99e4004
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -38305,7 +40104,7 @@ index 0000000..99e4004
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -38316,7 +40115,7 @@ index 0000000..99e4004
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -38332,18 +40131,24 @@ index 0000000..99e4004
+selinux(8), rshd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/rssh_selinux.8 b/man/man8/rssh_selinux.8
new file mode 100644
-index 0000000..26e94d2
+index 0000000..fea92f8
--- /dev/null
+++ b/man/man8/rssh_selinux.8
-@@ -0,0 +1,95 @@
+@@ -0,0 +1,101 @@
+.TH "rssh_selinux" "8" "rssh" "dwalsh at redhat.com" "rssh SELinux Policy documentation"
+.SH "NAME"
+rssh_selinux \- Security Enhanced Linux Policy for the rssh processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rssh processes via flexible mandatory access
++
++SELinux Linux secures
++.B rssh
++(Restricted (scp/sftp) only shell)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -38388,7 +40193,7 @@ index 0000000..26e94d2
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -38409,7 +40214,7 @@ index 0000000..26e94d2
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -38420,7 +40225,7 @@ index 0000000..26e94d2
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -38432,10 +40237,10 @@ index 0000000..26e94d2
+.SH "SEE ALSO"
+selinux(8), rssh(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/rsync_selinux.8 b/man/man8/rsync_selinux.8
-index ad9ccf5..74aa09b 100644
+index ad9ccf5..65a1b3e 100644
--- a/man/man8/rsync_selinux.8
+++ b/man/man8/rsync_selinux.8
-@@ -1,52 +1,199 @@
+@@ -1,52 +1,205 @@
-.TH "rsync_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "rsync Selinux Policy documentation"
-.de EX
-.nf
@@ -38452,7 +40257,11 @@ index ad9ccf5..74aa09b 100644
.SH "DESCRIPTION"
-Security-Enhanced Linux secures the rsync server via flexible mandatory access
-+Security-Enhanced Linux secures the rsync processes via flexible mandatory access
++
++SELinux Linux secures
++.B rsync
++(Fast incremental file transfer for synchronization)
++processes via flexible mandatory access
control.
-.SH FILE_CONTEXTS
-SELinux requires files to have an extended attribute to define the file type.
@@ -38465,6 +40274,8 @@ index ad9ccf5..74aa09b 100644
-.TP
-To make this change permanent (survive a relabel), use the semanage command to add the change to file context configuration:
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. rsync policy is extremely flexible and has several booleans that allow you to manipulate the policy and run rsync with the tightest access possible.
+
@@ -38515,7 +40326,7 @@ index ad9ccf5..74aa09b 100644
-Run the restorecon command to apply the changes:
-.TP
-restorecon -R -v /var/rsync/
-+Allow rsync servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_rsyncd_anon_write boolean to be set.
++Allow rsync servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_rsync_anon_write boolean to be set.
+.PP
+.B
+semanage fcontext -a -t public_content_rw_t "/var/rsync/incoming(/.*)?"
@@ -38596,7 +40407,7 @@ index ad9ccf5..74aa09b 100644
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -38640,7 +40451,7 @@ index ad9ccf5..74aa09b 100644
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -38651,7 +40462,7 @@ index ad9ccf5..74aa09b 100644
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -38674,18 +40485,24 @@ index ad9ccf5..74aa09b 100644
\ No newline at end of file
diff --git a/man/man8/rtkit_selinux.8 b/man/man8/rtkit_selinux.8
new file mode 100644
-index 0000000..ca5eed7
+index 0000000..50cb948
--- /dev/null
+++ b/man/man8/rtkit_selinux.8
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,77 @@
+.TH "rtkit_selinux" "8" "rtkit" "dwalsh at redhat.com" "rtkit SELinux Policy documentation"
+.SH "NAME"
+rtkit_selinux \- Security Enhanced Linux Policy for the rtkit processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rtkit processes via flexible mandatory access
++
++SELinux Linux secures
++.B rtkit
++(Realtime scheduling for user processes)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -38706,7 +40523,7 @@ index 0000000..ca5eed7
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -38727,7 +40544,7 @@ index 0000000..ca5eed7
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -38738,7 +40555,7 @@ index 0000000..ca5eed7
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -38751,7 +40568,7 @@ index 0000000..ca5eed7
+selinux(8), rtkit(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/run_selinux.8 b/man/man8/run_selinux.8
new file mode 100644
-index 0000000..8894ea9
+index 0000000..75796ad
--- /dev/null
+++ b/man/man8/run_selinux.8
@@ -0,0 +1,100 @@
@@ -38760,8 +40577,8 @@ index 0000000..8894ea9
+run_selinux \- Security Enhanced Linux Policy for the run processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the run processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. run policy is extremely flexible and has several booleans that allow you to manipulate the policy and run run with the tightest access possible.
@@ -38808,7 +40625,7 @@ index 0000000..8894ea9
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -38829,7 +40646,7 @@ index 0000000..8894ea9
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -38840,7 +40657,7 @@ index 0000000..8894ea9
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -38858,18 +40675,24 @@ index 0000000..8894ea9
\ No newline at end of file
diff --git a/man/man8/rwho_selinux.8 b/man/man8/rwho_selinux.8
new file mode 100644
-index 0000000..5b7747f
+index 0000000..65c182c
--- /dev/null
+++ b/man/man8/rwho_selinux.8
-@@ -0,0 +1,121 @@
+@@ -0,0 +1,127 @@
+.TH "rwho_selinux" "8" "rwho" "dwalsh at redhat.com" "rwho SELinux Policy documentation"
+.SH "NAME"
+rwho_selinux \- Security Enhanced Linux Policy for the rwho processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the rwho processes via flexible mandatory access
++
++SELinux Linux secures
++.B rwho
++(Who is logged in on other machines?)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -38914,7 +40737,7 @@ index 0000000..5b7747f
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -38958,7 +40781,7 @@ index 0000000..5b7747f
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -38969,7 +40792,7 @@ index 0000000..5b7747f
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -38984,10 +40807,10 @@ index 0000000..5b7747f
+.SH "SEE ALSO"
+selinux(8), rwho(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/samba_selinux.8 b/man/man8/samba_selinux.8
-index ca702c7..d02c913 100644
+index ca702c7..9dcd145 100644
--- a/man/man8/samba_selinux.8
+++ b/man/man8/samba_selinux.8
-@@ -1,56 +1,252 @@
+@@ -1,56 +1,262 @@
-.TH "samba_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "Samba Selinux Policy documentation"
+.TH "samba_selinux" "8" "samba" "dwalsh at redhat.com" "samba SELinux Policy documentation"
.SH "NAME"
@@ -38996,7 +40819,15 @@ index ca702c7..d02c913 100644
.SH "DESCRIPTION"
-Security-Enhanced Linux secures the Samba server via flexible mandatory access
-+Security-Enhanced Linux secures the samba processes via flexible mandatory access
++
++SELinux Linux secures
++.B samba
++(
++SMB and CIFS client/server programs for UNIX and
++name Service Switch daemon for resolving names
++from Windows NT servers.
++)
++processes via flexible mandatory access
control.
-.SH FILE_CONTEXTS
-SELinux requires files to have an extended attribute to define the file type.
@@ -39023,6 +40854,8 @@ index ca702c7..d02c913 100644
-If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for samba you would execute:
-
-setsebool -P allow_smbd_anon_write=1
++
++
.SH BOOLEANS
-.br
@@ -39137,7 +40970,7 @@ index ca702c7..d02c913 100644
+
+- Set files with the samba_initrc_exec_t type, if you want to transition an executable to the samba_initrc_t domain.
+
- .br
++.br
+.TP 5
+Paths:
+/etc/rc\.d/init\.d/nmb, /etc/rc\.d/init\.d/smb, /etc/rc\.d/init\.d/winbind
@@ -39173,7 +41006,7 @@ index ca702c7..d02c913 100644
+
+- Set files with the samba_secrets_t type, if you want to treat the files as samba secrets data.
+
-+.br
+ .br
+.TP 5
+Paths:
+/etc/samba/secrets\.tdb, /etc/samba/passdb\.tdb, /etc/samba/MACHINE\.SID, /etc/samba/smbpasswd
@@ -39227,7 +41060,7 @@ index ca702c7..d02c913 100644
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -39248,7 +41081,7 @@ index ca702c7..d02c913 100644
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -39259,7 +41092,7 @@ index ca702c7..d02c913 100644
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
-setsebool -P samba_enable_home_dirs 1
-.TP
@@ -39286,18 +41119,24 @@ index ca702c7..d02c913 100644
\ No newline at end of file
diff --git a/man/man8/sambagui_selinux.8 b/man/man8/sambagui_selinux.8
new file mode 100644
-index 0000000..ebcadb5
+index 0000000..763d193
--- /dev/null
+++ b/man/man8/sambagui_selinux.8
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,77 @@
+.TH "sambagui_selinux" "8" "sambagui" "dwalsh at redhat.com" "sambagui SELinux Policy documentation"
+.SH "NAME"
+sambagui_selinux \- Security Enhanced Linux Policy for the sambagui processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sambagui processes via flexible mandatory access
++
++SELinux Linux secures
++.B sambagui
++(system-config-samba dbus service policy)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -39318,7 +41157,7 @@ index 0000000..ebcadb5
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -39339,7 +41178,7 @@ index 0000000..ebcadb5
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -39350,7 +41189,7 @@ index 0000000..ebcadb5
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -39363,18 +41202,24 @@ index 0000000..ebcadb5
+selinux(8), sambagui(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/sandbox_selinux.8 b/man/man8/sandbox_selinux.8
new file mode 100644
-index 0000000..e03bd16
+index 0000000..437feff
--- /dev/null
+++ b/man/man8/sandbox_selinux.8
-@@ -0,0 +1,142 @@
+@@ -0,0 +1,148 @@
+.TH "sandbox_selinux" "8" "sandbox" "dwalsh at redhat.com" "sandbox SELinux Policy documentation"
+.SH "NAME"
+sandbox_selinux \- Security Enhanced Linux Policy for the sandbox processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sandbox processes via flexible mandatory access
++
++SELinux Linux secures
++.B sandbox
++(policy for sandbox)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. sandbox policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sandbox with the tightest access possible.
+
@@ -39462,7 +41307,7 @@ index 0000000..e03bd16
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -39483,7 +41328,7 @@ index 0000000..e03bd16
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -39494,7 +41339,7 @@ index 0000000..e03bd16
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -39512,18 +41357,24 @@ index 0000000..e03bd16
\ No newline at end of file
diff --git a/man/man8/sanlock_selinux.8 b/man/man8/sanlock_selinux.8
new file mode 100644
-index 0000000..035db8a
+index 0000000..b15e691
--- /dev/null
+++ b/man/man8/sanlock_selinux.8
-@@ -0,0 +1,124 @@
+@@ -0,0 +1,130 @@
+.TH "sanlock_selinux" "8" "sanlock" "dwalsh at redhat.com" "sanlock SELinux Policy documentation"
+.SH "NAME"
+sanlock_selinux \- Security Enhanced Linux Policy for the sanlock processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sanlock processes via flexible mandatory access
++
++SELinux Linux secures
++.B sanlock
++(policy for sanlock)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. sanlock policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sanlock with the tightest access possible.
+
@@ -39593,7 +41444,7 @@ index 0000000..035db8a
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -39614,7 +41465,7 @@ index 0000000..035db8a
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -39625,7 +41476,7 @@ index 0000000..035db8a
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -39643,7 +41494,7 @@ index 0000000..035db8a
\ No newline at end of file
diff --git a/man/man8/saslauthd_selinux.8 b/man/man8/saslauthd_selinux.8
new file mode 100644
-index 0000000..5458895
+index 0000000..8a922b3
--- /dev/null
+++ b/man/man8/saslauthd_selinux.8
@@ -0,0 +1,114 @@
@@ -39652,8 +41503,8 @@ index 0000000..5458895
+saslauthd_selinux \- Security Enhanced Linux Policy for the saslauthd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the saslauthd processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. saslauthd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run saslauthd with the tightest access possible.
@@ -39714,7 +41565,7 @@ index 0000000..5458895
+/var/lib/sasl2(/.*)?, /var/run/saslauthd(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -39735,7 +41586,7 @@ index 0000000..5458895
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -39746,7 +41597,7 @@ index 0000000..5458895
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -39764,18 +41615,24 @@ index 0000000..5458895
\ No newline at end of file
diff --git a/man/man8/sblim_selinux.8 b/man/man8/sblim_selinux.8
new file mode 100644
-index 0000000..29afb9c
+index 0000000..5c6807e
--- /dev/null
+++ b/man/man8/sblim_selinux.8
-@@ -0,0 +1,87 @@
+@@ -0,0 +1,93 @@
+.TH "sblim_selinux" "8" "sblim" "dwalsh at redhat.com" "sblim SELinux Policy documentation"
+.SH "NAME"
+sblim_selinux \- Security Enhanced Linux Policy for the sblim processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sblim processes via flexible mandatory access
++
++SELinux Linux secures
++.B sblim
++( policy for SBLIM Gatherer )
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -39812,7 +41669,7 @@ index 0000000..29afb9c
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -39833,7 +41690,7 @@ index 0000000..29afb9c
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -39844,7 +41701,7 @@ index 0000000..29afb9c
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -39855,263 +41712,118 @@ index 0000000..29afb9c
+
+.SH "SEE ALSO"
+selinux(8), sblim(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/sectoolm_selinux.8 b/man/man8/sectoolm_selinux.8
+diff --git a/man/man8/secadm_selinux.8 b/man/man8/secadm_selinux.8
new file mode 100644
-index 0000000..c1232de
+index 0000000..6bf3e2b
--- /dev/null
-+++ b/man/man8/sectoolm_selinux.8
-@@ -0,0 +1,71 @@
-+.TH "sectoolm_selinux" "8" "sectoolm" "dwalsh at redhat.com" "sectoolm SELinux Policy documentation"
++++ b/man/man8/secadm_selinux.8
+@@ -0,0 +1,65 @@
++.TH "secadm_selinux" "8" "secadm" "mgrepl at redhat.com" "secadm SELinux Policy documentation"
+.SH "NAME"
-+sectoolm_selinux \- Security Enhanced Linux Policy for the sectoolm processes
-+.SH "DESCRIPTION"
-+
-+Security-Enhanced Linux secures the sectoolm processes via flexible mandatory access
-+control.
-+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux sectoolm policy is very flexible allowing users to setup their sectoolm processes in as secure a method as possible.
-+.PP
-+The following file types are defined for sectoolm:
++secadm_r \- \fBSecurity administrator role\fP - Security Enhanced Linux Policy
+
++.SH DESCRIPTION
+
-+.EX
-+.PP
-+.B sectoolm_exec_t
-+.EE
++SELinux supports Roles Based Access Control, some Linux roles are login roles, while other roles need to be transition to.
+
-+- Set files with the sectoolm_exec_t type, if you want to transition an executable to the sectoolm_t domain.
++Note: The examples in the man page will user the staff_u user.
+
++Non login roles are usually used for administrative tasks.
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++Roles usually have default types assigned to them.
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux sectoolm policy is very flexible allowing users to setup their sectoolm processes in as secure a method as possible.
-+.PP
-+The following process types are defined for sectoolm:
++The default type for the secadm_r role is secadm_t.
+
-+.EX
-+.B sectoolm_t
-+.EE
-+.PP
-+Note:
-+.B semanage permississive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++You can use the
++.B newrole
++program to transition directly to this role.
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
-+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
-+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
-+
-+.SH "SEE ALSO"
-+selinux(8), sectoolm(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/selinux_selinux.8 b/man/man8/selinux_selinux.8
-new file mode 100644
-index 0000000..c58d504
---- /dev/null
-+++ b/man/man8/selinux_selinux.8
-@@ -0,0 +1,99 @@
-+.TH "selinux_selinux" "8" "selinux" "dwalsh at redhat.com" "selinux SELinux Policy documentation"
-+.SH "NAME"
-+selinux_selinux \- Security Enhanced Linux Policy for the selinux processes
-+.SH "DESCRIPTION"
++.B newrole -r secadm_r -t secadm_t
+
-+Security-Enhanced Linux secures the selinux processes via flexible mandatory access
-+control.
-+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux selinux policy is very flexible allowing users to setup their selinux processes in as secure a method as possible.
-+.PP
-+The following file types are defined for selinux:
-+
-+
-+.EX
-+.PP
-+.B selinux_config_t
-+.EE
-+
-+- Set files with the selinux_config_t type, if you want to treat the files as selinux configuration data, usually stored under the /etc directory.
++.B sudo
++can also be setup to transition to this role using the visudo command.
+
++USERNAME ALL=(ALL) ROLE=secadm_r TYPE=secadm_t COMMAND
+.br
-+.TP 5
-+Paths:
-+/etc/selinux/([^/]*/)?users(/.*)?, /etc/selinux(/.*)?, /etc/selinux/([^/]*/)?seusers, /etc/selinux/([^/]*/)?setrans\.conf
++sudo will run COMMAND as staff_u:secadm_r:secadm_t:LEVEL
+
-+.EX
-+.PP
-+.B selinux_munin_plugin_exec_t
-+.EE
++If you want to use a non login role, you need to make sure the SELinux user you are using can reach this role.
+
-+- Set files with the selinux_munin_plugin_exec_t type, if you want to transition an executable to the selinux_munin_plugin_t domain.
++You can see all of the assigned SELinux roles using the following
+
++.B semanage user -l
+
-+.EX
-+.PP
-+.B selinux_munin_plugin_tmp_t
-+.EE
++If you wanted to add secadm_r to the staff_u user, you would execute:
+
-+- Set files with the selinux_munin_plugin_tmp_t type, if you want to store selinux munin plugin temporary files in the /tmp directories.
++.B $ semanage user -m -R 'staff_r secadm_r' staff_u
+
+
-+.EX
-+.PP
-+.B selinux_var_lib_t
-+.EE
+
-+- Set files with the selinux_var_lib_t type, if you want to store the selinux files under the /var/lib directory.
++SELinux policy also controls which roles can transition to a different role.
++You can list these rules using the following command.
+
++.B sesearch --role_allow
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
-+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux selinux policy is very flexible allowing users to setup their selinux processes in as secure a method as possible.
-+.PP
-+The following process types are defined for selinux:
++SELinux policy allows the sysadm_r, staff_r, auditadm_r roles can transition to the secadm_r role.
+
-+.EX
-+.B selinux_munin_plugin_t
-+.EE
-+.PP
-+Note:
-+.B semanage permississive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
+
-+.PP
++.B semanage login
++can also be used to manipulate the Linux User to SELinux User mappings
++
++.B semanage user
++can also be used to manipulate SELinux user definitions.
++
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was autogenerated by genuserman.py.
+
+.SH "SEE ALSO"
-+selinux(8), selinux(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/semanage_selinux.8 b/man/man8/semanage_selinux.8
++selinux(8), semanage(8).
+diff --git a/man/man8/sectoolm_selinux.8 b/man/man8/sectoolm_selinux.8
new file mode 100644
-index 0000000..32ccc93
+index 0000000..232ac2e
--- /dev/null
-+++ b/man/man8/semanage_selinux.8
-@@ -0,0 +1,111 @@
-+.TH "semanage_selinux" "8" "semanage" "dwalsh at redhat.com" "semanage SELinux Policy documentation"
++++ b/man/man8/sectoolm_selinux.8
+@@ -0,0 +1,77 @@
++.TH "sectoolm_selinux" "8" "sectoolm" "dwalsh at redhat.com" "sectoolm SELinux Policy documentation"
+.SH "NAME"
-+semanage_selinux \- Security Enhanced Linux Policy for the semanage processes
++sectoolm_selinux \- Security Enhanced Linux Policy for the sectoolm processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the semanage processes via flexible mandatory access
++
++SELinux Linux secures
++.B sectoolm
++(Sectool security audit tool)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux semanage policy is very flexible allowing users to setup their semanage processes in as secure a method as possible.
++SELinux sectoolm policy is very flexible allowing users to setup their sectoolm processes in as secure a method as possible.
+.PP
-+The following file types are defined for semanage:
-+
-+
-+.EX
-+.PP
-+.B semanage_exec_t
-+.EE
-+
-+- Set files with the semanage_exec_t type, if you want to transition an executable to the semanage_t domain.
-+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/system-config-selinux/system-config-selinux-dbus\.py, /usr/sbin/semanage, /usr/sbin/semodule
-+
-+.EX
-+.PP
-+.B semanage_read_lock_t
-+.EE
-+
-+- Set files with the semanage_read_lock_t type, if you want to treat the files as semanage read lock data, stored under the /var/lock directory
-+
-+
-+.EX
-+.PP
-+.B semanage_store_t
-+.EE
-+
-+- Set files with the semanage_store_t type, if you want to treat the files as semanage store data.
-+
-+.br
-+.TP 5
-+Paths:
-+/etc/share/selinux/mls(/.*)?, /etc/selinux/([^/]*/)?modules/(active|tmp|previous)(/.*)?, /etc/selinux/([^/]*/)?policy(/.*)?, /etc/share/selinux/targeted(/.*)?
-+
-+.EX
-+.PP
-+.B semanage_tmp_t
-+.EE
-+
-+- Set files with the semanage_tmp_t type, if you want to store semanage temporary files in the /tmp directories.
++The following file types are defined for sectoolm:
+
+
+.EX
+.PP
-+.B semanage_trans_lock_t
++.B sectoolm_exec_t
+.EE
+
-+- Set files with the semanage_trans_lock_t type, if you want to treat the files as semanage trans lock data, stored under the /var/lock directory
++- Set files with the sectoolm_exec_t type, if you want to transition an executable to the sectoolm_t domain.
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -40123,16 +41835,16 @@ index 0000000..32ccc93
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux semanage policy is very flexible allowing users to setup their semanage processes in as secure a method as possible.
++SELinux sectoolm policy is very flexible allowing users to setup their sectoolm processes in as secure a method as possible.
+.PP
-+The following process types are defined for semanage:
++The following process types are defined for sectoolm:
+
+.EX
-+.B semanage_t
++.B sectoolm_t
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -40143,7 +41855,237 @@ index 0000000..32ccc93
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was autogenerated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), sectoolm(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/selinux_selinux.8 b/man/man8/selinux_selinux.8
+new file mode 100644
+index 0000000..42b09e3
+--- /dev/null
++++ b/man/man8/selinux_selinux.8
+@@ -0,0 +1,107 @@
++.TH "selinux_selinux" "8" "selinux" "dwalsh at redhat.com" "selinux SELinux Policy documentation"
++.SH "NAME"
++selinux_selinux \- Security Enhanced Linux Policy for the selinux processes
++.SH "DESCRIPTION"
++
++
++SELinux Linux secures
++.B selinux
++(
++Policy for kernel security interface, in particular, selinuxfs.
++)
++processes via flexible mandatory access
++control.
++
++
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux selinux policy is very flexible allowing users to setup their selinux processes in as secure a method as possible.
++.PP
++The following file types are defined for selinux:
++
++
++.EX
++.PP
++.B selinux_config_t
++.EE
++
++- Set files with the selinux_config_t type, if you want to treat the files as selinux configuration data, usually stored under the /etc directory.
++
++.br
++.TP 5
++Paths:
++/etc/selinux/([^/]*/)?users(/.*)?, /etc/selinux(/.*)?, /etc/selinux/([^/]*/)?seusers, /etc/selinux/([^/]*/)?setrans\.conf
++
++.EX
++.PP
++.B selinux_munin_plugin_exec_t
++.EE
++
++- Set files with the selinux_munin_plugin_exec_t type, if you want to transition an executable to the selinux_munin_plugin_t domain.
++
++
++.EX
++.PP
++.B selinux_munin_plugin_tmp_t
++.EE
++
++- Set files with the selinux_munin_plugin_tmp_t type, if you want to store selinux munin plugin temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B selinux_var_lib_t
++.EE
++
++- Set files with the selinux_var_lib_t type, if you want to store the selinux files under the /var/lib directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux selinux policy is very flexible allowing users to setup their selinux processes in as secure a method as possible.
++.PP
++The following process types are defined for selinux:
++
++.EX
++.B selinux_munin_plugin_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was autogenerated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), selinux(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/semanage_selinux.8 b/man/man8/semanage_selinux.8
+new file mode 100644
+index 0000000..ad680da
+--- /dev/null
++++ b/man/man8/semanage_selinux.8
+@@ -0,0 +1,111 @@
++.TH "semanage_selinux" "8" "semanage" "dwalsh at redhat.com" "semanage SELinux Policy documentation"
++.SH "NAME"
++semanage_selinux \- Security Enhanced Linux Policy for the semanage processes
++.SH "DESCRIPTION"
++
++
++
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux semanage policy is very flexible allowing users to setup their semanage processes in as secure a method as possible.
++.PP
++The following file types are defined for semanage:
++
++
++.EX
++.PP
++.B semanage_exec_t
++.EE
++
++- Set files with the semanage_exec_t type, if you want to transition an executable to the semanage_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/share/system-config-selinux/system-config-selinux-dbus\.py, /usr/sbin/semanage, /usr/sbin/semodule
++
++.EX
++.PP
++.B semanage_read_lock_t
++.EE
++
++- Set files with the semanage_read_lock_t type, if you want to treat the files as semanage read lock data, stored under the /var/lock directory
++
++
++.EX
++.PP
++.B semanage_store_t
++.EE
++
++- Set files with the semanage_store_t type, if you want to treat the files as semanage store data.
++
++.br
++.TP 5
++Paths:
++/etc/share/selinux/mls(/.*)?, /etc/selinux/([^/]*/)?modules/(active|tmp|previous)(/.*)?, /etc/selinux/([^/]*/)?policy(/.*)?, /etc/share/selinux/targeted(/.*)?
++
++.EX
++.PP
++.B semanage_tmp_t
++.EE
++
++- Set files with the semanage_tmp_t type, if you want to store semanage temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B semanage_trans_lock_t
++.EE
++
++- Set files with the semanage_trans_lock_t type, if you want to treat the files as semanage trans lock data, stored under the /var/lock directory
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux semanage policy is very flexible allowing users to setup their semanage processes in as secure a method as possible.
++.PP
++The following process types are defined for semanage:
++
++.EX
++.B semanage_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -40156,18 +42098,24 @@ index 0000000..32ccc93
+selinux(8), semanage(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/sendmail_selinux.8 b/man/man8/sendmail_selinux.8
new file mode 100644
-index 0000000..37d0591
+index 0000000..f2e3fa2
--- /dev/null
+++ b/man/man8/sendmail_selinux.8
-@@ -0,0 +1,152 @@
+@@ -0,0 +1,158 @@
+.TH "sendmail_selinux" "8" "sendmail" "dwalsh at redhat.com" "sendmail SELinux Policy documentation"
+.SH "NAME"
+sendmail_selinux \- Security Enhanced Linux Policy for the sendmail processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sendmail processes via flexible mandatory access
++
++SELinux Linux secures
++.B sendmail
++(Policy for sendmail)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. sendmail policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sendmail with the tightest access possible.
+
@@ -40265,7 +42213,7 @@ index 0000000..37d0591
+/var/run/sendmail\.pid, /var/run/sm-client\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -40286,7 +42234,7 @@ index 0000000..37d0591
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -40297,7 +42245,7 @@ index 0000000..37d0591
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -40315,7 +42263,7 @@ index 0000000..37d0591
\ No newline at end of file
diff --git a/man/man8/services_selinux.8 b/man/man8/services_selinux.8
new file mode 100644
-index 0000000..4a816d3
+index 0000000..08da721
--- /dev/null
+++ b/man/man8/services_selinux.8
@@ -0,0 +1,83 @@
@@ -40324,8 +42272,8 @@ index 0000000..4a816d3
+services_selinux \- Security Enhanced Linux Policy for the services processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the services processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -40359,7 +42307,7 @@ index 0000000..4a816d3
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -40380,7 +42328,7 @@ index 0000000..4a816d3
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -40391,7 +42339,7 @@ index 0000000..4a816d3
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -40404,7 +42352,7 @@ index 0000000..4a816d3
+selinux(8), services(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/setfiles_selinux.8 b/man/man8/setfiles_selinux.8
new file mode 100644
-index 0000000..de1733a
+index 0000000..33dfb2f
--- /dev/null
+++ b/man/man8/setfiles_selinux.8
@@ -0,0 +1,75 @@
@@ -40413,8 +42361,8 @@ index 0000000..de1733a
+setfiles_selinux \- Security Enhanced Linux Policy for the setfiles processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the setfiles processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -40440,7 +42388,7 @@ index 0000000..de1733a
+/sbin/setfiles.*, /sbin/restorecon, /usr/sbin/setfiles.*, /usr/sbin/restorecon
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -40461,7 +42409,7 @@ index 0000000..de1733a
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -40472,7 +42420,7 @@ index 0000000..de1733a
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -40485,7 +42433,7 @@ index 0000000..de1733a
+selinux(8), setfiles(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/setkey_selinux.8 b/man/man8/setkey_selinux.8
new file mode 100644
-index 0000000..0eca4ce
+index 0000000..8a21ecc
--- /dev/null
+++ b/man/man8/setkey_selinux.8
@@ -0,0 +1,75 @@
@@ -40494,8 +42442,8 @@ index 0000000..0eca4ce
+setkey_selinux \- Security Enhanced Linux Policy for the setkey processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the setkey processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -40521,7 +42469,7 @@ index 0000000..0eca4ce
+/usr/sbin/setkey, /sbin/setkey
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -40542,7 +42490,7 @@ index 0000000..0eca4ce
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -40553,7 +42501,7 @@ index 0000000..0eca4ce
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -40566,18 +42514,24 @@ index 0000000..0eca4ce
+selinux(8), setkey(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/setrans_selinux.8 b/man/man8/setrans_selinux.8
new file mode 100644
-index 0000000..274037f
+index 0000000..99b5cda
--- /dev/null
+++ b/man/man8/setrans_selinux.8
-@@ -0,0 +1,95 @@
+@@ -0,0 +1,101 @@
+.TH "setrans_selinux" "8" "setrans" "dwalsh at redhat.com" "setrans SELinux Policy documentation"
+.SH "NAME"
+setrans_selinux \- Security Enhanced Linux Policy for the setrans processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the setrans processes via flexible mandatory access
++
++SELinux Linux secures
++.B setrans
++(SELinux MLS/MCS label translation service)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -40622,7 +42576,7 @@ index 0000000..274037f
+/var/run/mcstransd\.pid, /var/run/setrans(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -40643,7 +42597,7 @@ index 0000000..274037f
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -40654,7 +42608,7 @@ index 0000000..274037f
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -40667,18 +42621,24 @@ index 0000000..274037f
+selinux(8), setrans(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/setroubleshoot_selinux.8 b/man/man8/setroubleshoot_selinux.8
new file mode 100644
-index 0000000..796de21
+index 0000000..cbed8e8
--- /dev/null
+++ b/man/man8/setroubleshoot_selinux.8
-@@ -0,0 +1,103 @@
+@@ -0,0 +1,109 @@
+.TH "setroubleshoot_selinux" "8" "setroubleshoot" "dwalsh at redhat.com" "setroubleshoot SELinux Policy documentation"
+.SH "NAME"
+setroubleshoot_selinux \- Security Enhanced Linux Policy for the setroubleshoot processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the setroubleshoot processes via flexible mandatory access
++
++SELinux Linux secures
++.B setroubleshoot
++(SELinux troubleshooting service)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -40731,7 +42691,7 @@ index 0000000..796de21
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -40752,7 +42712,7 @@ index 0000000..796de21
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -40763,7 +42723,7 @@ index 0000000..796de21
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -40776,7 +42736,7 @@ index 0000000..796de21
+selinux(8), setroubleshoot(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/setroubleshootd_selinux.8 b/man/man8/setroubleshootd_selinux.8
new file mode 100644
-index 0000000..2715192
+index 0000000..37c59bb
--- /dev/null
+++ b/man/man8/setroubleshootd_selinux.8
@@ -0,0 +1,71 @@
@@ -40785,8 +42745,8 @@ index 0000000..2715192
+setroubleshootd_selinux \- Security Enhanced Linux Policy for the setroubleshootd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the setroubleshootd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -40808,7 +42768,7 @@ index 0000000..2715192
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -40829,7 +42789,7 @@ index 0000000..2715192
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -40840,7 +42800,7 @@ index 0000000..2715192
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -40853,7 +42813,7 @@ index 0000000..2715192
+selinux(8), setroubleshootd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/setsebool_selinux.8 b/man/man8/setsebool_selinux.8
new file mode 100644
-index 0000000..eaa6e4b
+index 0000000..0b850e8
--- /dev/null
+++ b/man/man8/setsebool_selinux.8
@@ -0,0 +1,71 @@
@@ -40862,8 +42822,8 @@ index 0000000..eaa6e4b
+setsebool_selinux \- Security Enhanced Linux Policy for the setsebool processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the setsebool processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -40885,7 +42845,7 @@ index 0000000..eaa6e4b
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -40906,7 +42866,7 @@ index 0000000..eaa6e4b
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -40917,7 +42877,7 @@ index 0000000..eaa6e4b
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -40930,18 +42890,24 @@ index 0000000..eaa6e4b
+selinux(8), setsebool(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/sge_selinux.8 b/man/man8/sge_selinux.8
new file mode 100644
-index 0000000..d7633d0
+index 0000000..636d762
--- /dev/null
+++ b/man/man8/sge_selinux.8
-@@ -0,0 +1,118 @@
+@@ -0,0 +1,124 @@
+.TH "sge_selinux" "8" "sge" "dwalsh at redhat.com" "sge SELinux Policy documentation"
+.SH "NAME"
+sge_selinux \- Security Enhanced Linux Policy for the sge processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sge processes via flexible mandatory access
++
++SELinux Linux secures
++.B sge
++(Policy for gridengine MPI jobs)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. sge policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sge with the tightest access possible.
+
@@ -41005,7 +42971,7 @@ index 0000000..d7633d0
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -41026,7 +42992,7 @@ index 0000000..d7633d0
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -41037,7 +43003,7 @@ index 0000000..d7633d0
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -41055,18 +43021,24 @@ index 0000000..d7633d0
\ No newline at end of file
diff --git a/man/man8/shorewall_selinux.8 b/man/man8/shorewall_selinux.8
new file mode 100644
-index 0000000..876ab3a
+index 0000000..b02195e
--- /dev/null
+++ b/man/man8/shorewall_selinux.8
-@@ -0,0 +1,135 @@
+@@ -0,0 +1,141 @@
+.TH "shorewall_selinux" "8" "shorewall" "dwalsh at redhat.com" "shorewall SELinux Policy documentation"
+.SH "NAME"
+shorewall_selinux \- Security Enhanced Linux Policy for the shorewall processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the shorewall processes via flexible mandatory access
++
++SELinux Linux secures
++.B shorewall
++(Shoreline Firewall high-level tool for configuring netfilter)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -41151,7 +43123,7 @@ index 0000000..876ab3a
+/var/lib/shorewall-lite(/.*)?, /var/lib/shorewall(/.*)?, /var/lib/shorewall6(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -41172,7 +43144,7 @@ index 0000000..876ab3a
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -41183,7 +43155,7 @@ index 0000000..876ab3a
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -41196,7 +43168,7 @@ index 0000000..876ab3a
+selinux(8), shorewall(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/showmount_selinux.8 b/man/man8/showmount_selinux.8
new file mode 100644
-index 0000000..cdba2c2
+index 0000000..df89321
--- /dev/null
+++ b/man/man8/showmount_selinux.8
@@ -0,0 +1,71 @@
@@ -41205,8 +43177,8 @@ index 0000000..cdba2c2
+showmount_selinux \- Security Enhanced Linux Policy for the showmount processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the showmount processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -41228,7 +43200,7 @@ index 0000000..cdba2c2
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -41249,7 +43221,7 @@ index 0000000..cdba2c2
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -41260,7 +43232,7 @@ index 0000000..cdba2c2
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -41273,18 +43245,24 @@ index 0000000..cdba2c2
+selinux(8), showmount(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/shutdown_selinux.8 b/man/man8/shutdown_selinux.8
new file mode 100644
-index 0000000..7a73e5b
+index 0000000..733dd9c
--- /dev/null
+++ b/man/man8/shutdown_selinux.8
-@@ -0,0 +1,91 @@
+@@ -0,0 +1,97 @@
+.TH "shutdown_selinux" "8" "shutdown" "dwalsh at redhat.com" "shutdown SELinux Policy documentation"
+.SH "NAME"
+shutdown_selinux \- Security Enhanced Linux Policy for the shutdown processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the shutdown processes via flexible mandatory access
++
++SELinux Linux secures
++.B shutdown
++(System shutdown command)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -41325,7 +43303,7 @@ index 0000000..7a73e5b
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -41346,7 +43324,7 @@ index 0000000..7a73e5b
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -41357,7 +43335,7 @@ index 0000000..7a73e5b
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -41370,7 +43348,7 @@ index 0000000..7a73e5b
+selinux(8), shutdown(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/slapd_selinux.8 b/man/man8/slapd_selinux.8
new file mode 100644
-index 0000000..ef51b22
+index 0000000..4031380
--- /dev/null
+++ b/man/man8/slapd_selinux.8
@@ -0,0 +1,175 @@
@@ -41379,8 +43357,8 @@ index 0000000..ef51b22
+slapd_selinux \- Security Enhanced Linux Policy for the slapd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the slapd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -41506,7 +43484,7 @@ index 0000000..ef51b22
+/var/run/slapd\.args, /var/run/openldap(/.*)?, /var/run/slapd\.pid, /var/run/ldapi, /var/run/slapd.*
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -41527,7 +43505,7 @@ index 0000000..ef51b22
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -41538,7 +43516,7 @@ index 0000000..ef51b22
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -41551,7 +43529,7 @@ index 0000000..ef51b22
+selinux(8), slapd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/smbcontrol_selinux.8 b/man/man8/smbcontrol_selinux.8
new file mode 100644
-index 0000000..7e6b857
+index 0000000..1f4a491
--- /dev/null
+++ b/man/man8/smbcontrol_selinux.8
@@ -0,0 +1,71 @@
@@ -41560,8 +43538,8 @@ index 0000000..7e6b857
+smbcontrol_selinux \- Security Enhanced Linux Policy for the smbcontrol processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the smbcontrol processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -41583,7 +43561,7 @@ index 0000000..7e6b857
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -41604,7 +43582,7 @@ index 0000000..7e6b857
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -41615,7 +43593,7 @@ index 0000000..7e6b857
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -41628,7 +43606,7 @@ index 0000000..7e6b857
+selinux(8), smbcontrol(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/smbd_selinux.8 b/man/man8/smbd_selinux.8
new file mode 100644
-index 0000000..a00daff
+index 0000000..3a58f9a
--- /dev/null
+++ b/man/man8/smbd_selinux.8
@@ -0,0 +1,151 @@
@@ -41637,8 +43615,8 @@ index 0000000..a00daff
+smbd_selinux \- Security Enhanced Linux Policy for the smbd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the smbd processes via flexible mandatory access
-+control.
++
++
+
+.SH SHARING FILES
+If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
@@ -41651,7 +43629,7 @@ index 0000000..a00daff
+.B restorecon -F -R -v /var/smbd
+.pp
+.TP
-+Allow smbd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_smbdd_anon_write boolean to be set.
++Allow smbd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_smbd_anon_write boolean to be set.
+.PP
+.B
+semanage fcontext -a -t public_content_rw_t "/var/smbd/incoming(/.*)?"
@@ -41714,7 +43692,7 @@ index 0000000..a00daff
+/var/run/samba/gencache\.tdb, /var/run/samba/share_info\.tdb, /var/run/samba/locking\.tdb, /var/run/samba/connections\.tdb, /var/run/samba/smbd\.pid, /var/run/samba/sessionid\.tdb, /var/run/samba/brlock\.tdb
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -41758,7 +43736,7 @@ index 0000000..a00daff
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -41769,7 +43747,7 @@ index 0000000..a00daff
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -41785,7 +43763,7 @@ index 0000000..a00daff
+selinux(8), smbd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/smbmount_selinux.8 b/man/man8/smbmount_selinux.8
new file mode 100644
-index 0000000..fd0dad0
+index 0000000..e5fd258
--- /dev/null
+++ b/man/man8/smbmount_selinux.8
@@ -0,0 +1,75 @@
@@ -41794,8 +43772,8 @@ index 0000000..fd0dad0
+smbmount_selinux \- Security Enhanced Linux Policy for the smbmount processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the smbmount processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -41821,7 +43799,7 @@ index 0000000..fd0dad0
+/usr/bin/smbmnt, /usr/bin/smbmount
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -41842,7 +43820,7 @@ index 0000000..fd0dad0
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -41853,7 +43831,7 @@ index 0000000..fd0dad0
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -41866,18 +43844,24 @@ index 0000000..fd0dad0
+selinux(8), smbmount(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/smokeping_selinux.8 b/man/man8/smokeping_selinux.8
new file mode 100644
-index 0000000..1721cb0
+index 0000000..6eb81ca
--- /dev/null
+++ b/man/man8/smokeping_selinux.8
-@@ -0,0 +1,95 @@
+@@ -0,0 +1,101 @@
+.TH "smokeping_selinux" "8" "smokeping" "dwalsh at redhat.com" "smokeping SELinux Policy documentation"
+.SH "NAME"
+smokeping_selinux \- Security Enhanced Linux Policy for the smokeping processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the smokeping processes via flexible mandatory access
++
++SELinux Linux secures
++.B smokeping
++(Smokeping network latency measurement)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -41922,7 +43906,7 @@ index 0000000..1721cb0
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -41943,7 +43927,7 @@ index 0000000..1721cb0
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -41954,7 +43938,7 @@ index 0000000..1721cb0
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -41967,18 +43951,24 @@ index 0000000..1721cb0
+selinux(8), smokeping(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/smoltclient_selinux.8 b/man/man8/smoltclient_selinux.8
new file mode 100644
-index 0000000..0056ce1
+index 0000000..7290f4e
--- /dev/null
+++ b/man/man8/smoltclient_selinux.8
-@@ -0,0 +1,79 @@
+@@ -0,0 +1,85 @@
+.TH "smoltclient_selinux" "8" "smoltclient" "dwalsh at redhat.com" "smoltclient SELinux Policy documentation"
+.SH "NAME"
+smoltclient_selinux \- Security Enhanced Linux Policy for the smoltclient processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the smoltclient processes via flexible mandatory access
++
++SELinux Linux secures
++.B smoltclient
++(The Fedora hardware profiler client)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -42007,7 +43997,7 @@ index 0000000..0056ce1
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -42028,7 +44018,7 @@ index 0000000..0056ce1
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -42039,7 +44029,7 @@ index 0000000..0056ce1
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -42052,7 +44042,7 @@ index 0000000..0056ce1
+selinux(8), smoltclient(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/snmpd_selinux.8 b/man/man8/snmpd_selinux.8
new file mode 100644
-index 0000000..3de1dc2
+index 0000000..ce8506a
--- /dev/null
+++ b/man/man8/snmpd_selinux.8
@@ -0,0 +1,141 @@
@@ -42061,8 +44051,8 @@ index 0000000..3de1dc2
+snmpd_selinux \- Security Enhanced Linux Policy for the snmpd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the snmpd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -42128,7 +44118,7 @@ index 0000000..3de1dc2
+/var/run/net-snmpd(/.*)?, /var/run/snmpd\.pid, /var/run/snmpd(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -42172,7 +44162,7 @@ index 0000000..3de1dc2
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -42183,7 +44173,7 @@ index 0000000..3de1dc2
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -42199,18 +44189,24 @@ index 0000000..3de1dc2
+selinux(8), snmpd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/snort_selinux.8 b/man/man8/snort_selinux.8
new file mode 100644
-index 0000000..963f850
+index 0000000..4a3cd80
--- /dev/null
+++ b/man/man8/snort_selinux.8
-@@ -0,0 +1,115 @@
+@@ -0,0 +1,121 @@
+.TH "snort_selinux" "8" "snort" "dwalsh at redhat.com" "snort SELinux Policy documentation"
+.SH "NAME"
+snort_selinux \- Security Enhanced Linux Policy for the snort processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the snort processes via flexible mandatory access
++
++SELinux Linux secures
++.B snort
++(Snort network intrusion detection system)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -42275,7 +44271,7 @@ index 0000000..963f850
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -42296,7 +44292,7 @@ index 0000000..963f850
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -42307,7 +44303,7 @@ index 0000000..963f850
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -42320,18 +44316,24 @@ index 0000000..963f850
+selinux(8), snort(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/sosreport_selinux.8 b/man/man8/sosreport_selinux.8
new file mode 100644
-index 0000000..83ad6fb
+index 0000000..d92aa21
--- /dev/null
+++ b/man/man8/sosreport_selinux.8
-@@ -0,0 +1,87 @@
+@@ -0,0 +1,93 @@
+.TH "sosreport_selinux" "8" "sosreport" "dwalsh at redhat.com" "sosreport SELinux Policy documentation"
+.SH "NAME"
+sosreport_selinux \- Security Enhanced Linux Policy for the sosreport processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sosreport processes via flexible mandatory access
++
++SELinux Linux secures
++.B sosreport
++(sosreport - Generate debugging information for system)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -42368,7 +44370,7 @@ index 0000000..83ad6fb
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -42389,7 +44391,7 @@ index 0000000..83ad6fb
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -42400,7 +44402,7 @@ index 0000000..83ad6fb
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -42413,7 +44415,7 @@ index 0000000..83ad6fb
+selinux(8), sosreport(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/soundd_selinux.8 b/man/man8/soundd_selinux.8
new file mode 100644
-index 0000000..2453feb
+index 0000000..4c912c3
--- /dev/null
+++ b/man/man8/soundd_selinux.8
@@ -0,0 +1,157 @@
@@ -42422,8 +44424,8 @@ index 0000000..2453feb
+soundd_selinux \- Security Enhanced Linux Policy for the soundd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the soundd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -42505,7 +44507,7 @@ index 0000000..2453feb
+/var/run/nasd(/.*)?, /var/run/yiff-[0-9]+\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -42549,7 +44551,7 @@ index 0000000..2453feb
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -42560,7 +44562,7 @@ index 0000000..2453feb
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -42576,7 +44578,7 @@ index 0000000..2453feb
+selinux(8), soundd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/spamass_selinux.8 b/man/man8/spamass_selinux.8
new file mode 100644
-index 0000000..aa543a3
+index 0000000..3285cb1
--- /dev/null
+++ b/man/man8/spamass_selinux.8
@@ -0,0 +1,106 @@
@@ -42585,8 +44587,8 @@ index 0000000..aa543a3
+spamass_selinux \- Security Enhanced Linux Policy for the spamass processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the spamass processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. spamass policy is extremely flexible and has several booleans that allow you to manipulate the policy and run spamass with the tightest access possible.
@@ -42639,7 +44641,7 @@ index 0000000..aa543a3
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -42660,7 +44662,7 @@ index 0000000..aa543a3
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -42671,7 +44673,7 @@ index 0000000..aa543a3
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -42689,17 +44691,17 @@ index 0000000..aa543a3
\ No newline at end of file
diff --git a/man/man8/spamc_selinux.8 b/man/man8/spamc_selinux.8
new file mode 100644
-index 0000000..d4139a8
+index 0000000..3be61d7
--- /dev/null
+++ b/man/man8/spamc_selinux.8
-@@ -0,0 +1,91 @@
+@@ -0,0 +1,95 @@
+.TH "spamc_selinux" "8" "spamc" "dwalsh at redhat.com" "spamc SELinux Policy documentation"
+.SH "NAME"
+spamc_selinux \- Security Enhanced Linux Policy for the spamc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the spamc processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -42722,7 +44724,7 @@ index 0000000..d4139a8
+.br
+.TP 5
+Paths:
-+/usr/bin/spamc, /usr/bin/sa-learn, /usr/bin/spamassassin
++/usr/bin/spamc, /usr/bin/razor.*, /usr/bin/sa-learn, /usr/bin/spamassassin
+
+.EX
+.PP
@@ -42731,6 +44733,10 @@ index 0000000..d4139a8
+
+- Set files with the spamc_home_t type, if you want to store spamc files in the users home directory.
+
++.br
++.TP 5
++Paths:
++/root/\.razor(/.*)?, /root/\.spamassassin(/.*)?
+
+.EX
+.PP
@@ -42741,7 +44747,7 @@ index 0000000..d4139a8
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -42762,7 +44768,7 @@ index 0000000..d4139a8
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -42773,7 +44779,7 @@ index 0000000..d4139a8
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -42786,17 +44792,17 @@ index 0000000..d4139a8
+selinux(8), spamc(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/spamd_selinux.8 b/man/man8/spamd_selinux.8
new file mode 100644
-index 0000000..3d6bb91
+index 0000000..cb40498
--- /dev/null
+++ b/man/man8/spamd_selinux.8
-@@ -0,0 +1,218 @@
+@@ -0,0 +1,222 @@
+.TH "spamd_selinux" "8" "spamd" "dwalsh at redhat.com" "spamd SELinux Policy documentation"
+.SH "NAME"
+spamd_selinux \- Security Enhanced Linux Policy for the spamd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the spamd processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. spamd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run spamd with the tightest access possible.
@@ -42884,7 +44890,7 @@ index 0000000..3d6bb91
+.br
+.TP 5
+Paths:
-+/var/log/spamd\.log, /var/log/mimedefang
++/var/log/razor-agent\.log, /var/log/spamd\.log, /var/log/mimedefang
+
+.EX
+.PP
@@ -42921,6 +44927,10 @@ index 0000000..3d6bb91
+
+- Set files with the spamd_var_lib_t type, if you want to store the spamd files under the /var/lib directory.
+
++.br
++.TP 5
++Paths:
++/var/lib/spamassassin(/.*)?, /var/lib/razor(/.*)?
+
+.EX
+.PP
@@ -42935,7 +44945,7 @@ index 0000000..3d6bb91
+/var/run/spamassassin(/.*)?, /var/spool/MIMEDefang(/.*)?, /var/spool/MD-Quarantine(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -42979,7 +44989,7 @@ index 0000000..3d6bb91
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -42990,7 +45000,7 @@ index 0000000..3d6bb91
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -43011,18 +45021,24 @@ index 0000000..3d6bb91
\ No newline at end of file
diff --git a/man/man8/squid_selinux.8 b/man/man8/squid_selinux.8
new file mode 100644
-index 0000000..104476c
+index 0000000..5d1acc2
--- /dev/null
+++ b/man/man8/squid_selinux.8
-@@ -0,0 +1,179 @@
+@@ -0,0 +1,185 @@
+.TH "squid_selinux" "8" "squid" "dwalsh at redhat.com" "squid SELinux Policy documentation"
+.SH "NAME"
+squid_selinux \- Security Enhanced Linux Policy for the squid processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the squid processes via flexible mandatory access
++
++SELinux Linux secures
++.B squid
++(Squid caching http proxy server)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. squid policy is extremely flexible and has several booleans that allow you to manipulate the policy and run squid with the tightest access possible.
+
@@ -43121,7 +45137,7 @@ index 0000000..104476c
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -43165,7 +45181,7 @@ index 0000000..104476c
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -43176,7 +45192,7 @@ index 0000000..104476c
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -43197,7 +45213,7 @@ index 0000000..104476c
\ No newline at end of file
diff --git a/man/man8/srvsvcd_selinux.8 b/man/man8/srvsvcd_selinux.8
new file mode 100644
-index 0000000..b3bfe90
+index 0000000..036f028
--- /dev/null
+++ b/man/man8/srvsvcd_selinux.8
@@ -0,0 +1,95 @@
@@ -43206,8 +45222,8 @@ index 0000000..b3bfe90
+srvsvcd_selinux \- Security Enhanced Linux Policy for the srvsvcd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the srvsvcd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -43253,7 +45269,7 @@ index 0000000..b3bfe90
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -43274,7 +45290,7 @@ index 0000000..b3bfe90
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -43285,7 +45301,7 @@ index 0000000..b3bfe90
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -43298,18 +45314,24 @@ index 0000000..b3bfe90
+selinux(8), srvsvcd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ssh_selinux.8 b/man/man8/ssh_selinux.8
new file mode 100644
-index 0000000..5fbe8ec
+index 0000000..06fec85
--- /dev/null
+++ b/man/man8/ssh_selinux.8
-@@ -0,0 +1,248 @@
+@@ -0,0 +1,254 @@
+.TH "ssh_selinux" "8" "ssh" "dwalsh at redhat.com" "ssh SELinux Policy documentation"
+.SH "NAME"
+ssh_selinux \- Security Enhanced Linux Policy for the ssh processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ssh processes via flexible mandatory access
++
++SELinux Linux secures
++.B ssh
++(Secure shell client and server policy)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. ssh policy is extremely flexible and has several booleans that allow you to manipulate the policy and run ssh with the tightest access possible.
+
@@ -43446,7 +45468,7 @@ index 0000000..5fbe8ec
+.br
+.TP 5
+Paths:
-+/etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/primes
++/etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_rsa_key.pub, /etc/ssh/ssh_host_dsa_key.pub, /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key, /etc/ssh/primes
+
+.EX
+.PP
@@ -43477,7 +45499,7 @@ index 0000000..5fbe8ec
+/var/run/sshd\.pid, /var/run/sshd\.init\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -43521,7 +45543,7 @@ index 0000000..5fbe8ec
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -43532,7 +45554,7 @@ index 0000000..5fbe8ec
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -43553,7 +45575,7 @@ index 0000000..5fbe8ec
\ No newline at end of file
diff --git a/man/man8/sshd_selinux.8 b/man/man8/sshd_selinux.8
new file mode 100644
-index 0000000..cb97a44
+index 0000000..e78fd6d
--- /dev/null
+++ b/man/man8/sshd_selinux.8
@@ -0,0 +1,188 @@
@@ -43562,8 +45584,8 @@ index 0000000..cb97a44
+sshd_selinux \- Security Enhanced Linux Policy for the sshd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sshd processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. sshd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sshd with the tightest access possible.
@@ -43641,7 +45663,7 @@ index 0000000..cb97a44
+.br
+.TP 5
+Paths:
-+/etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/primes
++/etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_rsa_key.pub, /etc/ssh/ssh_host_dsa_key.pub, /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key, /etc/ssh/primes
+
+.EX
+.PP
@@ -43672,7 +45694,7 @@ index 0000000..cb97a44
+/var/run/sshd\.pid, /var/run/sshd\.init\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -43716,7 +45738,7 @@ index 0000000..cb97a44
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -43727,7 +45749,7 @@ index 0000000..cb97a44
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -43748,18 +45770,24 @@ index 0000000..cb97a44
\ No newline at end of file
diff --git a/man/man8/sssd_selinux.8 b/man/man8/sssd_selinux.8
new file mode 100644
-index 0000000..f84f89e
+index 0000000..d9a7d4a
--- /dev/null
+++ b/man/man8/sssd_selinux.8
-@@ -0,0 +1,111 @@
+@@ -0,0 +1,117 @@
+.TH "sssd_selinux" "8" "sssd" "dwalsh at redhat.com" "sssd SELinux Policy documentation"
+.SH "NAME"
+sssd_selinux \- Security Enhanced Linux Policy for the sssd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sssd processes via flexible mandatory access
++
++SELinux Linux secures
++.B sssd
++(System Security Services Daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -43820,7 +45848,7 @@ index 0000000..f84f89e
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -43841,7 +45869,7 @@ index 0000000..f84f89e
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -43852,7 +45880,7 @@ index 0000000..f84f89e
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -43863,20 +45891,276 @@ index 0000000..f84f89e
+
+.SH "SEE ALSO"
+selinux(8), sssd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/staff_selinux.8 b/man/man8/staff_selinux.8
+new file mode 100644
+index 0000000..039dc00
+--- /dev/null
++++ b/man/man8/staff_selinux.8
+@@ -0,0 +1,244 @@
++.TH "staff_selinux" "8" "staff" "mgrepl at redhat.com" "staff SELinux Policy documentation"
++.SH "NAME"
++staff_u \- \fBAdministrator's unprivileged user role\fP - Security Enhanced Linux Policy
++
++.SH DESCRIPTION
++
++\fBstaff_u\fP is an SELinux User defined in the SELinux
++policy. SELinux users have default roles, \fBstaff_r\fP. The
++default role has a default type, \fBstaff_t\fP, associated with it.
++
++The SELinux user will usually login to a system with a context that looks like:
++
++.B staff_u:staff_r:staff_u:s0-s0:c0.c1023
++
++Linux users are automatically assigned an SELinux users at login.
++Login programs use the SELinux User to assign initial context to the user's shell.
++
++SELinux policy uses the context to control the user's access.
++
++By default all users are assigned to the SELinux user via the \fB__default__\fP flag
++
++On Targeted policy systems the \fB__default__\fP user is assigned to the \fBunconfined_u\fP SELinux user.
++
++You can list all Linux User to SELinux user mapping using:
++
++.B semanage login -l
++
++If you wanted to change the default user mapping to use the staff_u user, you would execute:
++
++.B semanage login -m -s staff_u __default__
++
++
++If you want to map the one Linux user (joe) to the SELinux user staff, you would execute:
++
++.B $ semanage login -a -s staff_u joe
++
++
++.SH USER DESCRIPTION
++
++The SELinux user staff_u is defined in policy as a unprivileged user. SELinux prevents unprivileged users from doing administration tasks without transitioning to a different role.
++
++.SH SUDO
++
++The SELinux user staff can execute sudo.
++
++You can set up sudo to allow staff to transition to an administrative domain:
++
++Add one or more of the following record to sudoers using visudo.
++
++
++USERNAME ALL=(ALL) ROLE=ftpadmin_r TYPE=ftpadmin_t COMMAND
++.br
++sudo will run COMMAND as staff_u:ftpadmin_r:ftpadmin_t:LEVEL
++
++USERNAME ALL=(ALL) ROLE=auditadm_r TYPE=auditadm_t COMMAND
++.br
++sudo will run COMMAND as staff_u:auditadm_r:auditadm_t:LEVEL
++
++USERNAME ALL=(ALL) ROLE=dbadm_r TYPE=dbadm_t COMMAND
++.br
++sudo will run COMMAND as staff_u:dbadm_r:dbadm_t:LEVEL
++
++USERNAME ALL=(ALL) ROLE=logadm_r TYPE=logadm_t COMMAND
++.br
++sudo will run COMMAND as staff_u:logadm_r:logadm_t:LEVEL
++
++USERNAME ALL=(ALL) ROLE=secadm_r TYPE=secadm_t COMMAND
++.br
++sudo will run COMMAND as staff_u:secadm_r:secadm_t:LEVEL
++
++USERNAME ALL=(ALL) ROLE=sysadm_r TYPE=sysadm_t COMMAND
++.br
++sudo will run COMMAND as staff_u:sysadm_r:sysadm_t:LEVEL
++
++USERNAME ALL=(ALL) ROLE=unconfined_r TYPE=unconfined_t COMMAND
++.br
++sudo will run COMMAND as staff_u:unconfined_r:unconfined_t:LEVEL
++
++USERNAME ALL=(ALL) ROLE=webadm_r TYPE=webadm_t COMMAND
++.br
++sudo will run COMMAND as staff_u:webadm_r:webadm_t:LEVEL
++
++You might also need to add one or more of these new roles to your SELinux user record.
++
++List the SELinux roles your SELinux user can reach by executing:
++
++.B $ semanage user -l |grep selinux_name
++
++Modify the roles list and add staff_r to this list.
++
++.B $ semanage user -m -R 'staff_r ftpadmin_r auditadm_r dbadm_r logadm_r secadm_r sysadm_r unconfined_r webadm_r' staff_u
++
++For more details you can see semanage man page.
++
++
++.SH X WINDOWS LOGIN
++
++The SELinux user staff_u is able to X Windows login.
++
++.SH TERMINAL LOGIN
++
++The SELinux user staff_u is able to terminal login.
++
++.SH NETWORK
++
++.TP
++The SELinux user staff_u is able to listen on the following tcp ports.
++
++.B xserver_port_t: 6000-6020
++
++.TP
++The SELinux user staff_u is able to listen on the following udp ports.
++
++.B all ports with out defined types
++
++.TP
++The SELinux user staff_u is able to connect to the following tcp ports.
++
++.B all ports
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. staff_t policy is extremely flexible and has several booleans that allow you to manipulate the policy and run staff_t with the tightest access possible.
++
++
++.PP
++If you want to allow users to connect to the local mysql server, you must turn on the allow_user_mysql_connect boolean.
++
++.EX
++.B setsebool -P allow_user_mysql_connect 1
++.EE
++
++.PP
++If you want to control users use of ping and traceroute, you must turn on the user_ping boolean.
++
++.EX
++.B setsebool -P user_ping 1
++.EE
++
++.PP
++If you want to allow w to display everyone, you must turn on the user_ttyfile_stat boolean.
++
++.EX
++.B setsebool -P user_ttyfile_stat 1
++.EE
++
++.PP
++If you want to allow user music sharing, you must turn on the user_share_music boolean.
++
++.EX
++.B setsebool -P user_share_music 1
++.EE
++
++.PP
++If you want to allow regular users direct dri device access, you must turn on the user_direct_dri boolean.
++
++.EX
++.B setsebool -P user_direct_dri 1
++.EE
++
++.PP
++If you want to allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY), you must turn on the user_rw_noexattrfile boolean.
++
++.EX
++.B setsebool -P user_rw_noexattrfile 1
++.EE
++
++.PP
++If you want to allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols, you must turn on the user_tcp_server boolean.
++
++.EX
++.B setsebool -P user_tcp_server 1
++.EE
++
++.PP
++If you want to allow regular users direct mouse access, you must turn on the user_direct_mouse boolean.
++
++.EX
++.B setsebool -P user_direct_mouse 1
++.EE
++
++.PP
++If you want to allow user processes to change their priority, you must turn on the user_setrlimit boolean.
++
++.EX
++.B setsebool -P user_setrlimit 1
++.EE
++
++.PP
++If you want to allow users to connect to PostgreSQL, you must turn on the allow_user_postgresql_connect boolean.
++
++.EX
++.B setsebool -P allow_user_postgresql_connect 1
++.EE
++
++.PP
++If you want to allow users to read system messages, you must turn on the user_dmesg boolean.
++
++.EX
++.B setsebool -P user_dmesg 1
++.EE
++
++.SH HOME_EXEC
++
++The SELinux user staff_u is able execute home content files.
++
++.SH TRANSITIONS
++
++Three things can happen when staff_t attempts to execute a program.
++
++\fB1.\fP SELinux Policy can deny staff_t from executing the program.
++
++.TP
++
++\fB2.\fP SELinux Policy can allow staff_t to execute the program in the current user type.
++
++Execute the following to see the types that the SELinux user staff_t can execute without transitioning:
++
++.B sesearch -A -s staff_t -c file -p execute_no_trans
++
++.TP
++
++\fB3.\fP SELinux can allow staff_t to execute the program and transition to a new type.
++
++Execute the following to see the types that the SELinux user staff_t can execute and transition:
++
++.B $ sesearch -A -s staff_t -c process -p transition
++
++
++.SH "COMMANDS"
++
++.B semanage login
++can also be used to manipulate the Linux User to SELinux User mappings
++
++.B semanage user
++can also be used to manipulate SELinux user definitions.
++
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was autogenerated by genuserman.py.
++
++.SH "SEE ALSO"
++selinux(8), semanage(8).
diff --git a/man/man8/stunnel_selinux.8 b/man/man8/stunnel_selinux.8
new file mode 100644
-index 0000000..dc17b67
+index 0000000..0af68a0
--- /dev/null
+++ b/man/man8/stunnel_selinux.8
-@@ -0,0 +1,125 @@
+@@ -0,0 +1,131 @@
+.TH "stunnel_selinux" "8" "stunnel" "dwalsh at redhat.com" "stunnel SELinux Policy documentation"
+.SH "NAME"
+stunnel_selinux \- Security Enhanced Linux Policy for the stunnel processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the stunnel processes via flexible mandatory access
++
++SELinux Linux secures
++.B stunnel
++(SSL Tunneling Proxy)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -43925,7 +46209,7 @@ index 0000000..dc17b67
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -43969,7 +46253,7 @@ index 0000000..dc17b67
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -43980,7 +46264,7 @@ index 0000000..dc17b67
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -43996,7 +46280,7 @@ index 0000000..dc17b67
+selinux(8), stunnel(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/sulogin_selinux.8 b/man/man8/sulogin_selinux.8
new file mode 100644
-index 0000000..0412cfa
+index 0000000..6cff947
--- /dev/null
+++ b/man/man8/sulogin_selinux.8
@@ -0,0 +1,75 @@
@@ -44005,8 +46289,8 @@ index 0000000..0412cfa
+sulogin_selinux \- Security Enhanced Linux Policy for the sulogin processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sulogin processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -44032,7 +46316,7 @@ index 0000000..0412cfa
+/usr/sbin/sushell, /sbin/sulogin, /usr/sbin/sulogin, /sbin/sushell
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -44053,7 +46337,7 @@ index 0000000..0412cfa
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -44064,7 +46348,7 @@ index 0000000..0412cfa
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -44077,7 +46361,7 @@ index 0000000..0412cfa
+selinux(8), sulogin(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/svc_selinux.8 b/man/man8/svc_selinux.8
new file mode 100644
-index 0000000..7267256
+index 0000000..1c06ece
--- /dev/null
+++ b/man/man8/svc_selinux.8
@@ -0,0 +1,127 @@
@@ -44086,8 +46370,8 @@ index 0000000..7267256
+svc_selinux \- Security Enhanced Linux Policy for the svc processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the svc processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -44165,7 +46449,7 @@ index 0000000..7267256
+/service, /var/tinydns(/.*)?, /service/.*, /var/service/.*, /var/qmail/supervise(/.*)?, /var/dnscache(/.*)?, /var/axfrdns(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -44186,7 +46470,7 @@ index 0000000..7267256
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -44197,7 +46481,7 @@ index 0000000..7267256
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -44210,7 +46494,7 @@ index 0000000..7267256
+selinux(8), svc(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/swat_selinux.8 b/man/man8/swat_selinux.8
new file mode 100644
-index 0000000..862df94
+index 0000000..bd9a083
--- /dev/null
+++ b/man/man8/swat_selinux.8
@@ -0,0 +1,113 @@
@@ -44219,8 +46503,8 @@ index 0000000..862df94
+swat_selinux \- Security Enhanced Linux Policy for the swat processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the swat processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -44258,7 +46542,7 @@ index 0000000..862df94
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -44302,7 +46586,7 @@ index 0000000..862df94
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -44313,7 +46597,7 @@ index 0000000..862df94
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -44327,9 +46611,245 @@ index 0000000..862df94
+
+.SH "SEE ALSO"
+selinux(8), swat(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/sysadm_selinux.8 b/man/man8/sysadm_selinux.8
+new file mode 100644
+index 0000000..679f836
+--- /dev/null
++++ b/man/man8/sysadm_selinux.8
+@@ -0,0 +1,230 @@
++.TH "sysadm_selinux" "8" "sysadm" "mgrepl at redhat.com" "sysadm SELinux Policy documentation"
++.SH "NAME"
++sysadm_u \- \fBGeneral system administration role\fP - Security Enhanced Linux Policy
++
++.SH DESCRIPTION
++
++\fBsysadm_u\fP is an SELinux User defined in the SELinux
++policy. SELinux users have default roles, \fBsysadm_r\fP. The
++default role has a default type, \fBsysadm_t\fP, associated with it.
++
++The SELinux user will usually login to a system with a context that looks like:
++
++.B sysadm_u:sysadm_r:sysadm_u:s0-s0:c0.c1023
++
++Linux users are automatically assigned an SELinux users at login.
++Login programs use the SELinux User to assign initial context to the user's shell.
++
++SELinux policy uses the context to control the user's access.
++
++By default all users are assigned to the SELinux user via the \fB__default__\fP flag
++
++On Targeted policy systems the \fB__default__\fP user is assigned to the \fBunconfined_u\fP SELinux user.
++
++You can list all Linux User to SELinux user mapping using:
++
++.B semanage login -l
++
++If you wanted to change the default user mapping to use the sysadm_u user, you would execute:
++
++.B semanage login -m -s sysadm_u __default__
++
++
++If you want to map the one Linux user (joe) to the SELinux user sysadm, you would execute:
++
++.B $ semanage login -a -s sysadm_u joe
++
++
++.SH USER DESCRIPTION
++
++The SELinux user sysadm_u is an admin user. It means that a mapped Linux user to this SELinux user is intended for administrative actions. Usually this is assigned to a root Linux user.
++
++.SH SUDO
++
++The SELinux user sysadm can execute sudo.
++
++You can set up sudo to allow sysadm to transition to an administrative domain:
++
++Add one or more of the following record to sudoers using visudo.
++
++
++USERNAME ALL=(ALL) ROLE=auditadm_r TYPE=auditadm_t COMMAND
++.br
++sudo will run COMMAND as sysadm_u:auditadm_r:auditadm_t:LEVEL
++
++USERNAME ALL=(ALL) ROLE=secadm_r TYPE=secadm_t COMMAND
++.br
++sudo will run COMMAND as sysadm_u:secadm_r:secadm_t:LEVEL
++
++USERNAME ALL=(ALL) ROLE=staff_r TYPE=staff_t COMMAND
++.br
++sudo will run COMMAND as sysadm_u:staff_r:staff_t:LEVEL
++
++USERNAME ALL=(ALL) ROLE=user_r TYPE=user_t COMMAND
++.br
++sudo will run COMMAND as sysadm_u:user_r:user_t:LEVEL
++
++You might also need to add one or more of these new roles to your SELinux user record.
++
++List the SELinux roles your SELinux user can reach by executing:
++
++.B $ semanage user -l |grep selinux_name
++
++Modify the roles list and add sysadm_r to this list.
++
++.B $ semanage user -m -R 'sysadm_r auditadm_r secadm_r staff_r user_r' sysadm_u
++
++For more details you can see semanage man page.
++
++
++.SH X WINDOWS LOGIN
++
++The SELinux user sysadm_u is able to X Windows login.
++
++.SH TERMINAL LOGIN
++
++The SELinux user sysadm_u is able to terminal login.
++
++.SH NETWORK
++
++.TP
++The SELinux user sysadm_u is able to listen on the following tcp ports.
++
++.B all ports with out defined types
++
++.TP
++The SELinux user sysadm_u is able to listen on the following udp ports.
++
++.B ntp_port_t: 123
++
++.B all ports with out defined types
++
++.TP
++The SELinux user sysadm_u is able to connect to the following tcp ports.
++
++.B all ports
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. sysadm_t policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sysadm_t with the tightest access possible.
++
++
++.PP
++If you want to allow users to connect to the local mysql server, you must turn on the allow_user_mysql_connect boolean.
++
++.EX
++.B setsebool -P allow_user_mysql_connect 1
++.EE
++
++.PP
++If you want to control users use of ping and traceroute, you must turn on the user_ping boolean.
++
++.EX
++.B setsebool -P user_ping 1
++.EE
++
++.PP
++If you want to allow w to display everyone, you must turn on the user_ttyfile_stat boolean.
++
++.EX
++.B setsebool -P user_ttyfile_stat 1
++.EE
++
++.PP
++If you want to allow user music sharing, you must turn on the user_share_music boolean.
++
++.EX
++.B setsebool -P user_share_music 1
++.EE
++
++.PP
++If you want to allow regular users direct dri device access, you must turn on the user_direct_dri boolean.
++
++.EX
++.B setsebool -P user_direct_dri 1
++.EE
++
++.PP
++If you want to allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY), you must turn on the user_rw_noexattrfile boolean.
++
++.EX
++.B setsebool -P user_rw_noexattrfile 1
++.EE
++
++.PP
++If you want to allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols, you must turn on the user_tcp_server boolean.
++
++.EX
++.B setsebool -P user_tcp_server 1
++.EE
++
++.PP
++If you want to allow regular users direct mouse access, you must turn on the user_direct_mouse boolean.
++
++.EX
++.B setsebool -P user_direct_mouse 1
++.EE
++
++.PP
++If you want to allow user processes to change their priority, you must turn on the user_setrlimit boolean.
++
++.EX
++.B setsebool -P user_setrlimit 1
++.EE
++
++.PP
++If you want to allow users to connect to PostgreSQL, you must turn on the allow_user_postgresql_connect boolean.
++
++.EX
++.B setsebool -P allow_user_postgresql_connect 1
++.EE
++
++.PP
++If you want to allow users to read system messages, you must turn on the user_dmesg boolean.
++
++.EX
++.B setsebool -P user_dmesg 1
++.EE
++
++.SH HOME_EXEC
++
++The SELinux user sysadm_u is able execute home content files.
++
++.SH TRANSITIONS
++
++Three things can happen when sysadm_t attempts to execute a program.
++
++\fB1.\fP SELinux Policy can deny sysadm_t from executing the program.
++
++.TP
++
++\fB2.\fP SELinux Policy can allow sysadm_t to execute the program in the current user type.
++
++Execute the following to see the types that the SELinux user sysadm_t can execute without transitioning:
++
++.B sesearch -A -s sysadm_t -c file -p execute_no_trans
++
++.TP
++
++\fB3.\fP SELinux can allow sysadm_t to execute the program and transition to a new type.
++
++Execute the following to see the types that the SELinux user sysadm_t can execute and transition:
++
++.B $ sesearch -A -s sysadm_t -c process -p transition
++
++
++.SH "COMMANDS"
++
++.B semanage login
++can also be used to manipulate the Linux User to SELinux User mappings
++
++.B semanage user
++can also be used to manipulate SELinux user definitions.
++
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was autogenerated by genuserman.py.
++
++.SH "SEE ALSO"
++selinux(8), semanage(8).
diff --git a/man/man8/syslogd_selinux.8 b/man/man8/syslogd_selinux.8
new file mode 100644
-index 0000000..1459cdc
+index 0000000..77cc3b7
--- /dev/null
+++ b/man/man8/syslogd_selinux.8
@@ -0,0 +1,170 @@
@@ -44338,8 +46858,8 @@ index 0000000..1459cdc
+syslogd_selinux \- Security Enhanced Linux Policy for the syslogd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the syslogd processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. syslogd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run syslogd with the tightest access possible.
@@ -44430,7 +46950,7 @@ index 0000000..1459cdc
+/var/log/syslog-ng(/.*)?, /var/run/syslog-ng(/.*)?, /var/run/metalog\.pid, /var/run/syslogd\.pid, /var/run/log(/.*)?, /var/run/syslog-ng.ctl
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -44474,7 +46994,7 @@ index 0000000..1459cdc
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -44485,7 +47005,7 @@ index 0000000..1459cdc
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -44506,18 +47026,24 @@ index 0000000..1459cdc
\ No newline at end of file
diff --git a/man/man8/sysstat_selinux.8 b/man/man8/sysstat_selinux.8
new file mode 100644
-index 0000000..5ccf806
+index 0000000..79ea311
--- /dev/null
+++ b/man/man8/sysstat_selinux.8
-@@ -0,0 +1,87 @@
+@@ -0,0 +1,93 @@
+.TH "sysstat_selinux" "8" "sysstat" "dwalsh at redhat.com" "sysstat SELinux Policy documentation"
+.SH "NAME"
+sysstat_selinux \- Security Enhanced Linux Policy for the sysstat processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sysstat processes via flexible mandatory access
++
++SELinux Linux secures
++.B sysstat
++(Policy for sysstat. Reports on various system states)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -44554,7 +47080,7 @@ index 0000000..5ccf806
+/var/log/sysstat(/.*)?, /var/log/sa(/.*)?, /var/log/atsar(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -44575,7 +47101,7 @@ index 0000000..5ccf806
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -44586,7 +47112,7 @@ index 0000000..5ccf806
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -44599,7 +47125,7 @@ index 0000000..5ccf806
+selinux(8), sysstat(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/system_selinux.8 b/man/man8/system_selinux.8
new file mode 100644
-index 0000000..29bd641
+index 0000000..3f66d2d
--- /dev/null
+++ b/man/man8/system_selinux.8
@@ -0,0 +1,339 @@
@@ -44608,8 +47134,8 @@ index 0000000..29bd641
+system_selinux \- Security Enhanced Linux Policy for the system processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the system processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. system policy is extremely flexible and has several booleans that allow you to manipulate the policy and run system with the tightest access possible.
@@ -44895,7 +47421,7 @@ index 0000000..29bd641
+/usr/lib/systemd/system(/.*)?, /lib/systemd/system(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -44916,7 +47442,7 @@ index 0000000..29bd641
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -44927,7 +47453,7 @@ index 0000000..29bd641
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -44945,18 +47471,24 @@ index 0000000..29bd641
\ No newline at end of file
diff --git a/man/man8/systemd_selinux.8 b/man/man8/systemd_selinux.8
new file mode 100644
-index 0000000..f3ff4b1
+index 0000000..bea5a02
--- /dev/null
+++ b/man/man8/systemd_selinux.8
-@@ -0,0 +1,215 @@
+@@ -0,0 +1,221 @@
+.TH "systemd_selinux" "8" "systemd" "dwalsh at redhat.com" "systemd SELinux Policy documentation"
+.SH "NAME"
+systemd_selinux \- Security Enhanced Linux Policy for the systemd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the systemd processes via flexible mandatory access
++
++SELinux Linux secures
++.B systemd
++(SELinux policy for systemd components)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. systemd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run systemd with the tightest access possible.
+
@@ -45117,7 +47649,7 @@ index 0000000..f3ff4b1
+/usr/lib/systemd/system(/.*)?, /lib/systemd/system(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -45138,7 +47670,7 @@ index 0000000..f3ff4b1
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -45149,7 +47681,7 @@ index 0000000..f3ff4b1
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -45167,18 +47699,24 @@ index 0000000..f3ff4b1
\ No newline at end of file
diff --git a/man/man8/tcpd_selinux.8 b/man/man8/tcpd_selinux.8
new file mode 100644
-index 0000000..dcf911c
+index 0000000..5543123
--- /dev/null
+++ b/man/man8/tcpd_selinux.8
-@@ -0,0 +1,108 @@
+@@ -0,0 +1,114 @@
+.TH "tcpd_selinux" "8" "tcpd" "dwalsh at redhat.com" "tcpd SELinux Policy documentation"
+.SH "NAME"
+tcpd_selinux \- Security Enhanced Linux Policy for the tcpd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the tcpd processes via flexible mandatory access
++
++SELinux Linux secures
++.B tcpd
++(Policy for TCP daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. tcpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run tcpd with the tightest access possible.
+
@@ -45232,7 +47770,7 @@ index 0000000..dcf911c
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -45253,7 +47791,7 @@ index 0000000..dcf911c
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -45264,7 +47802,7 @@ index 0000000..dcf911c
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -45282,18 +47820,24 @@ index 0000000..dcf911c
\ No newline at end of file
diff --git a/man/man8/tcsd_selinux.8 b/man/man8/tcsd_selinux.8
new file mode 100644
-index 0000000..ccd27e8
+index 0000000..514ced5
--- /dev/null
+++ b/man/man8/tcsd_selinux.8
-@@ -0,0 +1,113 @@
+@@ -0,0 +1,119 @@
+.TH "tcsd_selinux" "8" "tcsd" "dwalsh at redhat.com" "tcsd SELinux Policy documentation"
+.SH "NAME"
+tcsd_selinux \- Security Enhanced Linux Policy for the tcsd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the tcsd processes via flexible mandatory access
++
++SELinux Linux secures
++.B tcsd
++(TSS Core Services (TCS) daemon (tcsd) policy)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -45330,7 +47874,7 @@ index 0000000..ccd27e8
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -45374,7 +47918,7 @@ index 0000000..ccd27e8
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -45385,7 +47929,7 @@ index 0000000..ccd27e8
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -45401,18 +47945,24 @@ index 0000000..ccd27e8
+selinux(8), tcsd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/telepathy_selinux.8 b/man/man8/telepathy_selinux.8
new file mode 100644
-index 0000000..94e44da
+index 0000000..996878a
--- /dev/null
+++ b/man/man8/telepathy_selinux.8
-@@ -0,0 +1,305 @@
+@@ -0,0 +1,311 @@
+.TH "telepathy_selinux" "8" "telepathy" "dwalsh at redhat.com" "telepathy SELinux Policy documentation"
+.SH "NAME"
+telepathy_selinux \- Security Enhanced Linux Policy for the telepathy processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the telepathy processes via flexible mandatory access
++
++SELinux Linux secures
++.B telepathy
++(Telepathy communications framework)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. telepathy policy is extremely flexible and has several booleans that allow you to manipulate the policy and run telepathy with the tightest access possible.
+
@@ -45663,7 +48213,7 @@ index 0000000..94e44da
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -45684,7 +48234,7 @@ index 0000000..94e44da
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -45695,7 +48245,7 @@ index 0000000..94e44da
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -45713,7 +48263,7 @@ index 0000000..94e44da
\ No newline at end of file
diff --git a/man/man8/telnetd_selinux.8 b/man/man8/telnetd_selinux.8
new file mode 100644
-index 0000000..888cb81
+index 0000000..34d5d8c
--- /dev/null
+++ b/man/man8/telnetd_selinux.8
@@ -0,0 +1,125 @@
@@ -45722,8 +48272,8 @@ index 0000000..888cb81
+telnetd_selinux \- Security Enhanced Linux Policy for the telnetd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the telnetd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -45773,7 +48323,7 @@ index 0000000..888cb81
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -45817,7 +48367,7 @@ index 0000000..888cb81
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -45828,7 +48378,7 @@ index 0000000..888cb81
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -45844,7 +48394,7 @@ index 0000000..888cb81
+selinux(8), telnetd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/tftpd_selinux.8 b/man/man8/tftpd_selinux.8
new file mode 100644
-index 0000000..d5366dc
+index 0000000..b7bdb6b
--- /dev/null
+++ b/man/man8/tftpd_selinux.8
@@ -0,0 +1,155 @@
@@ -45853,8 +48403,8 @@ index 0000000..d5366dc
+tftpd_selinux \- Security Enhanced Linux Policy for the tftpd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the tftpd processes via flexible mandatory access
-+control.
++
++
+
+.SH SHARING FILES
+If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
@@ -45867,7 +48417,7 @@ index 0000000..d5366dc
+.B restorecon -F -R -v /var/tftpd
+.pp
+.TP
-+Allow tftpd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_tftpdd_anon_write boolean to be set.
++Allow tftpd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_tftpd_anon_write boolean to be set.
+.PP
+.B
+semanage fcontext -a -t public_content_rw_t "/var/tftpd/incoming(/.*)?"
@@ -45934,7 +48484,7 @@ index 0000000..d5366dc
+/tftpboot/.*, /tftpboot
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -45978,7 +48528,7 @@ index 0000000..d5366dc
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -45989,7 +48539,7 @@ index 0000000..d5366dc
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -46005,18 +48555,24 @@ index 0000000..d5366dc
+selinux(8), tftpd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/tgtd_selinux.8 b/man/man8/tgtd_selinux.8
new file mode 100644
-index 0000000..9654fe0
+index 0000000..ed0f28a
--- /dev/null
+++ b/man/man8/tgtd_selinux.8
-@@ -0,0 +1,111 @@
+@@ -0,0 +1,117 @@
+.TH "tgtd_selinux" "8" "tgtd" "dwalsh at redhat.com" "tgtd SELinux Policy documentation"
+.SH "NAME"
+tgtd_selinux \- Security Enhanced Linux Policy for the tgtd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the tgtd processes via flexible mandatory access
++
++SELinux Linux secures
++.B tgtd
++(Linux Target Framework Daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -46077,7 +48633,7 @@ index 0000000..9654fe0
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -46098,7 +48654,7 @@ index 0000000..9654fe0
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -46109,7 +48665,7 @@ index 0000000..9654fe0
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -46122,7 +48678,7 @@ index 0000000..9654fe0
+selinux(8), tgtd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/thin_selinux.8 b/man/man8/thin_selinux.8
new file mode 100644
-index 0000000..3729132
+index 0000000..c7f6423
--- /dev/null
+++ b/man/man8/thin_selinux.8
@@ -0,0 +1,79 @@
@@ -46131,8 +48687,8 @@ index 0000000..3729132
+thin_selinux \- Security Enhanced Linux Policy for the thin processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the thin processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -46162,7 +48718,7 @@ index 0000000..3729132
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -46183,7 +48739,7 @@ index 0000000..3729132
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -46194,7 +48750,7 @@ index 0000000..3729132
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -46207,18 +48763,24 @@ index 0000000..3729132
+selinux(8), thin(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/thumb_selinux.8 b/man/man8/thumb_selinux.8
new file mode 100644
-index 0000000..0692cbc
+index 0000000..50ef8e9
--- /dev/null
+++ b/man/man8/thumb_selinux.8
-@@ -0,0 +1,83 @@
+@@ -0,0 +1,89 @@
+.TH "thumb_selinux" "8" "thumb" "dwalsh at redhat.com" "thumb SELinux Policy documentation"
+.SH "NAME"
+thumb_selinux \- Security Enhanced Linux Policy for the thumb processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the thumb processes via flexible mandatory access
++
++SELinux Linux secures
++.B thumb
++(policy for thumb)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -46251,7 +48813,7 @@ index 0000000..0692cbc
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -46272,7 +48834,7 @@ index 0000000..0692cbc
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -46283,7 +48845,7 @@ index 0000000..0692cbc
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -46296,18 +48858,24 @@ index 0000000..0692cbc
+selinux(8), thumb(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/tmpreaper_selinux.8 b/man/man8/tmpreaper_selinux.8
new file mode 100644
-index 0000000..6f6b4a0
+index 0000000..53468d0
--- /dev/null
+++ b/man/man8/tmpreaper_selinux.8
-@@ -0,0 +1,75 @@
+@@ -0,0 +1,81 @@
+.TH "tmpreaper_selinux" "8" "tmpreaper" "dwalsh at redhat.com" "tmpreaper SELinux Policy documentation"
+.SH "NAME"
+tmpreaper_selinux \- Security Enhanced Linux Policy for the tmpreaper processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the tmpreaper processes via flexible mandatory access
++
++SELinux Linux secures
++.B tmpreaper
++(Manage temporary directory sizes and file ages)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -46332,7 +48900,7 @@ index 0000000..6f6b4a0
+/usr/sbin/tmpwatch, /usr/sbin/tmpreaper
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -46353,7 +48921,7 @@ index 0000000..6f6b4a0
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -46364,7 +48932,7 @@ index 0000000..6f6b4a0
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -46377,18 +48945,24 @@ index 0000000..6f6b4a0
+selinux(8), tmpreaper(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/tor_selinux.8 b/man/man8/tor_selinux.8
new file mode 100644
-index 0000000..a044dbf
+index 0000000..8ec79ef
--- /dev/null
+++ b/man/man8/tor_selinux.8
-@@ -0,0 +1,171 @@
+@@ -0,0 +1,177 @@
+.TH "tor_selinux" "8" "tor" "dwalsh at redhat.com" "tor SELinux Policy documentation"
+.SH "NAME"
+tor_selinux \- Security Enhanced Linux Policy for the tor processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the tor processes via flexible mandatory access
++
++SELinux Linux secures
++.B tor
++(TOR, the onion router)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. tor policy is extremely flexible and has several booleans that allow you to manipulate the policy and run tor with the tightest access possible.
+
@@ -46468,7 +49042,7 @@ index 0000000..a044dbf
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -46523,7 +49097,7 @@ index 0000000..a044dbf
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -46534,7 +49108,7 @@ index 0000000..a044dbf
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -46555,7 +49129,7 @@ index 0000000..a044dbf
\ No newline at end of file
diff --git a/man/man8/traceroute_selinux.8 b/man/man8/traceroute_selinux.8
new file mode 100644
-index 0000000..f631ab7
+index 0000000..283d349
--- /dev/null
+++ b/man/man8/traceroute_selinux.8
@@ -0,0 +1,101 @@
@@ -46564,8 +49138,8 @@ index 0000000..f631ab7
+traceroute_selinux \- Security Enhanced Linux Policy for the traceroute processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the traceroute processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -46591,7 +49165,7 @@ index 0000000..f631ab7
+/bin/tracepath.*, /usr/bin/traceroute.*, /usr/bin/nmap, /usr/bin/lft, /bin/traceroute.*, /usr/bin/tracepath.*, /usr/sbin/traceroute.*
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -46635,7 +49209,7 @@ index 0000000..f631ab7
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -46646,7 +49220,7 @@ index 0000000..f631ab7
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -46662,18 +49236,24 @@ index 0000000..f631ab7
+selinux(8), traceroute(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/tuned_selinux.8 b/man/man8/tuned_selinux.8
new file mode 100644
-index 0000000..509a481
+index 0000000..824c519
--- /dev/null
+++ b/man/man8/tuned_selinux.8
-@@ -0,0 +1,99 @@
+@@ -0,0 +1,105 @@
+.TH "tuned_selinux" "8" "tuned" "dwalsh at redhat.com" "tuned SELinux Policy documentation"
+.SH "NAME"
+tuned_selinux \- Security Enhanced Linux Policy for the tuned processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the tuned processes via flexible mandatory access
++
++SELinux Linux secures
++.B tuned
++(Dynamic adaptive system tuning daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -46722,7 +49302,7 @@ index 0000000..509a481
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -46743,7 +49323,7 @@ index 0000000..509a481
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -46754,7 +49334,7 @@ index 0000000..509a481
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -46767,18 +49347,24 @@ index 0000000..509a481
+selinux(8), tuned(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/tvtime_selinux.8 b/man/man8/tvtime_selinux.8
new file mode 100644
-index 0000000..d02f5cb
+index 0000000..0694cf9
--- /dev/null
+++ b/man/man8/tvtime_selinux.8
-@@ -0,0 +1,95 @@
+@@ -0,0 +1,101 @@
+.TH "tvtime_selinux" "8" "tvtime" "dwalsh at redhat.com" "tvtime SELinux Policy documentation"
+.SH "NAME"
+tvtime_selinux \- Security Enhanced Linux Policy for the tvtime processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the tvtime processes via flexible mandatory access
++
++SELinux Linux secures
++.B tvtime
++( tvtime - a high quality television application )
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -46823,7 +49409,7 @@ index 0000000..d02f5cb
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -46844,7 +49430,7 @@ index 0000000..d02f5cb
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -46855,7 +49441,7 @@ index 0000000..d02f5cb
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -46868,18 +49454,24 @@ index 0000000..d02f5cb
+selinux(8), tvtime(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/udev_selinux.8 b/man/man8/udev_selinux.8
new file mode 100644
-index 0000000..44d7efc
+index 0000000..e90dada
--- /dev/null
+++ b/man/man8/udev_selinux.8
-@@ -0,0 +1,115 @@
+@@ -0,0 +1,121 @@
+.TH "udev_selinux" "8" "udev" "dwalsh at redhat.com" "udev SELinux Policy documentation"
+.SH "NAME"
+udev_selinux \- Security Enhanced Linux Policy for the udev processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the udev processes via flexible mandatory access
++
++SELinux Linux secures
++.B udev
++(Policy for udev)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -46944,7 +49536,7 @@ index 0000000..44d7efc
+/var/run/udev(/.*)?, /dev/\.udevdb, /var/run/PackageKit/udev(/.*)?, /dev/\.udev(/.*)?, /dev/udev\.tbl, /var/run/libgpod(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -46965,7 +49557,7 @@ index 0000000..44d7efc
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -46976,7 +49568,7 @@ index 0000000..44d7efc
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -46989,18 +49581,24 @@ index 0000000..44d7efc
+selinux(8), udev(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ulogd_selinux.8 b/man/man8/ulogd_selinux.8
new file mode 100644
-index 0000000..4ab5d93
+index 0000000..3ab14e4
--- /dev/null
+++ b/man/man8/ulogd_selinux.8
-@@ -0,0 +1,103 @@
+@@ -0,0 +1,109 @@
+.TH "ulogd_selinux" "8" "ulogd" "dwalsh at redhat.com" "ulogd SELinux Policy documentation"
+.SH "NAME"
+ulogd_selinux \- Security Enhanced Linux Policy for the ulogd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ulogd processes via flexible mandatory access
++
++SELinux Linux secures
++.B ulogd
++(Iptables/netfilter userspace logging daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -47053,7 +49651,7 @@ index 0000000..4ab5d93
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -47074,7 +49672,7 @@ index 0000000..4ab5d93
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -47085,7 +49683,7 @@ index 0000000..4ab5d93
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -47098,18 +49696,24 @@ index 0000000..4ab5d93
+selinux(8), ulogd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/uml_selinux.8 b/man/man8/uml_selinux.8
new file mode 100644
-index 0000000..291735c
+index 0000000..34355cf
--- /dev/null
+++ b/man/man8/uml_selinux.8
-@@ -0,0 +1,119 @@
+@@ -0,0 +1,125 @@
+.TH "uml_selinux" "8" "uml" "dwalsh at redhat.com" "uml SELinux Policy documentation"
+.SH "NAME"
+uml_selinux \- Security Enhanced Linux Policy for the uml processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the uml processes via flexible mandatory access
++
++SELinux Linux secures
++.B uml
++(Policy for UML)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -47178,7 +49782,7 @@ index 0000000..291735c
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -47199,7 +49803,7 @@ index 0000000..291735c
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -47210,7 +49814,7 @@ index 0000000..291735c
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -47223,63 +49827,88 @@ index 0000000..291735c
+selinux(8), uml(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/unconfined_selinux.8 b/man/man8/unconfined_selinux.8
new file mode 100644
-index 0000000..21e62f0
+index 0000000..cec81dc
--- /dev/null
+++ b/man/man8/unconfined_selinux.8
-@@ -0,0 +1,125 @@
-+.TH "unconfined_selinux" "8" "unconfined" "dwalsh at redhat.com" "unconfined SELinux Policy documentation"
+@@ -0,0 +1,65 @@
++.TH "unconfined_selinux" "8" "unconfined" "mgrepl at redhat.com" "unconfined SELinux Policy documentation"
+.SH "NAME"
-+unconfined_selinux \- Security Enhanced Linux Policy for the unconfined processes
-+.SH "DESCRIPTION"
++unconfined_r \- \fBUnconfiend user role\fP - Security Enhanced Linux Policy
+
-+Security-Enhanced Linux secures the unconfined processes via flexible mandatory access
-+control.
++.SH DESCRIPTION
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. unconfined policy is extremely flexible and has several booleans that allow you to manipulate the policy and run unconfined with the tightest access possible.
++SELinux supports Roles Based Access Control, some Linux roles are login roles, while other roles need to be transition to.
+
++Note: The examples in the man page will user the staff_u user.
+
-+.PP
-+If you want to allow database admins to execute DML statemen, you must turn on the sepgsql_unconfined_dbadm boolean.
++Non login roles are usually used for administrative tasks.
+
-+.EX
-+.B setsebool -P sepgsql_unconfined_dbadm 1
-+.EE
++Roles usually have default types assigned to them.
+
-+.PP
-+If you want to allow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container, you must turn on the unconfined_mozilla_plugin_transition boolean.
++The default type for the unconfined_r role is unconfined_t.
+
-+.EX
-+.B setsebool -P unconfined_mozilla_plugin_transition 1
-+.EE
++You can use the
++.B newrole
++program to transition directly to this role.
+
-+.PP
-+If you want to allow a user to login as an unconfined domai, you must turn on the unconfined_login boolean.
++.B newrole -r unconfined_r -t unconfined_t
+
-+.EX
-+.B setsebool -P unconfined_login 1
-+.EE
++.B sudo
++can also be setup to transition to this role using the visudo command.
+
-+.PP
-+If you want to allow unconfined users to transition to the chrome sandbox domains when running chrome-sandbo, you must turn on the unconfined_chrome_sandbox_transition boolean.
++USERNAME ALL=(ALL) ROLE=unconfined_r TYPE=unconfined_t COMMAND
++.br
++sudo will run COMMAND as staff_u:unconfined_r:unconfined_t:LEVEL
+
-+.EX
-+.B setsebool -P unconfined_chrome_sandbox_transition 1
-+.EE
++If you want to use a non login role, you need to make sure the SELinux user you are using can reach this role.
+
-+.PP
-+If you want to allow samba to run unconfined script, you must turn on the samba_run_unconfined boolean.
++You can see all of the assigned SELinux roles using the following
++
++.B semanage user -l
++
++If you wanted to add unconfined_r to the staff_u user, you would execute:
++
++.B $ semanage user -m -R 'staff_r unconfined_r' staff_u
++
++
++
++SELinux policy also controls which roles can transition to a different role.
++You can list these rules using the following command.
++
++.B sesearch --role_allow
++
++SELinux policy allows the staff_r role can transition to the unconfined_r role.
++
++
++.SH "COMMANDS"
++
++.B semanage login
++can also be used to manipulate the Linux User to SELinux User mappings
++
++.B semanage user
++can also be used to manipulate SELinux user definitions.
++
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was autogenerated by genuserman.py.
++
++.SH "SEE ALSO"
++selinux(8), semanage(8).
+diff --git a/man/man8/update_selinux.8 b/man/man8/update_selinux.8
+new file mode 100644
+index 0000000..df3a1eb
+--- /dev/null
++++ b/man/man8/update_selinux.8
+@@ -0,0 +1,83 @@
++.TH "update_selinux" "8" "update" "dwalsh at redhat.com" "update SELinux Policy documentation"
++.SH "NAME"
++update_selinux \- Security Enhanced Linux Policy for the update processes
++.SH "DESCRIPTION"
+
-+.EX
-+.B setsebool -P samba_run_unconfined 1
-+.EE
+
-+.PP
-+If you want to allow video playing tools to run unconfine, you must turn on the unconfined_mplayer boolean.
+
-+.EX
-+.B setsebool -P unconfined_mplayer 1
-+.EE
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -47287,25 +49916,33 @@ index 0000000..21e62f0
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux unconfined policy is very flexible allowing users to setup their unconfined processes in as secure a method as possible.
++SELinux update policy is very flexible allowing users to setup their update processes in as secure a method as possible.
+.PP
-+The following file types are defined for unconfined:
++The following file types are defined for update:
+
+
+.EX
+.PP
-+.B unconfined_exec_t
++.B update_modules_exec_t
+.EE
+
-+- Set files with the unconfined_exec_t type, if you want to transition an executable to the unconfined_t domain.
++- Set files with the update_modules_exec_t type, if you want to transition an executable to the update_modules_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/bin/vncserver, /usr/sbin/xrdp, /usr/sbin/xrdp-sesman
++/usr/sbin/modules-update, /usr/sbin/update-modules, /sbin/modules-update, /sbin/generate-modprobe\.conf, /sbin/update-modules, /usr/sbin/generate-modprobe\.conf
++
++.EX
++.PP
++.B update_modules_tmp_t
++.EE
++
++- Set files with the update_modules_tmp_t type, if you want to store update modules temporary files in the /tmp directories.
++
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -47317,16 +49954,16 @@ index 0000000..21e62f0
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux unconfined policy is very flexible allowing users to setup their unconfined processes in as secure a method as possible.
++SELinux update policy is very flexible allowing users to setup their update processes in as secure a method as possible.
+.PP
-+The following process types are defined for unconfined:
++The following process types are defined for update:
+
+.EX
-+.B unconfined_cronjob_t, unconfined_dbusd_t, unconfined_t
++.B update_modules_t
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -47337,10 +49974,7 @@ index 0000000..21e62f0
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
-+
-+.B semanage boolean
-+can also be used to manipulate the booleans
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -47350,56 +49984,52 @@ index 0000000..21e62f0
+This manual page was autogenerated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), unconfined(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
-\ No newline at end of file
-diff --git a/man/man8/update_selinux.8 b/man/man8/update_selinux.8
++selinux(8), update(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/updfstab_selinux.8 b/man/man8/updfstab_selinux.8
new file mode 100644
-index 0000000..a755e2d
+index 0000000..17c099b
--- /dev/null
-+++ b/man/man8/update_selinux.8
-@@ -0,0 +1,83 @@
-+.TH "update_selinux" "8" "update" "dwalsh at redhat.com" "update SELinux Policy documentation"
++++ b/man/man8/updfstab_selinux.8
+@@ -0,0 +1,81 @@
++.TH "updfstab_selinux" "8" "updfstab" "dwalsh at redhat.com" "updfstab SELinux Policy documentation"
+.SH "NAME"
-+update_selinux \- Security Enhanced Linux Policy for the update processes
++updfstab_selinux \- Security Enhanced Linux Policy for the updfstab processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the update processes via flexible mandatory access
++
++SELinux Linux secures
++.B updfstab
++(Red Hat utility to change /etc/fstab)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux update policy is very flexible allowing users to setup their update processes in as secure a method as possible.
++SELinux updfstab policy is very flexible allowing users to setup their updfstab processes in as secure a method as possible.
+.PP
-+The following file types are defined for update:
++The following file types are defined for updfstab:
+
+
+.EX
+.PP
-+.B update_modules_exec_t
++.B updfstab_exec_t
+.EE
+
-+- Set files with the update_modules_exec_t type, if you want to transition an executable to the update_modules_t domain.
++- Set files with the updfstab_exec_t type, if you want to transition an executable to the updfstab_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/modules-update, /usr/sbin/update-modules, /sbin/modules-update, /sbin/generate-modprobe\.conf, /sbin/update-modules, /usr/sbin/generate-modprobe\.conf
-+
-+.EX
-+.PP
-+.B update_modules_tmp_t
-+.EE
-+
-+- Set files with the update_modules_tmp_t type, if you want to store update modules temporary files in the /tmp directories.
-+
++/usr/sbin/updfstab, /usr/sbin/fstab-sync
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -47411,16 +50041,16 @@ index 0000000..a755e2d
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux update policy is very flexible allowing users to setup their update processes in as secure a method as possible.
++SELinux updfstab policy is very flexible allowing users to setup their updfstab processes in as secure a method as possible.
+.PP
-+The following process types are defined for update:
++The following process types are defined for updfstab:
+
+.EX
-+.B update_modules_t
++.B updfstab_t
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -47431,7 +50061,7 @@ index 0000000..a755e2d
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -47441,20 +50071,20 @@ index 0000000..a755e2d
+This manual page was autogenerated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), update(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/updfstab_selinux.8 b/man/man8/updfstab_selinux.8
++selinux(8), updfstab(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/updpwd_selinux.8 b/man/man8/updpwd_selinux.8
new file mode 100644
-index 0000000..a211ed1
+index 0000000..b48fb1b
--- /dev/null
-+++ b/man/man8/updfstab_selinux.8
++++ b/man/man8/updpwd_selinux.8
@@ -0,0 +1,75 @@
-+.TH "updfstab_selinux" "8" "updfstab" "dwalsh at redhat.com" "updfstab SELinux Policy documentation"
++.TH "updpwd_selinux" "8" "updpwd" "dwalsh at redhat.com" "updpwd SELinux Policy documentation"
+.SH "NAME"
-+updfstab_selinux \- Security Enhanced Linux Policy for the updfstab processes
++updpwd_selinux \- Security Enhanced Linux Policy for the updpwd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the updfstab processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -47462,25 +50092,25 @@ index 0000000..a211ed1
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux updfstab policy is very flexible allowing users to setup their updfstab processes in as secure a method as possible.
++SELinux updpwd policy is very flexible allowing users to setup their updpwd processes in as secure a method as possible.
+.PP
-+The following file types are defined for updfstab:
++The following file types are defined for updpwd:
+
+
+.EX
+.PP
-+.B updfstab_exec_t
++.B updpwd_exec_t
+.EE
+
-+- Set files with the updfstab_exec_t type, if you want to transition an executable to the updfstab_t domain.
++- Set files with the updpwd_exec_t type, if you want to transition an executable to the updpwd_t domain.
+
+.br
+.TP 5
+Paths:
-+/usr/sbin/updfstab, /usr/sbin/fstab-sync
++/sbin/unix_update, /usr/sbin/unix_update
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -47492,16 +50122,16 @@ index 0000000..a211ed1
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux updfstab policy is very flexible allowing users to setup their updfstab processes in as secure a method as possible.
++SELinux updpwd policy is very flexible allowing users to setup their updpwd processes in as secure a method as possible.
+.PP
-+The following process types are defined for updfstab:
++The following process types are defined for updpwd:
+
+.EX
-+.B updfstab_t
++.B updpwd_t
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -47512,7 +50142,7 @@ index 0000000..a211ed1
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -47522,46 +50152,52 @@ index 0000000..a211ed1
+This manual page was autogenerated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), updfstab(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/updpwd_selinux.8 b/man/man8/updpwd_selinux.8
++selinux(8), updpwd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/usbmodules_selinux.8 b/man/man8/usbmodules_selinux.8
new file mode 100644
-index 0000000..92bab47
+index 0000000..83e61e3
--- /dev/null
-+++ b/man/man8/updpwd_selinux.8
-@@ -0,0 +1,75 @@
-+.TH "updpwd_selinux" "8" "updpwd" "dwalsh at redhat.com" "updpwd SELinux Policy documentation"
++++ b/man/man8/usbmodules_selinux.8
+@@ -0,0 +1,81 @@
++.TH "usbmodules_selinux" "8" "usbmodules" "dwalsh at redhat.com" "usbmodules SELinux Policy documentation"
+.SH "NAME"
-+updpwd_selinux \- Security Enhanced Linux Policy for the updpwd processes
++usbmodules_selinux \- Security Enhanced Linux Policy for the usbmodules processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the updpwd processes via flexible mandatory access
++
++SELinux Linux secures
++.B usbmodules
++(List kernel modules of USB devices)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux updpwd policy is very flexible allowing users to setup their updpwd processes in as secure a method as possible.
++SELinux usbmodules policy is very flexible allowing users to setup their usbmodules processes in as secure a method as possible.
+.PP
-+The following file types are defined for updpwd:
++The following file types are defined for usbmodules:
+
+
+.EX
+.PP
-+.B updpwd_exec_t
++.B usbmodules_exec_t
+.EE
+
-+- Set files with the updpwd_exec_t type, if you want to transition an executable to the updpwd_t domain.
++- Set files with the usbmodules_exec_t type, if you want to transition an executable to the usbmodules_t domain.
+
+.br
+.TP 5
+Paths:
-+/sbin/unix_update, /usr/sbin/unix_update
++/usr/sbin/usbmodules, /sbin/usbmodules
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -47573,16 +50209,16 @@ index 0000000..92bab47
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux updpwd policy is very flexible allowing users to setup their updpwd processes in as secure a method as possible.
++SELinux usbmodules policy is very flexible allowing users to setup their usbmodules processes in as secure a method as possible.
+.PP
-+The following process types are defined for updpwd:
++The following process types are defined for usbmodules:
+
+.EX
-+.B updpwd_t
++.B usbmodules_t
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -47593,7 +50229,7 @@ index 0000000..92bab47
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -47603,46 +50239,56 @@ index 0000000..92bab47
+This manual page was autogenerated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), updpwd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/usbmodules_selinux.8 b/man/man8/usbmodules_selinux.8
++selinux(8), usbmodules(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/usbmuxd_selinux.8 b/man/man8/usbmuxd_selinux.8
new file mode 100644
-index 0000000..a34f9c0
+index 0000000..a8d74de
--- /dev/null
-+++ b/man/man8/usbmodules_selinux.8
-@@ -0,0 +1,75 @@
-+.TH "usbmodules_selinux" "8" "usbmodules" "dwalsh at redhat.com" "usbmodules SELinux Policy documentation"
++++ b/man/man8/usbmuxd_selinux.8
+@@ -0,0 +1,85 @@
++.TH "usbmuxd_selinux" "8" "usbmuxd" "dwalsh at redhat.com" "usbmuxd SELinux Policy documentation"
+.SH "NAME"
-+usbmodules_selinux \- Security Enhanced Linux Policy for the usbmodules processes
++usbmuxd_selinux \- Security Enhanced Linux Policy for the usbmuxd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the usbmodules processes via flexible mandatory access
++
++SELinux Linux secures
++.B usbmuxd
++(USB multiplexing daemon for communicating with Apple iPod Touch and iPhone)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
+Policy governs the access confined processes have to these files.
-+SELinux usbmodules policy is very flexible allowing users to setup their usbmodules processes in as secure a method as possible.
++SELinux usbmuxd policy is very flexible allowing users to setup their usbmuxd processes in as secure a method as possible.
+.PP
-+The following file types are defined for usbmodules:
++The following file types are defined for usbmuxd:
+
+
+.EX
+.PP
-+.B usbmodules_exec_t
++.B usbmuxd_exec_t
+.EE
+
-+- Set files with the usbmodules_exec_t type, if you want to transition an executable to the usbmodules_t domain.
++- Set files with the usbmuxd_exec_t type, if you want to transition an executable to the usbmuxd_t domain.
++
++
++.EX
++.PP
++.B usbmuxd_var_run_t
++.EE
++
++- Set files with the usbmuxd_var_run_t type, if you want to store the usbmuxd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/usbmodules, /sbin/usbmodules
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -47654,16 +50300,16 @@ index 0000000..a34f9c0
+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
+.PP
+Policy governs the access confined processes have to files.
-+SELinux usbmodules policy is very flexible allowing users to setup their usbmodules processes in as secure a method as possible.
++SELinux usbmuxd policy is very flexible allowing users to setup their usbmuxd processes in as secure a method as possible.
+.PP
-+The following process types are defined for usbmodules:
++The following process types are defined for usbmuxd:
+
+.EX
-+.B usbmodules_t
++.B usbmuxd_t
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -47674,7 +50320,7 @@ index 0000000..a34f9c0
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -47684,95 +50330,210 @@ index 0000000..a34f9c0
+This manual page was autogenerated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), usbmodules(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/usbmuxd_selinux.8 b/man/man8/usbmuxd_selinux.8
++selinux(8), usbmuxd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/user_selinux.8 b/man/man8/user_selinux.8
new file mode 100644
-index 0000000..6db86ae
+index 0000000..a2082e9
--- /dev/null
-+++ b/man/man8/usbmuxd_selinux.8
-@@ -0,0 +1,79 @@
-+.TH "usbmuxd_selinux" "8" "usbmuxd" "dwalsh at redhat.com" "usbmuxd SELinux Policy documentation"
++++ b/man/man8/user_selinux.8
+@@ -0,0 +1,194 @@
++.TH "user_selinux" "8" "user" "mgrepl at redhat.com" "user SELinux Policy documentation"
+.SH "NAME"
-+usbmuxd_selinux \- Security Enhanced Linux Policy for the usbmuxd processes
-+.SH "DESCRIPTION"
++user_u \- \fBGeneric unprivileged user role\fP - Security Enhanced Linux Policy
++
++.SH DESCRIPTION
++
++\fBuser_u\fP is an SELinux User defined in the SELinux
++policy. SELinux users have default roles, \fBuser_r\fP. The
++default role has a default type, \fBuser_t\fP, associated with it.
++
++The SELinux user will usually login to a system with a context that looks like:
++
++.B user_u:user_r:user_u:s0-s0:c0.c1023
++
++Linux users are automatically assigned an SELinux users at login.
++Login programs use the SELinux User to assign initial context to the user's shell.
++
++SELinux policy uses the context to control the user's access.
++
++By default all users are assigned to the SELinux user via the \fB__default__\fP flag
++
++On Targeted policy systems the \fB__default__\fP user is assigned to the \fBunconfined_u\fP SELinux user.
++
++You can list all Linux User to SELinux user mapping using:
++
++.B semanage login -l
++
++If you wanted to change the default user mapping to use the user_u user, you would execute:
++
++.B semanage login -m -s user_u __default__
++
++
++If you want to map the one Linux user (joe) to the SELinux user user, you would execute:
++
++.B $ semanage login -a -s user_u joe
++
++
++.SH USER DESCRIPTION
++
++The SELinux user user_u is defined in policy as a unprivileged user. SELinux prevents unprivileged users from doing administration tasks without transitioning to a different role.
++
++.SH SUDO
++
++The SELinux type user_t is not allowed to execute sudo.
++
++.SH X WINDOWS LOGIN
++
++The SELinux user user_u is able to X Windows login.
++
++.SH TERMINAL LOGIN
++
++The SELinux user user_u is able to terminal login.
++
++.SH NETWORK
++
++.TP
++The SELinux user user_u is able to listen on the following tcp ports.
++
++.B xserver_port_t: 6000-6020
++
++.TP
++The SELinux user user_u is able to listen on the following udp ports.
++
++.B all ports with out defined types
++
++.TP
++The SELinux user user_u is able to connect to the following tcp ports.
++
++.B all ports
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. user_t policy is extremely flexible and has several booleans that allow you to manipulate the policy and run user_t with the tightest access possible.
+
-+Security-Enhanced Linux secures the usbmuxd processes via flexible mandatory access
-+control.
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux usbmuxd policy is very flexible allowing users to setup their usbmuxd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for usbmuxd:
++If you want to allow users to connect to the local mysql server, you must turn on the allow_user_mysql_connect boolean.
++
++.EX
++.B setsebool -P allow_user_mysql_connect 1
++.EE
+
++.PP
++If you want to control users use of ping and traceroute, you must turn on the user_ping boolean.
+
+.EX
++.B setsebool -P user_ping 1
++.EE
++
+.PP
-+.B usbmuxd_exec_t
++If you want to allow w to display everyone, you must turn on the user_ttyfile_stat boolean.
++
++.EX
++.B setsebool -P user_ttyfile_stat 1
+.EE
+
-+- Set files with the usbmuxd_exec_t type, if you want to transition an executable to the usbmuxd_t domain.
++.PP
++If you want to allow user music sharing, you must turn on the user_share_music boolean.
+
++.EX
++.B setsebool -P user_share_music 1
++.EE
++
++.PP
++If you want to allow regular users direct dri device access, you must turn on the user_direct_dri boolean.
+
+.EX
++.B setsebool -P user_direct_dri 1
++.EE
++
+.PP
-+.B usbmuxd_var_run_t
++If you want to allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY), you must turn on the user_rw_noexattrfile boolean.
++
++.EX
++.B setsebool -P user_rw_noexattrfile 1
+.EE
+
-+- Set files with the usbmuxd_var_run_t type, if you want to store the usbmuxd files under the /run directory.
++.PP
++If you want to allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols, you must turn on the user_tcp_server boolean.
+
++.EX
++.B setsebool -P user_tcp_server 1
++.EE
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
++If you want to allow regular users direct mouse access, you must turn on the user_direct_mouse boolean.
++
++.EX
++.B setsebool -P user_direct_mouse 1
++.EE
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++If you want to allow user processes to change their priority, you must turn on the user_setrlimit boolean.
++
++.EX
++.B setsebool -P user_setrlimit 1
++.EE
++
+.PP
-+Policy governs the access confined processes have to files.
-+SELinux usbmuxd policy is very flexible allowing users to setup their usbmuxd processes in as secure a method as possible.
-+.PP
-+The following process types are defined for usbmuxd:
++If you want to allow users to connect to PostgreSQL, you must turn on the allow_user_postgresql_connect boolean.
+
+.EX
-+.B usbmuxd_t
++.B setsebool -P allow_user_postgresql_connect 1
+.EE
++
+.PP
-+Note:
-+.B semanage permississive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++If you want to allow users to read system messages, you must turn on the user_dmesg boolean.
++
++.EX
++.B setsebool -P user_dmesg 1
++.EE
++
++.SH HOME_EXEC
++
++The SELinux user user_u is able execute home content files.
++
++.SH TRANSITIONS
++
++Three things can happen when user_t attempts to execute a program.
++
++\fB1.\fP SELinux Policy can deny user_t from executing the program.
++
++.TP
++
++\fB2.\fP SELinux Policy can allow user_t to execute the program in the current user type.
++
++Execute the following to see the types that the SELinux user user_t can execute without transitioning:
++
++.B sesearch -A -s user_t -c file -p execute_no_trans
++
++.TP
++
++\fB3.\fP SELinux can allow user_t to execute the program and transition to a new type.
++
++Execute the following to see the types that the SELinux user user_t can execute and transition:
++
++.B $ sesearch -A -s user_t -c process -p transition
++
+
+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
+
-+.PP
++.B semanage login
++can also be used to manipulate the Linux User to SELinux User mappings
++
++.B semanage user
++can also be used to manipulate SELinux user definitions.
++
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was autogenerated by genuserman.py.
+
+.SH "SEE ALSO"
-+selinux(8), usbmuxd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), semanage(8).
diff --git a/man/man8/useradd_selinux.8 b/man/man8/useradd_selinux.8
new file mode 100644
-index 0000000..8867f8c
+index 0000000..8ad5cf6
--- /dev/null
+++ b/man/man8/useradd_selinux.8
@@ -0,0 +1,75 @@
@@ -47781,8 +50542,8 @@ index 0000000..8867f8c
+useradd_selinux \- Security Enhanced Linux Policy for the useradd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the useradd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -47808,7 +50569,7 @@ index 0000000..8867f8c
+/usr/sbin/useradd, /usr/sbin/usermod, /usr/sbin/userdel
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -47829,7 +50590,7 @@ index 0000000..8867f8c
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -47840,7 +50601,7 @@ index 0000000..8867f8c
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -47853,18 +50614,24 @@ index 0000000..8867f8c
+selinux(8), useradd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/usernetctl_selinux.8 b/man/man8/usernetctl_selinux.8
new file mode 100644
-index 0000000..86ec83d
+index 0000000..8789d75
--- /dev/null
+++ b/man/man8/usernetctl_selinux.8
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,77 @@
+.TH "usernetctl_selinux" "8" "usernetctl" "dwalsh at redhat.com" "usernetctl SELinux Policy documentation"
+.SH "NAME"
+usernetctl_selinux \- Security Enhanced Linux Policy for the usernetctl processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the usernetctl processes via flexible mandatory access
++
++SELinux Linux secures
++.B usernetctl
++(User network interface configuration helper)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -47885,7 +50652,7 @@ index 0000000..86ec83d
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -47906,7 +50673,7 @@ index 0000000..86ec83d
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -47917,7 +50684,7 @@ index 0000000..86ec83d
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -47930,7 +50697,7 @@ index 0000000..86ec83d
+selinux(8), usernetctl(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/utempter_selinux.8 b/man/man8/utempter_selinux.8
new file mode 100644
-index 0000000..775d8ea
+index 0000000..a311394
--- /dev/null
+++ b/man/man8/utempter_selinux.8
@@ -0,0 +1,71 @@
@@ -47939,8 +50706,8 @@ index 0000000..775d8ea
+utempter_selinux \- Security Enhanced Linux Policy for the utempter processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the utempter processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -47962,7 +50729,7 @@ index 0000000..775d8ea
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -47983,7 +50750,7 @@ index 0000000..775d8ea
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -47994,7 +50761,7 @@ index 0000000..775d8ea
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -48007,7 +50774,7 @@ index 0000000..775d8ea
+selinux(8), utempter(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/uucpd_selinux.8 b/man/man8/uucpd_selinux.8
new file mode 100644
-index 0000000..02b475f
+index 0000000..10de0a8
--- /dev/null
+++ b/man/man8/uucpd_selinux.8
@@ -0,0 +1,157 @@
@@ -48016,8 +50783,8 @@ index 0000000..02b475f
+uucpd_selinux \- Security Enhanced Linux Policy for the uucpd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the uucpd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -48099,7 +50866,7 @@ index 0000000..02b475f
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -48143,7 +50910,7 @@ index 0000000..02b475f
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -48154,7 +50921,7 @@ index 0000000..02b475f
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -48170,18 +50937,24 @@ index 0000000..02b475f
+selinux(8), uucpd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/uuidd_selinux.8 b/man/man8/uuidd_selinux.8
new file mode 100644
-index 0000000..3ebb523
+index 0000000..82a5e37
--- /dev/null
+++ b/man/man8/uuidd_selinux.8
-@@ -0,0 +1,95 @@
+@@ -0,0 +1,101 @@
+.TH "uuidd_selinux" "8" "uuidd" "dwalsh at redhat.com" "uuidd SELinux Policy documentation"
+.SH "NAME"
+uuidd_selinux \- Security Enhanced Linux Policy for the uuidd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the uuidd processes via flexible mandatory access
++
++SELinux Linux secures
++.B uuidd
++(policy for uuidd)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -48226,7 +50999,7 @@ index 0000000..3ebb523
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -48247,7 +51020,7 @@ index 0000000..3ebb523
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -48258,7 +51031,7 @@ index 0000000..3ebb523
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -48271,7 +51044,7 @@ index 0000000..3ebb523
+selinux(8), uuidd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/uux_selinux.8 b/man/man8/uux_selinux.8
new file mode 100644
-index 0000000..79bae62
+index 0000000..c1913bf
--- /dev/null
+++ b/man/man8/uux_selinux.8
@@ -0,0 +1,71 @@
@@ -48280,8 +51053,8 @@ index 0000000..79bae62
+uux_selinux \- Security Enhanced Linux Policy for the uux processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the uux processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -48303,7 +51076,7 @@ index 0000000..79bae62
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -48324,7 +51097,7 @@ index 0000000..79bae62
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -48335,7 +51108,7 @@ index 0000000..79bae62
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -48348,18 +51121,24 @@ index 0000000..79bae62
+selinux(8), uux(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/varnishd_selinux.8 b/man/man8/varnishd_selinux.8
new file mode 100644
-index 0000000..e08c2eb
+index 0000000..97d1ed5
--- /dev/null
+++ b/man/man8/varnishd_selinux.8
-@@ -0,0 +1,152 @@
+@@ -0,0 +1,158 @@
+.TH "varnishd_selinux" "8" "varnishd" "dwalsh at redhat.com" "varnishd SELinux Policy documentation"
+.SH "NAME"
+varnishd_selinux \- Security Enhanced Linux Policy for the varnishd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the varnishd processes via flexible mandatory access
++
++SELinux Linux secures
++.B varnishd
++(Varnishd http accelerator daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. varnishd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run varnishd with the tightest access possible.
+
@@ -48431,7 +51210,7 @@ index 0000000..e08c2eb
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -48475,7 +51254,7 @@ index 0000000..e08c2eb
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -48486,7 +51265,7 @@ index 0000000..e08c2eb
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -48507,7 +51286,7 @@ index 0000000..e08c2eb
\ No newline at end of file
diff --git a/man/man8/varnishlog_selinux.8 b/man/man8/varnishlog_selinux.8
new file mode 100644
-index 0000000..2261e47
+index 0000000..a761366
--- /dev/null
+++ b/man/man8/varnishlog_selinux.8
@@ -0,0 +1,107 @@
@@ -48516,8 +51295,8 @@ index 0000000..2261e47
+varnishlog_selinux \- Security Enhanced Linux Policy for the varnishlog processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the varnishlog processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -48575,7 +51354,7 @@ index 0000000..2261e47
+/var/run/varnishncsa\.pid, /var/run/varnishlog\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -48596,7 +51375,7 @@ index 0000000..2261e47
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -48607,7 +51386,7 @@ index 0000000..2261e47
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -48620,18 +51399,24 @@ index 0000000..2261e47
+selinux(8), varnishlog(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/vbetool_selinux.8 b/man/man8/vbetool_selinux.8
new file mode 100644
-index 0000000..0368c3a
+index 0000000..690e094
--- /dev/null
+++ b/man/man8/vbetool_selinux.8
-@@ -0,0 +1,86 @@
+@@ -0,0 +1,92 @@
+.TH "vbetool_selinux" "8" "vbetool" "dwalsh at redhat.com" "vbetool SELinux Policy documentation"
+.SH "NAME"
+vbetool_selinux \- Security Enhanced Linux Policy for the vbetool processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the vbetool processes via flexible mandatory access
++
++SELinux Linux secures
++.B vbetool
++(run real-mode video BIOS code to alter hardware state)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. vbetool policy is extremely flexible and has several booleans that allow you to manipulate the policy and run vbetool with the tightest access possible.
+
@@ -48663,7 +51448,7 @@ index 0000000..0368c3a
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -48684,7 +51469,7 @@ index 0000000..0368c3a
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -48695,7 +51480,7 @@ index 0000000..0368c3a
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -48713,18 +51498,24 @@ index 0000000..0368c3a
\ No newline at end of file
diff --git a/man/man8/vdagent_selinux.8 b/man/man8/vdagent_selinux.8
new file mode 100644
-index 0000000..781cca8
+index 0000000..ef8444d
--- /dev/null
+++ b/man/man8/vdagent_selinux.8
-@@ -0,0 +1,95 @@
+@@ -0,0 +1,101 @@
+.TH "vdagent_selinux" "8" "vdagent" "dwalsh at redhat.com" "vdagent SELinux Policy documentation"
+.SH "NAME"
+vdagent_selinux \- Security Enhanced Linux Policy for the vdagent processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the vdagent processes via flexible mandatory access
++
++SELinux Linux secures
++.B vdagent
++(policy for vdagent)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -48769,7 +51560,7 @@ index 0000000..781cca8
+/var/run/spice-vdagentd.\pid, /var/run/spice-vdagentd(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -48790,7 +51581,7 @@ index 0000000..781cca8
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -48801,7 +51592,7 @@ index 0000000..781cca8
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -48814,18 +51605,24 @@ index 0000000..781cca8
+selinux(8), vdagent(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/vhostmd_selinux.8 b/man/man8/vhostmd_selinux.8
new file mode 100644
-index 0000000..1135d0c
+index 0000000..1800dc6
--- /dev/null
+++ b/man/man8/vhostmd_selinux.8
-@@ -0,0 +1,95 @@
+@@ -0,0 +1,101 @@
+.TH "vhostmd_selinux" "8" "vhostmd" "dwalsh at redhat.com" "vhostmd SELinux Policy documentation"
+.SH "NAME"
+vhostmd_selinux \- Security Enhanced Linux Policy for the vhostmd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the vhostmd processes via flexible mandatory access
++
++SELinux Linux secures
++.B vhostmd
++(Virtual host metrics daemon)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -48870,7 +51667,7 @@ index 0000000..1135d0c
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -48891,7 +51688,7 @@ index 0000000..1135d0c
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -48902,7 +51699,7 @@ index 0000000..1135d0c
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -48915,7 +51712,7 @@ index 0000000..1135d0c
+selinux(8), vhostmd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/virsh_selinux.8 b/man/man8/virsh_selinux.8
new file mode 100644
-index 0000000..0632fd2
+index 0000000..97dc9a2
--- /dev/null
+++ b/man/man8/virsh_selinux.8
@@ -0,0 +1,71 @@
@@ -48924,8 +51721,8 @@ index 0000000..0632fd2
+virsh_selinux \- Security Enhanced Linux Policy for the virsh processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the virsh processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -48947,7 +51744,7 @@ index 0000000..0632fd2
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -48968,7 +51765,7 @@ index 0000000..0632fd2
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -48979,7 +51776,7 @@ index 0000000..0632fd2
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -48992,18 +51789,24 @@ index 0000000..0632fd2
+selinux(8), virsh(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/virt_selinux.8 b/man/man8/virt_selinux.8
new file mode 100644
-index 0000000..928026d
+index 0000000..2c3568f
--- /dev/null
+++ b/man/man8/virt_selinux.8
-@@ -0,0 +1,343 @@
+@@ -0,0 +1,349 @@
+.TH "virt_selinux" "8" "virt" "dwalsh at redhat.com" "virt SELinux Policy documentation"
+.SH "NAME"
+virt_selinux \- Security Enhanced Linux Policy for the virt processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the virt processes via flexible mandatory access
++
++SELinux Linux secures
++.B virt
++(Libvirt virtualization API)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. virt policy is extremely flexible and has several booleans that allow you to manipulate the policy and run virt with the tightest access possible.
+
@@ -49255,7 +52058,7 @@ index 0000000..928026d
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -49310,7 +52113,7 @@ index 0000000..928026d
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -49321,7 +52124,7 @@ index 0000000..928026d
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -49342,7 +52145,7 @@ index 0000000..928026d
\ No newline at end of file
diff --git a/man/man8/virtd_selinux.8 b/man/man8/virtd_selinux.8
new file mode 100644
-index 0000000..dde8a43
+index 0000000..a68ee81
--- /dev/null
+++ b/man/man8/virtd_selinux.8
@@ -0,0 +1,215 @@
@@ -49351,8 +52154,8 @@ index 0000000..dde8a43
+virtd_selinux \- Security Enhanced Linux Policy for the virtd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the virtd processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. virtd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run virtd with the tightest access possible.
@@ -49477,7 +52280,7 @@ index 0000000..dde8a43
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -49532,7 +52335,7 @@ index 0000000..dde8a43
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -49543,7 +52346,7 @@ index 0000000..dde8a43
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -49564,18 +52367,24 @@ index 0000000..dde8a43
\ No newline at end of file
diff --git a/man/man8/vlock_selinux.8 b/man/man8/vlock_selinux.8
new file mode 100644
-index 0000000..150979d
+index 0000000..c8e2a9e
--- /dev/null
+++ b/man/man8/vlock_selinux.8
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,77 @@
+.TH "vlock_selinux" "8" "vlock" "dwalsh at redhat.com" "vlock SELinux Policy documentation"
+.SH "NAME"
+vlock_selinux \- Security Enhanced Linux Policy for the vlock processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the vlock processes via flexible mandatory access
++
++SELinux Linux secures
++.B vlock
++(Lock one or more sessions on the Linux console)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -49596,7 +52405,7 @@ index 0000000..150979d
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -49617,7 +52426,7 @@ index 0000000..150979d
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -49628,7 +52437,7 @@ index 0000000..150979d
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -49641,18 +52450,24 @@ index 0000000..150979d
+selinux(8), vlock(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/vmware_selinux.8 b/man/man8/vmware_selinux.8
new file mode 100644
-index 0000000..d97fc1d
+index 0000000..6ad4bcb
--- /dev/null
+++ b/man/man8/vmware_selinux.8
-@@ -0,0 +1,167 @@
+@@ -0,0 +1,173 @@
+.TH "vmware_selinux" "8" "vmware" "dwalsh at redhat.com" "vmware SELinux Policy documentation"
+.SH "NAME"
+vmware_selinux \- Security Enhanced Linux Policy for the vmware processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the vmware processes via flexible mandatory access
++
++SELinux Linux secures
++.B vmware
++(VMWare Workstation virtual machines)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -49702,7 +52517,7 @@ index 0000000..d97fc1d
+.br
+.TP 5
+Paths:
-+/usr/bin/vmware-smbpasswd\.bin, /usr/bin/vmware-smbd, /usr/lib/vmware-tools/sbin64/vmware.*, /usr/bin/vmnet-dhcpd, /usr/bin/vmnet-bridge, /usr/bin/vmware-nmbd, /usr/bin/vmnet-netifup, /usr/sbin/vmware-guest.*, /usr/bin/vmnet-natd, /usr/bin/vmware-vmx, /usr/bin/vmware-network, /usr/bin/vmnet-sniffer, /usr/bin/vmware-smbpasswd, /usr/lib/vmware-tools/sbin32/vmware.*, /usr/lib/vmware/bin/vmware-vmx
++/usr/bin/vmware-smbpasswd\.bin, /usr/bin/vmware-smbd, /usr/lib/vmware-tools/sbin64/vmware.*, /usr/bin/vmnet-dhcpd, /usr/bin/vmnet-bridge, /usr/bin/vmware-nmbd, /usr/bin/vmnet-netifup, /usr/sbin/vmware-guest.*, /usr/lib/vmware/bin/vmware-vmx, /usr/bin/vmnet-natd, /usr/bin/vmware-vmx, /usr/bin/vmware-network, /usr/bin/vmnet-sniffer, /usr/bin/vmware-smbpasswd, /usr/lib/vmware-tools/sbin32/vmware.*
+
+.EX
+.PP
@@ -49769,7 +52584,7 @@ index 0000000..d97fc1d
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -49790,7 +52605,7 @@ index 0000000..d97fc1d
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -49801,7 +52616,7 @@ index 0000000..d97fc1d
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -49814,7 +52629,7 @@ index 0000000..d97fc1d
+selinux(8), vmware(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/vnstat_selinux.8 b/man/man8/vnstat_selinux.8
new file mode 100644
-index 0000000..f86fdd5
+index 0000000..254d3d4
--- /dev/null
+++ b/man/man8/vnstat_selinux.8
@@ -0,0 +1,95 @@
@@ -49823,8 +52638,8 @@ index 0000000..f86fdd5
+vnstat_selinux \- Security Enhanced Linux Policy for the vnstat processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the vnstat processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -49870,7 +52685,7 @@ index 0000000..f86fdd5
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -49891,7 +52706,302 @@ index 0000000..f86fdd5
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was autogenerated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), vnstat(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/vnstatd_selinux.8 b/man/man8/vnstatd_selinux.8
+new file mode 100644
+index 0000000..9ce8f0c
+--- /dev/null
++++ b/man/man8/vnstatd_selinux.8
+@@ -0,0 +1,93 @@
++.TH "vnstatd_selinux" "8" "vnstatd" "dwalsh at redhat.com" "vnstatd SELinux Policy documentation"
++.SH "NAME"
++vnstatd_selinux \- Security Enhanced Linux Policy for the vnstatd processes
++.SH "DESCRIPTION"
++
++
++SELinux Linux secures
++.B vnstatd
++(Console network traffic monitor)
++processes via flexible mandatory access
++control.
++
++
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux vnstatd policy is very flexible allowing users to setup their vnstatd processes in as secure a method as possible.
++.PP
++The following file types are defined for vnstatd:
++
++
++.EX
++.PP
++.B vnstatd_exec_t
++.EE
++
++- Set files with the vnstatd_exec_t type, if you want to transition an executable to the vnstatd_t domain.
++
++
++.EX
++.PP
++.B vnstatd_var_lib_t
++.EE
++
++- Set files with the vnstatd_var_lib_t type, if you want to store the vnstatd files under the /var/lib directory.
++
++
++.EX
++.PP
++.B vnstatd_var_run_t
++.EE
++
++- Set files with the vnstatd_var_run_t type, if you want to store the vnstatd files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux vnstatd policy is very flexible allowing users to setup their vnstatd processes in as secure a method as possible.
++.PP
++The following process types are defined for vnstatd:
++
++.EX
++.B vnstat_t, vnstatd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was autogenerated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), vnstatd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/vpnc_selinux.8 b/man/man8/vpnc_selinux.8
+new file mode 100644
+index 0000000..41a5246
+--- /dev/null
++++ b/man/man8/vpnc_selinux.8
+@@ -0,0 +1,91 @@
++.TH "vpnc_selinux" "8" "vpnc" "dwalsh at redhat.com" "vpnc SELinux Policy documentation"
++.SH "NAME"
++vpnc_selinux \- Security Enhanced Linux Policy for the vpnc processes
++.SH "DESCRIPTION"
++
++
++
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux vpnc policy is very flexible allowing users to setup their vpnc processes in as secure a method as possible.
++.PP
++The following file types are defined for vpnc:
++
++
++.EX
++.PP
++.B vpnc_exec_t
++.EE
++
++- Set files with the vpnc_exec_t type, if you want to transition an executable to the vpnc_t domain.
++
++.br
++.TP 5
++Paths:
++/usr/sbin/vpnc, /usr/bin/openconnect, /sbin/vpnc
++
++.EX
++.PP
++.B vpnc_tmp_t
++.EE
++
++- Set files with the vpnc_tmp_t type, if you want to store vpnc temporary files in the /tmp directories.
++
++
++.EX
++.PP
++.B vpnc_var_run_t
++.EE
++
++- Set files with the vpnc_var_run_t type, if you want to store the vpnc files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux vpnc policy is very flexible allowing users to setup their vpnc processes in as secure a method as possible.
++.PP
++The following process types are defined for vpnc:
++
++.EX
++.B vpnc_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was autogenerated by genman.py.
++
++.SH "SEE ALSO"
++selinux(8), vpnc(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/wdmd_selinux.8 b/man/man8/wdmd_selinux.8
+new file mode 100644
+index 0000000..a060bdb
+--- /dev/null
++++ b/man/man8/wdmd_selinux.8
+@@ -0,0 +1,93 @@
++.TH "wdmd_selinux" "8" "wdmd" "dwalsh at redhat.com" "wdmd SELinux Policy documentation"
++.SH "NAME"
++wdmd_selinux \- Security Enhanced Linux Policy for the wdmd processes
++.SH "DESCRIPTION"
++
++
++SELinux Linux secures
++.B wdmd
++(policy for wdmd)
++processes via flexible mandatory access
++control.
++
++
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux wdmd policy is very flexible allowing users to setup their wdmd processes in as secure a method as possible.
++.PP
++The following file types are defined for wdmd:
++
++
++.EX
++.PP
++.B wdmd_exec_t
++.EE
++
++- Set files with the wdmd_exec_t type, if you want to transition an executable to the wdmd_t domain.
++
++
++.EX
++.PP
++.B wdmd_initrc_exec_t
++.EE
++
++- Set files with the wdmd_initrc_exec_t type, if you want to transition an executable to the wdmd_initrc_t domain.
++
++
++.EX
++.PP
++.B wdmd_var_run_t
++.EE
++
++- Set files with the wdmd_var_run_t type, if you want to store the wdmd files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux wdmd policy is very flexible allowing users to setup their wdmd processes in as secure a method as possible.
++.PP
++The following process types are defined for wdmd:
++
++.EX
++.B wdmd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -49902,7 +53012,7 @@ index 0000000..f86fdd5
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -49912,304 +53022,98 @@ index 0000000..f86fdd5
+This manual page was autogenerated by genman.py.
+
+.SH "SEE ALSO"
-+selinux(8), vnstat(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/vnstatd_selinux.8 b/man/man8/vnstatd_selinux.8
++selinux(8), wdmd(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/webadm_selinux.8 b/man/man8/webadm_selinux.8
new file mode 100644
-index 0000000..5c73277
+index 0000000..072a0c0
--- /dev/null
-+++ b/man/man8/vnstatd_selinux.8
-@@ -0,0 +1,87 @@
-+.TH "vnstatd_selinux" "8" "vnstatd" "dwalsh at redhat.com" "vnstatd SELinux Policy documentation"
++++ b/man/man8/webadm_selinux.8
+@@ -0,0 +1,65 @@
++.TH "webadm_selinux" "8" "webadm" "mgrepl at redhat.com" "webadm SELinux Policy documentation"
+.SH "NAME"
-+vnstatd_selinux \- Security Enhanced Linux Policy for the vnstatd processes
-+.SH "DESCRIPTION"
-+
-+Security-Enhanced Linux secures the vnstatd processes via flexible mandatory access
-+control.
-+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux vnstatd policy is very flexible allowing users to setup their vnstatd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for vnstatd:
-+
-+
-+.EX
-+.PP
-+.B vnstatd_exec_t
-+.EE
-+
-+- Set files with the vnstatd_exec_t type, if you want to transition an executable to the vnstatd_t domain.
-+
-+
-+.EX
-+.PP
-+.B vnstatd_var_lib_t
-+.EE
-+
-+- Set files with the vnstatd_var_lib_t type, if you want to store the vnstatd files under the /var/lib directory.
-+
-+
-+.EX
-+.PP
-+.B vnstatd_var_run_t
-+.EE
-+
-+- Set files with the vnstatd_var_run_t type, if you want to store the vnstatd files under the /run directory.
-+
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
-+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux vnstatd policy is very flexible allowing users to setup their vnstatd processes in as secure a method as possible.
-+.PP
-+The following process types are defined for vnstatd:
-+
-+.EX
-+.B vnstat_t, vnstatd_t
-+.EE
-+.PP
-+Note:
-+.B semanage permississive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++webadm_r \- \fBWeb administrator role\fP - Security Enhanced Linux Policy
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++.SH DESCRIPTION
+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
++SELinux supports Roles Based Access Control, some Linux roles are login roles, while other roles need to be transition to.
+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++Note: The examples in the man page will user the staff_u user.
+
-+.SH "SEE ALSO"
-+selinux(8), vnstatd(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/vpnc_selinux.8 b/man/man8/vpnc_selinux.8
-new file mode 100644
-index 0000000..85189b1
---- /dev/null
-+++ b/man/man8/vpnc_selinux.8
-@@ -0,0 +1,91 @@
-+.TH "vpnc_selinux" "8" "vpnc" "dwalsh at redhat.com" "vpnc SELinux Policy documentation"
-+.SH "NAME"
-+vpnc_selinux \- Security Enhanced Linux Policy for the vpnc processes
-+.SH "DESCRIPTION"
++Non login roles are usually used for administrative tasks.
+
-+Security-Enhanced Linux secures the vpnc processes via flexible mandatory access
-+control.
++Roles usually have default types assigned to them.
+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux vpnc policy is very flexible allowing users to setup their vpnc processes in as secure a method as possible.
-+.PP
-+The following file types are defined for vpnc:
++The default type for the webadm_r role is webadm_t.
+
++You can use the
++.B newrole
++program to transition directly to this role.
+
-+.EX
-+.PP
-+.B vpnc_exec_t
-+.EE
++.B newrole -r webadm_r -t webadm_t
+
-+- Set files with the vpnc_exec_t type, if you want to transition an executable to the vpnc_t domain.
++.B sudo
++can also be setup to transition to this role using the visudo command.
+
++USERNAME ALL=(ALL) ROLE=webadm_r TYPE=webadm_t COMMAND
+.br
-+.TP 5
-+Paths:
-+/usr/sbin/vpnc, /usr/bin/openconnect, /sbin/vpnc
-+
-+.EX
-+.PP
-+.B vpnc_tmp_t
-+.EE
-+
-+- Set files with the vpnc_tmp_t type, if you want to store vpnc temporary files in the /tmp directories.
-+
-+
-+.EX
-+.PP
-+.B vpnc_var_run_t
-+.EE
-+
-+- Set files with the vpnc_var_run_t type, if you want to store the vpnc files under the /run directory.
-+
-+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
-+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux vpnc policy is very flexible allowing users to setup their vpnc processes in as secure a method as possible.
-+.PP
-+The following process types are defined for vpnc:
-+
-+.EX
-+.B vpnc_t
-+.EE
-+.PP
-+Note:
-+.B semanage permississive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
-+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
-+
-+.PP
-+.B system-config-selinux
-+is a GUI tool available to customize SELinux policy settings.
-+
-+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
-+
-+.SH "SEE ALSO"
-+selinux(8), vpnc(8), semanage(8), restorecon(8), chcon(1)
-diff --git a/man/man8/wdmd_selinux.8 b/man/man8/wdmd_selinux.8
-new file mode 100644
-index 0000000..dda16c6
---- /dev/null
-+++ b/man/man8/wdmd_selinux.8
-@@ -0,0 +1,87 @@
-+.TH "wdmd_selinux" "8" "wdmd" "dwalsh at redhat.com" "wdmd SELinux Policy documentation"
-+.SH "NAME"
-+wdmd_selinux \- Security Enhanced Linux Policy for the wdmd processes
-+.SH "DESCRIPTION"
-+
-+Security-Enhanced Linux secures the wdmd processes via flexible mandatory access
-+control.
-+
-+.SH FILE CONTEXTS
-+SELinux requires files to have an extended attribute to define the file type.
-+.PP
-+You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
-+.PP
-+Policy governs the access confined processes have to these files.
-+SELinux wdmd policy is very flexible allowing users to setup their wdmd processes in as secure a method as possible.
-+.PP
-+The following file types are defined for wdmd:
++sudo will run COMMAND as staff_u:webadm_r:webadm_t:LEVEL
+
++If you want to use a non login role, you need to make sure the SELinux user you are using can reach this role.
+
-+.EX
-+.PP
-+.B wdmd_exec_t
-+.EE
++You can see all of the assigned SELinux roles using the following
+
-+- Set files with the wdmd_exec_t type, if you want to transition an executable to the wdmd_t domain.
++.B semanage user -l
+
++If you wanted to add webadm_r to the staff_u user, you would execute:
+
-+.EX
-+.PP
-+.B wdmd_initrc_exec_t
-+.EE
++.B $ semanage user -m -R 'staff_r webadm_r' staff_u
+
-+- Set files with the wdmd_initrc_exec_t type, if you want to transition an executable to the wdmd_initrc_t domain.
+
+
-+.EX
-+.PP
-+.B wdmd_var_run_t
-+.EE
++SELinux policy also controls which roles can transition to a different role.
++You can list these rules using the following command.
+
-+- Set files with the wdmd_var_run_t type, if you want to store the wdmd files under the /run directory.
++.B sesearch --role_allow
+
++SELinux policy allows the staff_r role can transition to the webadm_r role.
+
-+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
-+.B semanage fcontext
-+command. This will modify the SELinux labeling database. You will need to use
-+.B restorecon
-+to apply the labels.
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux wdmd policy is very flexible allowing users to setup their wdmd processes in as secure a method as possible.
-+.PP
-+The following process types are defined for wdmd:
++.SH "COMMANDS"
+
-+.EX
-+.B wdmd_t
-+.EE
-+.PP
-+Note:
-+.B semanage permississive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++.B semanage login
++can also be used to manipulate the Linux User to SELinux User mappings
+
-+.SH "COMMANDS"
-+.B semanage fcontext
-+can also be used to manipulate default file context mappings.
-+.PP
-+.B semanage permissive
-+can also be used to manipulate whether or not a process type is permissive.
-+.PP
-+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++.B semanage user
++can also be used to manipulate SELinux user definitions.
+
-+.PP
+.B system-config-selinux
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was autogenerated by genman.py.
++This manual page was autogenerated by genuserman.py.
+
+.SH "SEE ALSO"
-+selinux(8), wdmd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), semanage(8).
diff --git a/man/man8/webalizer_selinux.8 b/man/man8/webalizer_selinux.8
new file mode 100644
-index 0000000..37587bf
+index 0000000..ba0eb02
--- /dev/null
+++ b/man/man8/webalizer_selinux.8
-@@ -0,0 +1,111 @@
+@@ -0,0 +1,117 @@
+.TH "webalizer_selinux" "8" "webalizer" "dwalsh at redhat.com" "webalizer SELinux Policy documentation"
+.SH "NAME"
+webalizer_selinux \- Security Enhanced Linux Policy for the webalizer processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the webalizer processes via flexible mandatory access
++
++SELinux Linux secures
++.B webalizer
++(Web server log analysis)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -50270,7 +53174,7 @@ index 0000000..37587bf
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -50291,7 +53195,7 @@ index 0000000..37587bf
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -50302,7 +53206,7 @@ index 0000000..37587bf
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -50315,7 +53219,7 @@ index 0000000..37587bf
+selinux(8), webalizer(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/winbind_selinux.8 b/man/man8/winbind_selinux.8
new file mode 100644
-index 0000000..f7baef6
+index 0000000..df63d07
--- /dev/null
+++ b/man/man8/winbind_selinux.8
@@ -0,0 +1,114 @@
@@ -50324,8 +53228,8 @@ index 0000000..f7baef6
+winbind_selinux \- Security Enhanced Linux Policy for the winbind processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the winbind processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. winbind policy is extremely flexible and has several booleans that allow you to manipulate the policy and run winbind with the tightest access possible.
@@ -50386,7 +53290,7 @@ index 0000000..f7baef6
+/var/cache/samba/winbindd_privileged(/.*)?, /var/lib/samba/winbindd_privileged(/.*)?, /var/run/winbindd(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -50407,7 +53311,7 @@ index 0000000..f7baef6
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -50418,7 +53322,7 @@ index 0000000..f7baef6
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -50436,18 +53340,24 @@ index 0000000..f7baef6
\ No newline at end of file
diff --git a/man/man8/wine_selinux.8 b/man/man8/wine_selinux.8
new file mode 100644
-index 0000000..5b527b6
+index 0000000..c2107f1
--- /dev/null
+++ b/man/man8/wine_selinux.8
-@@ -0,0 +1,98 @@
+@@ -0,0 +1,104 @@
+.TH "wine_selinux" "8" "wine" "dwalsh at redhat.com" "wine SELinux Policy documentation"
+.SH "NAME"
+wine_selinux \- Security Enhanced Linux Policy for the wine processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the wine processes via flexible mandatory access
++
++SELinux Linux secures
++.B wine
++(Wine Is Not an Emulator. Run Windows programs in Linux)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. wine policy is extremely flexible and has several booleans that allow you to manipulate the policy and run wine with the tightest access possible.
+
@@ -50491,7 +53401,7 @@ index 0000000..5b527b6
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -50512,7 +53422,7 @@ index 0000000..5b527b6
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -50523,7 +53433,7 @@ index 0000000..5b527b6
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -50541,18 +53451,24 @@ index 0000000..5b527b6
\ No newline at end of file
diff --git a/man/man8/wireshark_selinux.8 b/man/man8/wireshark_selinux.8
new file mode 100644
-index 0000000..b5c8899
+index 0000000..4536946
--- /dev/null
+++ b/man/man8/wireshark_selinux.8
-@@ -0,0 +1,95 @@
+@@ -0,0 +1,101 @@
+.TH "wireshark_selinux" "8" "wireshark" "dwalsh at redhat.com" "wireshark SELinux Policy documentation"
+.SH "NAME"
+wireshark_selinux \- Security Enhanced Linux Policy for the wireshark processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the wireshark processes via flexible mandatory access
++
++SELinux Linux secures
++.B wireshark
++(Wireshark packet capture tool)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -50597,7 +53513,7 @@ index 0000000..b5c8899
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -50618,7 +53534,7 @@ index 0000000..b5c8899
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -50629,7 +53545,7 @@ index 0000000..b5c8899
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -50642,7 +53558,7 @@ index 0000000..b5c8899
+selinux(8), wireshark(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/wpa_selinux.8 b/man/man8/wpa_selinux.8
new file mode 100644
-index 0000000..cf33cbd
+index 0000000..e8a5a9f
--- /dev/null
+++ b/man/man8/wpa_selinux.8
@@ -0,0 +1,75 @@
@@ -50651,8 +53567,8 @@ index 0000000..cf33cbd
+wpa_selinux \- Security Enhanced Linux Policy for the wpa processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the wpa processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -50678,7 +53594,7 @@ index 0000000..cf33cbd
+/usr/sbin/wpa_cli, /sbin/wpa_cli
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -50699,7 +53615,7 @@ index 0000000..cf33cbd
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -50710,7 +53626,7 @@ index 0000000..cf33cbd
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -50723,7 +53639,7 @@ index 0000000..cf33cbd
+selinux(8), wpa(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/xauth_selinux.8 b/man/man8/xauth_selinux.8
new file mode 100644
-index 0000000..ad0528e
+index 0000000..85c91f3
--- /dev/null
+++ b/man/man8/xauth_selinux.8
@@ -0,0 +1,95 @@
@@ -50732,8 +53648,8 @@ index 0000000..ad0528e
+xauth_selinux \- Security Enhanced Linux Policy for the xauth processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the xauth processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -50779,7 +53695,7 @@ index 0000000..ad0528e
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -50800,7 +53716,7 @@ index 0000000..ad0528e
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -50811,7 +53727,7 @@ index 0000000..ad0528e
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -50824,7 +53740,7 @@ index 0000000..ad0528e
+selinux(8), xauth(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/xdm_selinux.8 b/man/man8/xdm_selinux.8
new file mode 100644
-index 0000000..f6908ec
+index 0000000..e377b25
--- /dev/null
+++ b/man/man8/xdm_selinux.8
@@ -0,0 +1,223 @@
@@ -50833,8 +53749,8 @@ index 0000000..f6908ec
+xdm_selinux \- Security Enhanced Linux Policy for the xdm processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the xdm processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. xdm policy is extremely flexible and has several booleans that allow you to manipulate the policy and run xdm with the tightest access possible.
@@ -50978,7 +53894,7 @@ index 0000000..f6908ec
+/var/run/kdm(/.*)?, /var/run/slim.*, /var/run/lxdm(/.*)?, /var/run/gdm(/.*)?, /usr/lib/qt-.*/etc/settings(/.*)?, /var/run/lxdm\.auth, /var/run/xauth(/.*)?, /var/run/xdmctl(/.*)?, /var/run/[gx]dm\.pid, /var/run/slim(/.*)?, /var/run/gdm_socket, /etc/kde3?/kdm/backgroundrc, /var/run/lxdm\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -51022,7 +53938,7 @@ index 0000000..f6908ec
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -51033,7 +53949,7 @@ index 0000000..f6908ec
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -51054,7 +53970,7 @@ index 0000000..f6908ec
\ No newline at end of file
diff --git a/man/man8/xenconsoled_selinux.8 b/man/man8/xenconsoled_selinux.8
new file mode 100644
-index 0000000..9087cd1
+index 0000000..94ba970
--- /dev/null
+++ b/man/man8/xenconsoled_selinux.8
@@ -0,0 +1,79 @@
@@ -51063,8 +53979,8 @@ index 0000000..9087cd1
+xenconsoled_selinux \- Security Enhanced Linux Policy for the xenconsoled processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the xenconsoled processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -51094,7 +54010,7 @@ index 0000000..9087cd1
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -51115,7 +54031,7 @@ index 0000000..9087cd1
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -51126,7 +54042,7 @@ index 0000000..9087cd1
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -51139,7 +54055,7 @@ index 0000000..9087cd1
+selinux(8), xenconsoled(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/xend_selinux.8 b/man/man8/xend_selinux.8
new file mode 100644
-index 0000000..ab26c78
+index 0000000..ae40ecf
--- /dev/null
+++ b/man/man8/xend_selinux.8
@@ -0,0 +1,170 @@
@@ -51148,8 +54064,8 @@ index 0000000..ab26c78
+xend_selinux \- Security Enhanced Linux Policy for the xend processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the xend processes via flexible mandatory access
-+control.
++
++
+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. xend policy is extremely flexible and has several booleans that allow you to manipulate the policy and run xend with the tightest access possible.
@@ -51240,7 +54156,7 @@ index 0000000..ab26c78
+/var/run/xenner(/.*)?, /var/run/xend(/.*)?, /var/run/xend\.pid
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -51284,7 +54200,7 @@ index 0000000..ab26c78
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -51295,7 +54211,7 @@ index 0000000..ab26c78
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -51316,7 +54232,7 @@ index 0000000..ab26c78
\ No newline at end of file
diff --git a/man/man8/xenstored_selinux.8 b/man/man8/xenstored_selinux.8
new file mode 100644
-index 0000000..8df9230
+index 0000000..0cf576a
--- /dev/null
+++ b/man/man8/xenstored_selinux.8
@@ -0,0 +1,107 @@
@@ -51325,8 +54241,8 @@ index 0000000..8df9230
+xenstored_selinux \- Security Enhanced Linux Policy for the xenstored processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the xenstored processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -51384,7 +54300,7 @@ index 0000000..8df9230
+/var/run/xenstore\.pid, /var/run/xenstored(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -51405,7 +54321,7 @@ index 0000000..8df9230
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -51416,7 +54332,7 @@ index 0000000..8df9230
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -51427,20 +54343,263 @@ index 0000000..8df9230
+
+.SH "SEE ALSO"
+selinux(8), xenstored(8), semanage(8), restorecon(8), chcon(1)
+diff --git a/man/man8/xguest_selinux.8 b/man/man8/xguest_selinux.8
+new file mode 100644
+index 0000000..2478817
+--- /dev/null
++++ b/man/man8/xguest_selinux.8
+@@ -0,0 +1,231 @@
++.TH "xguest_selinux" "8" "xguest" "mgrepl at redhat.com" "xguest SELinux Policy documentation"
++.SH "NAME"
++xguest_u \- \fBLeast privledge xwindows user role\fP - Security Enhanced Linux Policy
++
++.SH DESCRIPTION
++
++\fBxguest_u\fP is an SELinux User defined in the SELinux
++policy. SELinux users have default roles, \fBxguest_r\fP. The
++default role has a default type, \fBxguest_t\fP, associated with it.
++
++The SELinux user will usually login to a system with a context that looks like:
++
++.B xguest_u:xguest_r:xguest_u:s0-s0:c0.c1023
++
++Linux users are automatically assigned an SELinux users at login.
++Login programs use the SELinux User to assign initial context to the user's shell.
++
++SELinux policy uses the context to control the user's access.
++
++By default all users are assigned to the SELinux user via the \fB__default__\fP flag
++
++On Targeted policy systems the \fB__default__\fP user is assigned to the \fBunconfined_u\fP SELinux user.
++
++You can list all Linux User to SELinux user mapping using:
++
++.B semanage login -l
++
++If you wanted to change the default user mapping to use the xguest_u user, you would execute:
++
++.B semanage login -m -s xguest_u __default__
++
++
++If you want to map the one Linux user (joe) to the SELinux user xguest, you would execute:
++
++.B $ semanage login -a -s xguest_u joe
++
++
++.SH USER DESCRIPTION
++
++The SELinux user xguest_u is defined in policy as a unprivileged user. SELinux prevents unprivileged users from doing administration tasks without transitioning to a different role.
++
++.SH SUDO
++
++The SELinux type xguest_t is not allowed to execute sudo.
++
++.SH X WINDOWS LOGIN
++
++The SELinux user xguest_u is able to X Windows login.
++
++.SH TERMINAL LOGIN
++
++The SELinux user xguest_u is able to terminal login.
++
++.SH NETWORK
++
++.TP
++The SELinux user xguest_u is able to connect to the following tcp ports.
++
++.B dns_port_t: 53
++
++.B ipp_port_t: 631,8610-8614
++
++.B transproxy_port_t: 8081
++
++.B ocsp_port_t: 9080
++
++.B kerberos_port_t: 88,750,4444
++
++.B all ports with out defined types
++
++.B ftp_port_t: 21,990
++
++.B speech_port_t: 8036
++
++.B squid_port_t: 3128,3401,4827
++
++.B http_cache_port_t: 8080,8118,8123,10001-10010
++
++.B http_port_t: 80,443,488,8008,8009,8443
++
++.B flash_port_t: 843,1935
++
++.B pulseaudio_port_t: 4713
++
++.B soundd_port_t: 8000,9433,16001
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. xguest_t policy is extremely flexible and has several booleans that allow you to manipulate the policy and run xguest_t with the tightest access possible.
++
++
++.PP
++If you want to allow xguest users to configure Network Manager and connect to apache ports, you must turn on the xguest_connect_network boolean.
++
++.EX
++.B setsebool -P xguest_connect_network 1
++.EE
++
++.PP
++If you want to allow users to connect to the local mysql server, you must turn on the allow_user_mysql_connect boolean.
++
++.EX
++.B setsebool -P allow_user_mysql_connect 1
++.EE
++
++.PP
++If you want to control users use of ping and traceroute, you must turn on the user_ping boolean.
++
++.EX
++.B setsebool -P user_ping 1
++.EE
++
++.PP
++If you want to allow w to display everyone, you must turn on the user_ttyfile_stat boolean.
++
++.EX
++.B setsebool -P user_ttyfile_stat 1
++.EE
++
++.PP
++If you want to allow user music sharing, you must turn on the user_share_music boolean.
++
++.EX
++.B setsebool -P user_share_music 1
++.EE
++
++.PP
++If you want to allow regular users direct dri device access, you must turn on the user_direct_dri boolean.
++
++.EX
++.B setsebool -P user_direct_dri 1
++.EE
++
++.PP
++If you want to allow xguest users to use blue tooth devices, you must turn on the xguest_use_bluetooth boolean.
++
++.EX
++.B setsebool -P xguest_use_bluetooth 1
++.EE
++
++.PP
++If you want to allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY), you must turn on the user_rw_noexattrfile boolean.
++
++.EX
++.B setsebool -P user_rw_noexattrfile 1
++.EE
++
++.PP
++If you want to allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols, you must turn on the user_tcp_server boolean.
++
++.EX
++.B setsebool -P user_tcp_server 1
++.EE
++
++.PP
++If you want to allow regular users direct mouse access, you must turn on the user_direct_mouse boolean.
++
++.EX
++.B setsebool -P user_direct_mouse 1
++.EE
++
++.PP
++If you want to allow user processes to change their priority, you must turn on the user_setrlimit boolean.
++
++.EX
++.B setsebool -P user_setrlimit 1
++.EE
++
++.PP
++If you want to allow users to connect to PostgreSQL, you must turn on the allow_user_postgresql_connect boolean.
++
++.EX
++.B setsebool -P allow_user_postgresql_connect 1
++.EE
++
++.PP
++If you want to allow xguest users to mount removable media, you must turn on the xguest_mount_media boolean.
++
++.EX
++.B setsebool -P xguest_mount_media 1
++.EE
++
++.PP
++If you want to allow users to read system messages, you must turn on the user_dmesg boolean.
++
++.EX
++.B setsebool -P user_dmesg 1
++.EE
++
++.SH HOME_EXEC
++
++The SELinux user xguest_u is able execute home content files.
++
++.SH TRANSITIONS
++
++Three things can happen when xguest_t attempts to execute a program.
++
++\fB1.\fP SELinux Policy can deny xguest_t from executing the program.
++
++.TP
++
++\fB2.\fP SELinux Policy can allow xguest_t to execute the program in the current user type.
++
++Execute the following to see the types that the SELinux user xguest_t can execute without transitioning:
++
++.B sesearch -A -s xguest_t -c file -p execute_no_trans
++
++.TP
++
++\fB3.\fP SELinux can allow xguest_t to execute the program and transition to a new type.
++
++Execute the following to see the types that the SELinux user xguest_t can execute and transition:
++
++.B $ sesearch -A -s xguest_t -c process -p transition
++
++
++.SH "COMMANDS"
++
++.B semanage login
++can also be used to manipulate the Linux User to SELinux User mappings
++
++.B semanage user
++can also be used to manipulate SELinux user definitions.
++
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was autogenerated by genuserman.py.
++
++.SH "SEE ALSO"
++selinux(8), semanage(8).
diff --git a/man/man8/xserver_selinux.8 b/man/man8/xserver_selinux.8
new file mode 100644
-index 0000000..c03b62f
+index 0000000..868120f
--- /dev/null
+++ b/man/man8/xserver_selinux.8
-@@ -0,0 +1,170 @@
+@@ -0,0 +1,176 @@
+.TH "xserver_selinux" "8" "xserver" "dwalsh at redhat.com" "xserver SELinux Policy documentation"
+.SH "NAME"
+xserver_selinux \- Security Enhanced Linux Policy for the xserver processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the xserver processes via flexible mandatory access
++
++SELinux Linux secures
++.B xserver
++(X Windows Server)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. xserver policy is extremely flexible and has several booleans that allow you to manipulate the policy and run xserver with the tightest access possible.
+
@@ -51530,7 +54689,7 @@ index 0000000..c03b62f
+/var/run/xorg(/.*)?, /var/run/video.rom
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -51574,7 +54733,7 @@ index 0000000..c03b62f
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -51585,7 +54744,7 @@ index 0000000..c03b62f
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -51605,7 +54764,7 @@ index 0000000..c03b62f
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/ypbind_selinux.8 b/man/man8/ypbind_selinux.8
-index 5061a5f..ca18929 100644
+index 5061a5f..22c9968 100644
--- a/man/man8/ypbind_selinux.8
+++ b/man/man8/ypbind_selinux.8
@@ -1,19 +1,118 @@
@@ -51618,8 +54777,8 @@ index 5061a5f..ca18929 100644
-Security-Enhanced Linux secures the system via flexible mandatory access
-control. SELinux can be setup deny NIS from working, since it requires daemons to be allowed greater access to the network.
-+Security-Enhanced Linux secures the ypbind processes via flexible mandatory access
-+control.
++
++
+
.SH BOOLEANS
-.TP
@@ -51690,7 +54849,7 @@ index 5061a5f..ca18929 100644
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -51711,7 +54870,7 @@ index 5061a5f..ca18929 100644
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -51722,7 +54881,7 @@ index 5061a5f..ca18929 100644
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage boolean
+can also be used to manipulate the booleans
@@ -51742,7 +54901,7 @@ index 5061a5f..ca18929 100644
\ No newline at end of file
diff --git a/man/man8/yppasswdd_selinux.8 b/man/man8/yppasswdd_selinux.8
new file mode 100644
-index 0000000..d419896
+index 0000000..4b570b3
--- /dev/null
+++ b/man/man8/yppasswdd_selinux.8
@@ -0,0 +1,79 @@
@@ -51751,8 +54910,8 @@ index 0000000..d419896
+yppasswdd_selinux \- Security Enhanced Linux Policy for the yppasswdd processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the yppasswdd processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -51782,7 +54941,7 @@ index 0000000..d419896
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -51803,7 +54962,7 @@ index 0000000..d419896
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -51814,7 +54973,7 @@ index 0000000..d419896
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -51827,7 +54986,7 @@ index 0000000..d419896
+selinux(8), yppasswdd(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ypserv_selinux.8 b/man/man8/ypserv_selinux.8
new file mode 100644
-index 0000000..7302580
+index 0000000..b5da81b
--- /dev/null
+++ b/man/man8/ypserv_selinux.8
@@ -0,0 +1,87 @@
@@ -51836,8 +54995,8 @@ index 0000000..7302580
+ypserv_selinux \- Security Enhanced Linux Policy for the ypserv processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ypserv processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -51875,7 +55034,7 @@ index 0000000..7302580
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -51896,7 +55055,7 @@ index 0000000..7302580
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -51907,7 +55066,7 @@ index 0000000..7302580
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -51920,7 +55079,7 @@ index 0000000..7302580
+selinux(8), ypserv(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/ypxfr_selinux.8 b/man/man8/ypxfr_selinux.8
new file mode 100644
-index 0000000..4e0894b
+index 0000000..3e761eb
--- /dev/null
+++ b/man/man8/ypxfr_selinux.8
@@ -0,0 +1,83 @@
@@ -51929,8 +55088,8 @@ index 0000000..4e0894b
+ypxfr_selinux \- Security Enhanced Linux Policy for the ypxfr processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the ypxfr processes via flexible mandatory access
-+control.
++
++
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -51964,7 +55123,7 @@ index 0000000..4e0894b
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -51985,7 +55144,7 @@ index 0000000..4e0894b
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -51996,7 +55155,7 @@ index 0000000..4e0894b
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -52009,18 +55168,24 @@ index 0000000..4e0894b
+selinux(8), ypxfr(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/zabbix_selinux.8 b/man/man8/zabbix_selinux.8
new file mode 100644
-index 0000000..481a4da
+index 0000000..6f79276
--- /dev/null
+++ b/man/man8/zabbix_selinux.8
-@@ -0,0 +1,194 @@
+@@ -0,0 +1,200 @@
+.TH "zabbix_selinux" "8" "zabbix" "dwalsh at redhat.com" "zabbix SELinux Policy documentation"
+.SH "NAME"
+zabbix_selinux \- Security Enhanced Linux Policy for the zabbix processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the zabbix processes via flexible mandatory access
++
++SELinux Linux secures
++.B zabbix
++(Distributed infrastructure monitoring)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. zabbix policy is extremely flexible and has several booleans that allow you to manipulate the policy and run zabbix with the tightest access possible.
+
@@ -52123,7 +55288,7 @@ index 0000000..481a4da
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -52178,7 +55343,7 @@ index 0000000..481a4da
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -52189,7 +55354,7 @@ index 0000000..481a4da
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -52210,18 +55375,24 @@ index 0000000..481a4da
\ No newline at end of file
diff --git a/man/man8/zarafa_selinux.8 b/man/man8/zarafa_selinux.8
new file mode 100644
-index 0000000..1462f23
+index 0000000..928b3c1
--- /dev/null
+++ b/man/man8/zarafa_selinux.8
-@@ -0,0 +1,313 @@
+@@ -0,0 +1,319 @@
+.TH "zarafa_selinux" "8" "zarafa" "dwalsh at redhat.com" "zarafa SELinux Policy documentation"
+.SH "NAME"
+zarafa_selinux \- Security Enhanced Linux Policy for the zarafa processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the zarafa processes via flexible mandatory access
++
++SELinux Linux secures
++.B zarafa
++(Zarafa collaboration platform)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -52458,7 +55629,7 @@ index 0000000..1462f23
+/var/lib/zarafa-webaccess(/.*)?, /var/lib/zarafa(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -52502,7 +55673,7 @@ index 0000000..1462f23
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -52513,7 +55684,7 @@ index 0000000..1462f23
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -52529,18 +55700,24 @@ index 0000000..1462f23
+selinux(8), zarafa(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/zebra_selinux.8 b/man/man8/zebra_selinux.8
new file mode 100644
-index 0000000..98239dc
+index 0000000..705cdbc
--- /dev/null
+++ b/man/man8/zebra_selinux.8
-@@ -0,0 +1,172 @@
+@@ -0,0 +1,178 @@
+.TH "zebra_selinux" "8" "zebra" "dwalsh at redhat.com" "zebra SELinux Policy documentation"
+.SH "NAME"
+zebra_selinux \- Security Enhanced Linux Policy for the zebra processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the zebra processes via flexible mandatory access
++
++SELinux Linux secures
++.B zebra
++(Zebra border gateway protocol network routing service)
++processes via flexible mandatory access
+control.
+
++
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. zebra policy is extremely flexible and has several booleans that allow you to manipulate the policy and run zebra with the tightest access possible.
+
@@ -52632,7 +55809,7 @@ index 0000000..98239dc
+/var/run/\.zserv, /var/run/\.zebra, /var/run/quagga(/.*)?
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -52676,7 +55853,7 @@ index 0000000..98239dc
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -52687,7 +55864,7 @@ index 0000000..98239dc
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.B semanage port
+can also be used to manipulate the port definitions
@@ -52708,18 +55885,24 @@ index 0000000..98239dc
\ No newline at end of file
diff --git a/man/man8/zoneminder_selinux.8 b/man/man8/zoneminder_selinux.8
new file mode 100644
-index 0000000..6bdbdc5
+index 0000000..3085db9
--- /dev/null
+++ b/man/man8/zoneminder_selinux.8
-@@ -0,0 +1,145 @@
+@@ -0,0 +1,151 @@
+.TH "zoneminder_selinux" "8" "zoneminder" "dwalsh at redhat.com" "zoneminder SELinux Policy documentation"
+.SH "NAME"
+zoneminder_selinux \- Security Enhanced Linux Policy for the zoneminder processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the zoneminder processes via flexible mandatory access
++
++SELinux Linux secures
++.B zoneminder
++(policy for zoneminder)
++processes via flexible mandatory access
+control.
+
++
++
+.SH SHARING FILES
+If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
+.TP
@@ -52731,7 +55914,7 @@ index 0000000..6bdbdc5
+.B restorecon -F -R -v /var/zoneminder
+.pp
+.TP
-+Allow zoneminder servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_zoneminderd_anon_write boolean to be set.
++Allow zoneminder servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_zoneminder_anon_write boolean to be set.
+.PP
+.B
+semanage fcontext -a -t public_content_rw_t "/var/zoneminder/incoming(/.*)?"
@@ -52814,7 +55997,7 @@ index 0000000..6bdbdc5
+
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -52835,7 +56018,7 @@ index 0000000..6bdbdc5
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -52846,7 +56029,7 @@ index 0000000..6bdbdc5
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -52859,18 +56042,24 @@ index 0000000..6bdbdc5
+selinux(8), zoneminder(8), semanage(8), restorecon(8), chcon(1)
diff --git a/man/man8/zos_selinux.8 b/man/man8/zos_selinux.8
new file mode 100644
-index 0000000..7a117d7
+index 0000000..b9eb5b9
--- /dev/null
+++ b/man/man8/zos_selinux.8
-@@ -0,0 +1,75 @@
+@@ -0,0 +1,81 @@
+.TH "zos_selinux" "8" "zos" "dwalsh at redhat.com" "zos SELinux Policy documentation"
+.SH "NAME"
+zos_selinux \- Security Enhanced Linux Policy for the zos processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the zos processes via flexible mandatory access
++
++SELinux Linux secures
++.B zos
++(policy for z/OS Remote-services Audit dispatcher plugin)
++processes via flexible mandatory access
+control.
+
++
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -52895,7 +56084,7 @@ index 0000000..7a117d7
+/sbin/audispd-zos-remote, /usr/sbin/audispd-zos-remote
+
+.PP
-+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
+command. This will modify the SELinux labeling database. You will need to use
+.B restorecon
@@ -52916,7 +56105,7 @@ index 0000000..7a117d7
+.EE
+.PP
+Note:
-+.B semanage permississive -a PROCESS_TYPE
++.B semanage permissive -a PROCESS_TYPE
+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
+
+.SH "COMMANDS"
@@ -52927,7 +56116,7 @@ index 0000000..7a117d7
+can also be used to manipulate whether or not a process type is permissive.
+.PP
+.B semanage module
-+can also be used to enable/disable/install/remove policy modules
++can also be used to enable/disable/install/remove policy modules.
+
+.PP
+.B system-config-selinux
@@ -54345,7 +57534,7 @@ index 4f7bd3c..9143343 100644
- unconfined_domain(kudzu_t)
')
diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te
-index 7090dae..77c91f7 100644
+index 7090dae..51123b2 100644
--- a/policy/modules/admin/logrotate.te
+++ b/policy/modules/admin/logrotate.te
@@ -29,9 +29,7 @@ files_type(logrotate_var_lib_t)
@@ -54399,7 +57588,7 @@ index 7090dae..77c91f7 100644
# cjp: why is this needed?
init_domtrans_script(logrotate_t)
-@@ -116,17 +119,16 @@ miscfiles_read_localization(logrotate_t)
+@@ -116,17 +119,17 @@ miscfiles_read_localization(logrotate_t)
seutil_dontaudit_read_config(logrotate_t)
@@ -54416,6 +57605,7 @@ index 7090dae..77c91f7 100644
-
-mta_send_mail(logrotate_t)
+userdom_dontaudit_list_admin_dir(logrotate_t)
++userdom_dontaudit_getattr_user_home_content(logrotate_t)
ifdef(`distro_debian', `
- allow logrotate_t logrotate_tmp_t:file { relabelfrom relabelto };
@@ -54423,7 +57613,7 @@ index 7090dae..77c91f7 100644
# for savelog
can_exec(logrotate_t, logrotate_exec_t)
-@@ -138,7 +140,7 @@ ifdef(`distro_debian', `
+@@ -138,7 +141,7 @@ ifdef(`distro_debian', `
')
optional_policy(`
@@ -54432,7 +57622,7 @@ index 7090dae..77c91f7 100644
')
optional_policy(`
-@@ -154,6 +156,10 @@ optional_policy(`
+@@ -154,6 +157,10 @@ optional_policy(`
')
optional_policy(`
@@ -54443,7 +57633,7 @@ index 7090dae..77c91f7 100644
asterisk_domtrans(logrotate_t)
')
-@@ -162,10 +168,20 @@ optional_policy(`
+@@ -162,10 +169,20 @@ optional_policy(`
')
optional_policy(`
@@ -54464,7 +57654,7 @@ index 7090dae..77c91f7 100644
cups_domtrans(logrotate_t)
')
-@@ -178,6 +194,10 @@ optional_policy(`
+@@ -178,6 +195,10 @@ optional_policy(`
')
optional_policy(`
@@ -54475,7 +57665,7 @@ index 7090dae..77c91f7 100644
icecast_signal(logrotate_t)
')
-@@ -194,15 +214,19 @@ optional_policy(`
+@@ -194,15 +215,19 @@ optional_policy(`
')
optional_policy(`
@@ -54496,7 +57686,7 @@ index 7090dae..77c91f7 100644
optional_policy(`
samba_exec_log(logrotate_t)
-@@ -228,3 +252,14 @@ optional_policy(`
+@@ -228,3 +253,14 @@ optional_policy(`
optional_policy(`
varnishd_manage_log(logrotate_t)
')
@@ -55061,10 +58251,10 @@ index 0000000..bd83148
+## <summary>No Interfaces</summary>
diff --git a/policy/modules/admin/permissivedomains.te b/policy/modules/admin/permissivedomains.te
new file mode 100644
-index 0000000..75c0f07
+index 0000000..984c8ac
--- /dev/null
+++ b/policy/modules/admin/permissivedomains.te
-@@ -0,0 +1,57 @@
+@@ -0,0 +1,66 @@
+policy_module(permissivedomains,17)
+
+
@@ -55122,6 +58312,15 @@ index 0000000..75c0f07
+ permissive sge_job_t;
+
+')
++
++optional_policy(`
++ gen_require(`
++ type matahari_rpcd_t;
++ ')
++
++ permissive matahari_rpcd_t;
++
++')
diff --git a/policy/modules/admin/portage.fc b/policy/modules/admin/portage.fc
index db46387..b665b08 100644
--- a/policy/modules/admin/portage.fc
@@ -56872,10 +60071,10 @@ index 975af1a..748db5b 100644
+ can_exec($1, sudo_exec_t)
+')
diff --git a/policy/modules/admin/sudo.te b/policy/modules/admin/sudo.te
-index 2731fa1..9ce39dd 100644
+index 2731fa1..914f386 100644
--- a/policy/modules/admin/sudo.te
+++ b/policy/modules/admin/sudo.te
-@@ -7,3 +7,104 @@ attribute sudodomain;
+@@ -7,3 +7,105 @@ attribute sudodomain;
type sudo_exec_t;
application_executable_file(sudo_exec_t)
@@ -56919,6 +60118,7 @@ index 2731fa1..9ce39dd 100644
+dev_read_urand(sudodomain)
+dev_rw_generic_usb_dev(sudodomain)
+dev_read_sysfs(sudodomain)
++dev_dontaudit_getattr_all(sudodomain)
+
+domain_use_interactive_fds(sudodomain)
+domain_sigchld_interactive_fds(sudodomain)
@@ -61286,7 +64486,7 @@ index fbb5c5a..094d03b 100644
+')
+
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
-index 2e9318b..428478e 100644
+index 2e9318b..6c983e1 100644
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -25,6 +25,7 @@ files_config_file(mozilla_conf_t)
@@ -61530,7 +64730,7 @@ index 2e9318b..428478e 100644
')
optional_policy(`
-@@ -438,18 +461,97 @@ optional_policy(`
+@@ -438,18 +461,98 @@ optional_policy(`
')
optional_policy(`
@@ -61617,6 +64817,7 @@ index 2e9318b..428478e 100644
+userdom_read_user_home_content_files(mozilla_plugin_config_t)
+userdom_dontaudit_search_admin_dir(mozilla_plugin_config_t)
+userdom_use_inherited_user_ptys(mozilla_plugin_config_t)
++userdom_dontaudit_use_user_terminals(mozilla_plugin_config_t)
+
+domtrans_pattern(mozilla_plugin_config_t, mozilla_plugin_exec_t, mozilla_plugin_t)
+
@@ -65145,10 +68346,10 @@ index 0000000..5554dc9
+
diff --git a/policy/modules/apps/thumb.te b/policy/modules/apps/thumb.te
new file mode 100644
-index 0000000..b23b488
+index 0000000..0e7f810
--- /dev/null
+++ b/policy/modules/apps/thumb.te
-@@ -0,0 +1,82 @@
+@@ -0,0 +1,84 @@
+policy_module(thumb, 1.0.0)
+
+########################################
@@ -65201,6 +68402,8 @@ index 0000000..b23b488
+files_read_etc_files(thumb_t)
+files_read_usr_files(thumb_t)
+
++fs_read_dos_files(thumb_t)
++
+auth_use_nsswitch(thumb_t)
+
+miscfiles_read_fonts(thumb_t)
@@ -65675,10 +68878,10 @@ index 23066a1..dc73652 100644
# cjp: why?
userdom_read_user_home_content_files(vmware_t)
diff --git a/policy/modules/apps/webalizer.te b/policy/modules/apps/webalizer.te
-index b11941a..93ec570 100644
+index b11941a..181c808 100644
--- a/policy/modules/apps/webalizer.te
+++ b/policy/modules/apps/webalizer.te
-@@ -75,13 +75,15 @@ files_read_etc_runtime_files(webalizer_t)
+@@ -75,33 +75,29 @@ files_read_etc_runtime_files(webalizer_t)
logging_list_logs(webalizer_t)
logging_send_syslog_msg(webalizer_t)
@@ -65695,20 +68898,30 @@ index b11941a..93ec570 100644
userdom_use_unpriv_users_fds(webalizer_t)
userdom_dontaudit_search_user_home_content(webalizer_t)
-@@ -97,13 +99,5 @@ optional_policy(`
+-apache_read_log(webalizer_t)
+-apache_manage_sys_content(webalizer_t)
+-
+ optional_policy(`
+- cron_system_entry(webalizer_t, webalizer_exec_t)
++ apache_read_log(webalizer_t)
++ apache_manage_sys_content(webalizer_t)
')
optional_policy(`
-- nis_use_ypbind(webalizer_t)
+- ftp_read_log(webalizer_t)
-')
-
-optional_policy(`
+- nis_use_ypbind(webalizer_t)
++ cron_system_entry(webalizer_t, webalizer_exec_t)
+ ')
+
+ optional_policy(`
- nscd_socket_use(webalizer_t)
--')
--
--optional_policy(`
- squid_read_log(webalizer_t)
++ ftp_read_log(webalizer_t)
')
+
+ optional_policy(`
diff --git a/policy/modules/apps/wine.fc b/policy/modules/apps/wine.fc
index 9d24449..2666317 100644
--- a/policy/modules/apps/wine.fc
@@ -65926,7 +69139,7 @@ index 223ad43..d95e720 100644
rsync_exec(yam_t)
')
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
-index 3fae11a..3f5d339 100644
+index 3fae11a..6d61e8b 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -1,7 +1,7 @@
@@ -66092,8 +69305,8 @@ index 3fae11a..3f5d339 100644
+/usr/lib/emacsen-common/.* gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/gimp/.*/plug-ins(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib/mailman/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib/mailman/mail(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/usr/lib/mailman.*/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/usr/lib/mailman.*/mail(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/MailScanner(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/mediawiki/math/texvc.* gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/misc/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
@@ -66215,7 +69428,7 @@ index 3fae11a..3f5d339 100644
/usr/share/pwlib/make/ptlib-config -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/pydict/pydict\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/rhn/rhn_applet/applet\.py -- gen_context(system_u:object_r:bin_t,s0)
-@@ -363,7 +408,7 @@ ifdef(`distro_redhat', `
+@@ -363,20 +408,21 @@ ifdef(`distro_redhat', `
ifdef(`distro_suse', `
/usr/lib/cron/run-crons -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/samba/classic/.* -- gen_context(system_u:object_r:bin_t,s0)
@@ -66224,7 +69437,12 @@ index 3fae11a..3f5d339 100644
/usr/share/apache2/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
')
-@@ -375,8 +420,9 @@ ifdef(`distro_suse', `
+ #
+ # /var
+ #
+-/var/mailman/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/var/mailman.*/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
+
/var/ftp/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/var/lib/asterisk/agi-bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -67712,7 +70930,7 @@ index 4f3b542..1552f90 100644
+ dev_filetrans($1, ppp_device_t, chr_file, "ppp")
+')
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
-index 99b71cb..63b5c4a 100644
+index 99b71cb..a0d3b16 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -11,11 +11,15 @@ attribute netif_type;
@@ -67862,7 +71080,7 @@ index 99b71cb..63b5c4a 100644
-network_port(kerberos_master, tcp,4444,s0, udp,4444,s0)
+network_port(jabber_router, tcp,5347,s0)
+network_port(jboss_debug, tcp,8787,s0)
-+network_port(jboss_management, tcp,4712,s0, udp,4712,s0, tcp,9123,s0, udp,9123,s0, tcp, 9990, s0, tcp, 18001, s0)
++network_port(jboss_management, tcp,4712,s0, tcp,4447,s0, udp,4712,s0, tcp,7600,s0, tcp,9123,s0, udp,9123,s0, tcp, 9990, s0, tcp, 18001, s0)
+network_port(kerberos, tcp,88,s0, udp,88,s0, tcp,750,s0, udp,750,s0, tcp,4444,s0, udp,4444,s0)
+network_port(kerberos_admin, tcp,749,s0)
+network_port(kerberos_password, tcp,464,s0, udp,464,s0)
@@ -73956,7 +77174,7 @@ index 57c4a6a..d323c74 100644
+/usr/lib/udev/devices/loop.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/usr/lib/udev/devices/fuse -c gen_context(system_u:object_r:fuse_device_t,s0)
diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if
-index 1700ef2..3e38191 100644
+index 1700ef2..9282b84 100644
--- a/policy/modules/kernel/storage.if
+++ b/policy/modules/kernel/storage.if
@@ -101,6 +101,8 @@ interface(`storage_raw_read_fixed_disk',`
@@ -73976,7 +77194,56 @@ index 1700ef2..3e38191 100644
dev_add_entry_generic_dirs($1)
')
-@@ -808,3 +811,369 @@ interface(`storage_unconfined',`
+@@ -269,6 +272,48 @@ interface(`storage_dev_filetrans_fixed_disk',`
+ dev_filetrans($1, fixed_disk_device_t, blk_file)
+ ')
+
++#######################################
++## <summary>
++## Create block devices in /dev with the fixed disk type
++## via an automatic type transition.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`storage_dev_filetrans_named_fixed_disk',`
++ gen_require(`
++ type fixed_disk_device_t;
++ ')
++
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "jsflash")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "lvm")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "megaraid_sas_ioctl_node")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "megadev0")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "megadev1")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "megadev2")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "megadev3")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "megadev4")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "megadev5")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "megadev6")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "megadev7")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "megadev8")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "megadev9")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "device-mapper")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "raw0")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "raw1")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "raw2")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "raw3")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "raw4")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "raw5")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "raw6")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "raw7")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "raw8")
++ dev_filetrans($1, fixed_disk_device_t, chr_file, "raw9")
++')
++
+ ########################################
+ ## <summary>
+ ## Create block devices in on a tmpfs filesystem with the
+@@ -808,3 +853,369 @@ interface(`storage_unconfined',`
typeattribute $1 storage_unconfined_type;
')
@@ -75160,6 +78427,16 @@ index 1875064..2adc35f 100644
+optional_policy(`
+ sudo_role_template(dbadm, dbadm_r, dbadm_t)
+')
+diff --git a/policy/modules/roles/guest.if b/policy/modules/roles/guest.if
+index 8906a32..9defca0 100644
+--- a/policy/modules/roles/guest.if
++++ b/policy/modules/roles/guest.if
+@@ -1,4 +1,4 @@
+-## <summary>Least privledge terminal user role</summary>
++## <summary>Least privileged terminal user</summary>
+
+ ########################################
+ ## <summary>
diff --git a/policy/modules/roles/guest.te b/policy/modules/roles/guest.te
index 1cb7311..1de82b2 100644
--- a/policy/modules/roles/guest.te
@@ -75216,6 +78493,16 @@ index be4de58..7e8b6ec 100644
init_exec(secadm_t)
+diff --git a/policy/modules/roles/staff.if b/policy/modules/roles/staff.if
+index 234a940..d340f20 100644
+--- a/policy/modules/roles/staff.if
++++ b/policy/modules/roles/staff.if
+@@ -1,4 +1,4 @@
+-## <summary>Administrator's unprivileged user role</summary>
++## <summary>Administrator's unprivileged user</summary>
+
+ ########################################
+ ## <summary>
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 2be17d2..b6ee027 100644
--- a/policy/modules/roles/staff.te
@@ -76705,10 +79992,10 @@ index 0000000..bac0dc0
+
diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
new file mode 100644
-index 0000000..c21c9a4
+index 0000000..f38475a
--- /dev/null
+++ b/policy/modules/roles/unconfineduser.te
-@@ -0,0 +1,383 @@
+@@ -0,0 +1,388 @@
+policy_module(unconfineduser, 1.0.0)
+
+########################################
@@ -76871,6 +80158,11 @@ index 0000000..c21c9a4
+ rtkit_scheduled(unconfined_t)
+ ')
+
++ # Might remove later if this proves to be problematic, but would like to gather AVCs
++ optional_policy(`
++ thumb_role(unconfined_r, unconfined_t)
++ ')
++
+ optional_policy(`
+ setroubleshoot_dbus_chat(unconfined_t)
+ setroubleshoot_dbus_chat_fixit(unconfined_t)
@@ -77092,6 +80384,16 @@ index 0000000..c21c9a4
+
+gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
+
+diff --git a/policy/modules/roles/unprivuser.if b/policy/modules/roles/unprivuser.if
+index 3835596..fbca2be 100644
+--- a/policy/modules/roles/unprivuser.if
++++ b/policy/modules/roles/unprivuser.if
+@@ -1,4 +1,4 @@
+-## <summary>Generic unprivileged user role</summary>
++## <summary>Generic unprivileged user</summary>
+
+ ########################################
+ ## <summary>
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index e5bfdd4..7e0ea58 100644
--- a/policy/modules/roles/unprivuser.te
@@ -77273,6 +80575,16 @@ index 0ecc786..3e7e984 100644
userdom_dontaudit_search_user_home_dirs(webadm_t)
+diff --git a/policy/modules/roles/xguest.if b/policy/modules/roles/xguest.if
+index d2234e3..030e845 100644
+--- a/policy/modules/roles/xguest.if
++++ b/policy/modules/roles/xguest.if
+@@ -1,4 +1,4 @@
+-## <summary>Least privledge xwindows user role</summary>
++## <summary>Least privileged X user</summary>
+
+ ########################################
+ ## <summary>
diff --git a/policy/modules/roles/xguest.te b/policy/modules/roles/xguest.te
index e88b95f..9b6536a 100644
--- a/policy/modules/roles/xguest.te
@@ -78669,7 +81981,7 @@ index deca9d3..ac92fce 100644
')
diff --git a/policy/modules/services/apache.fc b/policy/modules/services/apache.fc
-index 9e39aa5..c507f2b 100644
+index 9e39aa5..2386b92 100644
--- a/policy/modules/services/apache.fc
+++ b/policy/modules/services/apache.fc
@@ -1,21 +1,32 @@
@@ -78706,7 +82018,7 @@ index 9e39aa5..c507f2b 100644
/srv/([^/]*/)?www(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/srv/gallery2(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
-@@ -24,16 +35,17 @@ HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_u
+@@ -24,16 +35,18 @@ HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_u
/usr/lib/apache-ssl/.+ -- gen_context(system_u:object_r:httpd_exec_t,s0)
/usr/lib/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
@@ -78727,11 +82039,12 @@ index 9e39aa5..c507f2b 100644
/usr/sbin/apache(2)? -- gen_context(system_u:object_r:httpd_exec_t,s0)
/usr/sbin/apache-ssl(2)? -- gen_context(system_u:object_r:httpd_exec_t,s0)
-+/usr/sbin/cherokee -- gen_context(system_u:object_r:httpd_exec_t,s0)
++/usr/sbin/cherokee -- gen_context(system_u:object_r:httpd_exec_t,s0)
++/usr/sbin/httpd\.event -- gen_context(system_u:object_r:httpd_exec_t,s0)
/usr/sbin/httpd(\.worker)? -- gen_context(system_u:object_r:httpd_exec_t,s0)
/usr/sbin/lighttpd -- gen_context(system_u:object_r:httpd_exec_t,s0)
/usr/sbin/rotatelogs -- gen_context(system_u:object_r:httpd_rotatelogs_exec_t,s0)
-@@ -43,8 +55,9 @@ ifdef(`distro_suse', `
+@@ -43,8 +56,9 @@ ifdef(`distro_suse', `
/usr/sbin/httpd2-.* -- gen_context(system_u:object_r:httpd_exec_t,s0)
')
@@ -78743,7 +82056,7 @@ index 9e39aa5..c507f2b 100644
/usr/share/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/usr/share/icecast(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/usr/share/mythweb(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
-@@ -54,11 +67,14 @@ ifdef(`distro_suse', `
+@@ -54,11 +68,14 @@ ifdef(`distro_suse', `
/usr/share/ntop/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/usr/share/openca/htdocs(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/usr/share/selinux-policy[^/]*/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -78758,7 +82071,7 @@ index 9e39aa5..c507f2b 100644
/var/cache/lighttpd(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
/var/cache/mason(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
/var/cache/mediawiki(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
-@@ -73,28 +89,40 @@ ifdef(`distro_suse', `
+@@ -73,28 +90,40 @@ ifdef(`distro_suse', `
/var/cache/ssl.*\.sem -- gen_context(system_u:object_r:httpd_cache_t,s0)
/var/lib/cacti/rra(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -78803,7 +82116,7 @@ index 9e39aa5..c507f2b 100644
/var/run/lighttpd(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/mod_.* gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/wsgi.* -s gen_context(system_u:object_r:httpd_var_run_t,s0)
-@@ -104,8 +132,26 @@ ifdef(`distro_debian', `
+@@ -104,8 +133,26 @@ ifdef(`distro_debian', `
/var/spool/viewvc(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t, s0)
/var/www(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -93474,7 +96787,7 @@ index 9d3201b..41c2c99 100644
+ ftp_systemctl($1)
')
diff --git a/policy/modules/services/ftp.te b/policy/modules/services/ftp.te
-index 8a74a83..d2157bc 100644
+index 8a74a83..c183d8c 100644
--- a/policy/modules/services/ftp.te
+++ b/policy/modules/services/ftp.te
@@ -40,6 +40,20 @@ gen_tunable(allow_ftpd_use_nfs, false)
@@ -93584,6 +96897,15 @@ index 8a74a83..d2157bc 100644
# Create and modify /var/log/xferlog.
manage_files_pattern(ftpd_t, xferlog_t, xferlog_t)
+@@ -177,7 +206,7 @@ logging_log_filetrans(ftpd_t, xferlog_t, file)
+
+ kernel_read_kernel_sysctls(ftpd_t)
+ kernel_read_system_state(ftpd_t)
+-kernel_search_network_state(ftpd_t)
++kernel_read_network_state(ftpd_t)
+
+ dev_read_sysfs(ftpd_t)
+ dev_read_urand(ftpd_t)
@@ -196,9 +225,8 @@ corenet_tcp_bind_generic_node(ftpd_t)
corenet_tcp_bind_ftp_port(ftpd_t)
corenet_tcp_bind_ftp_data_port(ftpd_t)
@@ -96319,10 +99641,10 @@ index 9878499..8643cd3 100644
- admin_pattern($1, jabberd_var_run_t)
')
diff --git a/policy/modules/services/jabber.te b/policy/modules/services/jabber.te
-index da2127e..24e20b0 100644
+index da2127e..91bdd44 100644
--- a/policy/modules/services/jabber.te
+++ b/policy/modules/services/jabber.te
-@@ -5,90 +5,148 @@ policy_module(jabber, 1.8.0)
+@@ -5,90 +5,150 @@ policy_module(jabber, 1.8.0)
# Declarations
#
@@ -96400,40 +99722,42 @@ index da2127e..24e20b0 100644
-corenet_sendrecv_jabber_interserver_server_packets(jabberd_t)
+manage_files_pattern(jabberd_router_t, jabberd_var_lib_t, jabberd_var_lib_t)
+manage_dirs_pattern(jabberd_router_t, jabberd_var_lib_t, jabberd_var_lib_t)
-
--dev_read_sysfs(jabberd_t)
--# For SSL
--dev_read_rand(jabberd_t)
++
++kernel_read_network_state(jabberd_router_t)
++
+corenet_tcp_bind_jabber_client_port(jabberd_router_t)
+corenet_tcp_bind_jabber_router_port(jabberd_router_t)
+corenet_tcp_connect_jabber_router_port(jabberd_router_t)
+corenet_sendrecv_jabber_router_server_packets(jabberd_router_t)
+corenet_sendrecv_jabber_client_server_packets(jabberd_router_t)
--domain_use_interactive_fds(jabberd_t)
+-dev_read_sysfs(jabberd_t)
+-# For SSL
+-dev_read_rand(jabberd_t)
+fs_getattr_all_fs(jabberd_router_t)
--files_read_etc_files(jabberd_t)
--files_read_etc_runtime_files(jabberd_t)
+-domain_use_interactive_fds(jabberd_t)
+miscfiles_read_generic_certs(jabberd_router_t)
--fs_getattr_all_fs(jabberd_t)
--fs_search_auto_mountpoints(jabberd_t)
+-files_read_etc_files(jabberd_t)
+-files_read_etc_runtime_files(jabberd_t)
+optional_policy(`
+ kerberos_use(jabberd_router_t)
+')
--logging_send_syslog_msg(jabberd_t)
+-fs_getattr_all_fs(jabberd_t)
+-fs_search_auto_mountpoints(jabberd_t)
+optional_policy(`
+ nis_use_ypbind(jabberd_router_t)
+')
--miscfiles_read_localization(jabberd_t)
+-logging_send_syslog_msg(jabberd_t)
+#####################################
+#
+# Local policy for other jabberd components
+#
-+
+
+-miscfiles_read_localization(jabberd_t)
+manage_files_pattern(jabberd_t, jabberd_var_lib_t, jabberd_var_lib_t)
+manage_dirs_pattern(jabberd_t, jabberd_var_lib_t, jabberd_var_lib_t)
@@ -96452,8 +99776,8 @@ index da2127e..24e20b0 100644
optional_policy(`
- seutil_sigchld_newrole(jabberd_t)
+ udev_read_db(jabberd_t)
-+')
-+
+ ')
+
+######################################
+#
+# Local policy for pyicq-t
@@ -96484,12 +99808,12 @@ index da2127e..24e20b0 100644
+libs_use_shared_libs(pyicqt_t)
+
+# needed for pyicq-t-mysql
-+optional_policy(`
-+ corenet_tcp_connect_mysqld_port(pyicqt_t)
- ')
-
optional_policy(`
- udev_read_db(jabberd_t)
++ corenet_tcp_connect_mysqld_port(pyicqt_t)
++')
++
++optional_policy(`
+ sysnet_use_ldap(pyicqt_t)
')
+
@@ -98215,40 +101539,49 @@ index 93c14ca..27d96e1 100644
optional_policy(`
cups_read_config(lpr_t)
diff --git a/policy/modules/services/mailman.fc b/policy/modules/services/mailman.fc
-index 14ad189..8317f33 100644
+index 14ad189..c7daa85 100644
--- a/policy/modules/services/mailman.fc
+++ b/policy/modules/services/mailman.fc
@@ -1,11 +1,14 @@
-/usr/lib(64)?/mailman/bin/mailmanctl -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
-+
-+/usr/lib/mailman/bin/mailmanctl -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
-+/usr/lib/mailman/bin/mm-handler.* -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
- /usr/lib/mailman/cron/.* -- gen_context(system_u:object_r:mailman_queue_exec_t,s0)
-+/usr/share/doc/mailman.*/mm-handler.* -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
+-/usr/lib/mailman/cron/.* -- gen_context(system_u:object_r:mailman_queue_exec_t,s0)
- /var/lib/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
- /var/lib/mailman/archives(/.*)? gen_context(system_u:object_r:mailman_archive_t,s0)
- /var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
- /var/log/mailman(/.*)? gen_context(system_u:object_r:mailman_log_t,s0)
+-/var/lib/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
+-/var/lib/mailman/archives(/.*)? gen_context(system_u:object_r:mailman_archive_t,s0)
+-/var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
+-/var/log/mailman(/.*)? gen_context(system_u:object_r:mailman_log_t,s0)
-/var/run/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
-+/var/run/mailman(/.*)? gen_context(system_u:object_r:mailman_var_run_t,s0)
++/usr/lib/mailman.*/bin/mailmanctl -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
++/usr/lib/mailman.*/bin/mm-handler.* -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
++/usr/lib/mailman.*/cron/.* -- gen_context(system_u:object_r:mailman_queue_exec_t,s0)
++/usr/share/doc/mailman.*/mm-handler.* -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
++
++/var/lib/mailman.* gen_context(system_u:object_r:mailman_data_t,s0)
++/var/lib/mailman.*/archives(/.*)? gen_context(system_u:object_r:mailman_archive_t,s0)
++/var/lock/mailman.* gen_context(system_u:object_r:mailman_lock_t,s0)
++/var/log/mailman.* gen_context(system_u:object_r:mailman_log_t,s0)
++/var/run/mailman.* gen_context(system_u:object_r:mailman_var_run_t,s0)
#
# distro_debian
-@@ -25,10 +28,10 @@ ifdef(`distro_debian', `
+@@ -23,12 +26,12 @@ ifdef(`distro_debian', `
+ # distro_redhat
+ #
ifdef(`distro_redhat', `
- /etc/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
+-/etc/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
++/etc/mailman.* gen_context(system_u:object_r:mailman_data_t,s0)
-/usr/lib(64)?/mailman/bin/qrunner -- gen_context(system_u:object_r:mailman_queue_exec_t,s0)
-/usr/lib(64)?/mailman/cgi-bin/.* -- gen_context(system_u:object_r:mailman_cgi_exec_t,s0)
-/usr/lib(64)?/mailman/mail/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
-/usr/lib(64)?/mailman/scripts/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
-+/usr/lib/mailman/bin/qrunner -- gen_context(system_u:object_r:mailman_queue_exec_t,s0)
-+/usr/lib/mailman/cgi-bin/.* -- gen_context(system_u:object_r:mailman_cgi_exec_t,s0)
-+/usr/lib/mailman/mail/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
-+/usr/lib/mailman/scripts/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
++/usr/lib/mailman.*/bin/qrunner -- gen_context(system_u:object_r:mailman_queue_exec_t,s0)
++/usr/lib/mailman.*/cgi-bin/.* -- gen_context(system_u:object_r:mailman_cgi_exec_t,s0)
++/usr/lib/mailman.*/mail/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
++/usr/lib/mailman.*/scripts/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
- /var/spool/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
+-/var/spool/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
++/var/spool/mailman.* gen_context(system_u:object_r:mailman_data_t,s0)
')
diff --git a/policy/modules/services/mailman.if b/policy/modules/services/mailman.if
index 67c7fdd..d7338be 100644
@@ -98557,10 +101890,10 @@ index 0000000..5b84980
+')
diff --git a/policy/modules/services/matahari.fc b/policy/modules/services/matahari.fc
new file mode 100644
-index 0000000..14be385
+index 0000000..cf95c97
--- /dev/null
+++ b/policy/modules/services/matahari.fc
-@@ -0,0 +1,39 @@
+@@ -0,0 +1,43 @@
+/etc/rc\.d/init\.d/matahari-host -- gen_context(system_u:object_r:matahari_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/matahari-net -- gen_context(system_u:object_r:matahari_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/matahari-service -- gen_context(system_u:object_r:matahari_initrc_exec_t,s0)
@@ -98569,12 +101902,14 @@ index 0000000..14be385
+
+/lib/systemd/system/matahari-host\.service -- gen_context(system_u:object_r:matahari_hostd_unit_file_t,s0)
+/lib/systemd/system/matahari-network\.service -- gen_context(system_u:object_r:matahari_netd_unit_file_t,s0)
++/lib/systemd/system/matahari-rpc.service -- gen_context(system_u:object_r:matahari_rpcd_unit_file_t,s0)
+/lib/systemd/system/matahari-service\.service -- gen_context(system_u:object_r:matahari_serviced_unit_file_t,s0)
+/lib/systemd/system/matahari-sysconfig\.service -- gen_context(system_u:object_r:matahari_sysconfigd_unit_file_t,s0)
+/lib/systemd/system/matahari-sysconfig-console\.service -- gen_context(system_u:object_r:matahari_sysconfigd_unit_file_t,s0)
+
+/usr/lib/systemd/system/matahari-host\.service -- gen_context(system_u:object_r:matahari_hostd_unit_file_t,s0)
+/usr/lib/systemd/system/matahari-network\.service -- gen_context(system_u:object_r:matahari_netd_unit_file_t,s0)
++/usr/lib/systemd/system/matahari-rpc.service -- gen_context(system_u:object_r:matahari_rpcd_unit_file_t,s0)
+/usr/lib/systemd/system/matahari-service\.service -- gen_context(system_u:object_r:matahari_serviced_unit_file_t,s0)
+/usr/lib/systemd/system/matahari-sysconfig\.service -- gen_context(system_u:object_r:matahari_sysconfigd_unit_file_t,s0)
+/usr/lib/systemd/system/matahari-sysconfig-console\.service -- gen_context(system_u:object_r:matahari_sysconfigd_unit_file_t,s0)
@@ -98591,6 +101926,8 @@ index 0000000..14be385
+/usr/sbin/matahari-dbus-networkd -- gen_context(system_u:object_r:matahari_netd_exec_t,s0)
+/usr/sbin/matahari-qmf-networkd -- gen_context(system_u:object_r:matahari_netd_exec_t,s0)
+
++/usr/sbin/matahari-qmf-rpcd -- gen_context(system_u:object_r:matahari_rpcd_exec_t,s0)
++
+/usr/sbin/matahari-serviced -- gen_context(system_u:object_r:matahari_serviced_exec_t,s0)
+/usr/sbin/matahari-dbus-serviced -- gen_context(system_u:object_r:matahari_serviced_exec_t,s0)
+/usr/sbin/matahari-qmf-serviced -- gen_context(system_u:object_r:matahari_serviced_exec_t,s0)
@@ -98602,10 +101939,10 @@ index 0000000..14be385
+/var/run/matahari-broker\.pid -- gen_context(system_u:object_r:matahari_var_run_t,s0)
diff --git a/policy/modules/services/matahari.if b/policy/modules/services/matahari.if
new file mode 100644
-index 0000000..3f69cdf
+index 0000000..6eae9c9
--- /dev/null
+++ b/policy/modules/services/matahari.if
-@@ -0,0 +1,286 @@
+@@ -0,0 +1,289 @@
+## <summary>policy for matahari</summary>
+
+######################################
@@ -98818,11 +102155,14 @@ index 0000000..3f69cdf
+#
+interface(`matahari_systemctl',`
+ gen_require(`
++ type matahari_hostd_t;
++ type matahari_netd_t;
++ type matahari_serviced_t;
++ type matahari_sysconfigd_t;
+ type matahari_hostd_unit_file_t;
+ type matahari_netd_unit_file_t;
+ type matahari_serviced_unit_file_t;
+ type matahari_sysconfigd_unit_file_t;
-+ type matahari_sysconfigd_unit_file_t;
+ ')
+
+ systemd_exec_systemctl($1)
@@ -98894,10 +102234,10 @@ index 0000000..3f69cdf
+')
diff --git a/policy/modules/services/matahari.te b/policy/modules/services/matahari.te
new file mode 100644
-index 0000000..8f7cdb0
+index 0000000..3a1b451
--- /dev/null
+++ b/policy/modules/services/matahari.te
-@@ -0,0 +1,93 @@
+@@ -0,0 +1,106 @@
+policy_module(matahari,1.0.0)
+
+########################################
@@ -98909,6 +102249,7 @@ index 0000000..8f7cdb0
+
+matahari_domain_template(hostd)
+matahari_domain_template(netd)
++matahari_domain_template(rpcd)
+matahari_domain_template(serviced)
+matahari_domain_template(sysconfigd)
+
@@ -98946,6 +102287,18 @@ index 0000000..8f7cdb0
+ dbus_system_bus_client(matahari_netd_t)
+')
+
++
++#######################################
++#
++# matahari_rpcd local policy
++#
++
++corecmd_exec_bin(matahari_rpcd_t)
++
++auth_read_passwd(matahari_rpcd_t)
++
++files_read_usr_files(matahari_rpcd_t)
++
+########################################
+#
+# matahari_serviced local policy
@@ -98970,9 +102323,9 @@ index 0000000..8f7cdb0
+#
+# matahari domain local policy
+#
-+
++allow matahari_domain self:capability sys_nice;
++allow matahari_domain self:process setsched;
+allow matahari_domain self:process signal;
-+
+allow matahari_domain self:fifo_file rw_fifo_file_perms;
+allow matahari_domain self:unix_stream_socket create_stream_socket_perms;
+
@@ -100698,7 +104051,7 @@ index 343cee3..62edb77 100644
+ mta_filetrans_admin_home_content($1)
+')
diff --git a/policy/modules/services/mta.te b/policy/modules/services/mta.te
-index 64268e4..8fd5f8a 100644
+index 64268e4..642d538 100644
--- a/policy/modules/services/mta.te
+++ b/policy/modules/services/mta.te
@@ -20,14 +20,16 @@ files_type(etc_aliases_t)
@@ -100752,7 +104105,7 @@ index 64268e4..8fd5f8a 100644
dev_read_sysfs(system_mail_t)
dev_read_rand(system_mail_t)
dev_read_urand(system_mail_t)
-@@ -79,9 +71,16 @@ selinux_getattr_fs(system_mail_t)
+@@ -79,9 +71,18 @@ selinux_getattr_fs(system_mail_t)
term_dontaudit_use_unallocated_ttys(system_mail_t)
init_use_script_ptys(system_mail_t)
@@ -100767,10 +104120,12 @@ index 64268e4..8fd5f8a 100644
+userdom_admin_home_dir_filetrans(system_mail_t, mail_home_t, file)
+
+logging_append_all_logs(system_mail_t)
++
++logging_send_syslog_msg(system_mail_t)
optional_policy(`
apache_read_squirrelmail_data(system_mail_t)
-@@ -92,14 +91,21 @@ optional_policy(`
+@@ -92,14 +93,21 @@ optional_policy(`
apache_dontaudit_rw_stream_sockets(system_mail_t)
apache_dontaudit_rw_tcp_sockets(system_mail_t)
apache_dontaudit_rw_sys_script_stream_sockets(system_mail_t)
@@ -100795,7 +104150,7 @@ index 64268e4..8fd5f8a 100644
')
optional_policy(`
-@@ -108,9 +114,15 @@ optional_policy(`
+@@ -108,9 +116,15 @@ optional_policy(`
')
optional_policy(`
@@ -100811,7 +104166,7 @@ index 64268e4..8fd5f8a 100644
')
optional_policy(`
-@@ -124,12 +136,9 @@ optional_policy(`
+@@ -124,12 +138,9 @@ optional_policy(`
')
optional_policy(`
@@ -100826,7 +104181,7 @@ index 64268e4..8fd5f8a 100644
')
optional_policy(`
-@@ -146,6 +155,10 @@ optional_policy(`
+@@ -146,6 +157,10 @@ optional_policy(`
')
optional_policy(`
@@ -100837,7 +104192,7 @@ index 64268e4..8fd5f8a 100644
nagios_read_tmp_files(system_mail_t)
')
-@@ -158,22 +171,13 @@ optional_policy(`
+@@ -158,22 +173,13 @@ optional_policy(`
files_etc_filetrans(system_mail_t, etc_aliases_t, { file lnk_file sock_file fifo_file })
domain_use_interactive_fds(system_mail_t)
@@ -100863,7 +104218,7 @@ index 64268e4..8fd5f8a 100644
')
optional_policy(`
-@@ -189,6 +193,10 @@ optional_policy(`
+@@ -189,6 +195,10 @@ optional_policy(`
')
optional_policy(`
@@ -100874,7 +104229,7 @@ index 64268e4..8fd5f8a 100644
smartmon_read_tmp_files(system_mail_t)
')
-@@ -199,15 +207,16 @@ optional_policy(`
+@@ -199,15 +209,16 @@ optional_policy(`
arpwatch_search_data(mailserver_delivery)
arpwatch_manage_tmp_files(mta_user_agent)
@@ -100895,7 +104250,7 @@ index 64268e4..8fd5f8a 100644
########################################
#
# Mailserver delivery local policy
-@@ -220,28 +229,21 @@ append_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
+@@ -220,28 +231,21 @@ append_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
create_lnk_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
read_lnk_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
@@ -100930,7 +104285,7 @@ index 64268e4..8fd5f8a 100644
# so MTA can access /var/lib/mailman/mail/wrapper
files_search_var_lib(mailserver_delivery)
-@@ -249,16 +251,25 @@ optional_policy(`
+@@ -249,16 +253,25 @@ optional_policy(`
mailman_read_data_symlinks(mailserver_delivery)
')
@@ -100958,7 +104313,7 @@ index 64268e4..8fd5f8a 100644
# Create dead.letter in user home directories.
userdom_manage_user_home_content_files(user_mail_t)
userdom_user_home_dir_filetrans_user_home_content(user_mail_t, file)
-@@ -277,14 +288,14 @@ userdom_dontaudit_append_user_tmp_files(user_mail_t)
+@@ -277,14 +290,14 @@ userdom_dontaudit_append_user_tmp_files(user_mail_t)
# files in an appropriate place for mta_user_agent
userdom_read_user_tmp_files(mta_user_agent)
@@ -100975,7 +104330,7 @@ index 64268e4..8fd5f8a 100644
# Read user temporary files.
# postfix seems to need write access if the file handle is opened read/write
userdom_rw_user_tmp_files(user_mail_t)
-@@ -292,3 +303,114 @@ optional_policy(`
+@@ -292,3 +305,114 @@ optional_policy(`
postfix_read_config(user_mail_t)
postfix_list_spool(user_mail_t)
')
@@ -102074,7 +105429,7 @@ index 8581040..7d8e93b 100644
init_labeled_script_domtrans($1, nagios_initrc_exec_t)
domain_system_change_exemption($1)
diff --git a/policy/modules/services/nagios.te b/policy/modules/services/nagios.te
-index bf64a4c..67708de 100644
+index bf64a4c..08386a8 100644
--- a/policy/modules/services/nagios.te
+++ b/policy/modules/services/nagios.te
@@ -5,6 +5,8 @@ policy_module(nagios, 1.10.0)
@@ -102098,15 +105453,18 @@ index bf64a4c..67708de 100644
nagios_plugin_template(admin)
nagios_plugin_template(checkdisk)
-@@ -33,6 +38,7 @@ nagios_plugin_template(mail)
+@@ -33,6 +38,10 @@ nagios_plugin_template(mail)
nagios_plugin_template(services)
nagios_plugin_template(system)
nagios_plugin_template(unconfined)
+nagios_plugin_template(eventhandler)
++
++type nagios_eventhandler_plugin_tmp_t;
++files_tmp_file(nagios_eventhandler_plugin_tmp_t)
type nagios_system_plugin_tmp_t;
files_tmp_file(nagios_system_plugin_tmp_t)
-@@ -77,8 +83,13 @@ files_pid_filetrans(nagios_t, nagios_var_run_t, file)
+@@ -77,8 +86,13 @@ files_pid_filetrans(nagios_t, nagios_var_run_t, file)
manage_fifo_files_pattern(nagios_t, nagios_spool_t, nagios_spool_t)
files_spool_filetrans(nagios_t, nagios_spool_t, fifo_file)
@@ -102120,7 +105478,7 @@ index bf64a4c..67708de 100644
corecmd_exec_bin(nagios_t)
corecmd_exec_shell(nagios_t)
-@@ -107,13 +118,11 @@ files_read_etc_files(nagios_t)
+@@ -107,13 +121,11 @@ files_read_etc_files(nagios_t)
files_read_etc_runtime_files(nagios_t)
files_read_kernel_symbol_table(nagios_t)
files_search_spool(nagios_t)
@@ -102135,7 +105493,7 @@ index bf64a4c..67708de 100644
auth_use_nsswitch(nagios_t)
logging_send_syslog_msg(nagios_t)
-@@ -124,10 +133,10 @@ userdom_dontaudit_use_unpriv_user_fds(nagios_t)
+@@ -124,10 +136,10 @@ userdom_dontaudit_use_unpriv_user_fds(nagios_t)
userdom_dontaudit_search_user_home_dirs(nagios_t)
mta_send_mail(nagios_t)
@@ -102148,7 +105506,7 @@ index bf64a4c..67708de 100644
netutils_kill_ping(nagios_t)
')
-@@ -143,6 +152,7 @@ optional_policy(`
+@@ -143,6 +155,7 @@ optional_policy(`
#
# Nagios CGI local policy
#
@@ -102156,7 +105514,7 @@ index bf64a4c..67708de 100644
optional_policy(`
apache_content_template(nagios)
typealias httpd_nagios_script_t alias nagios_cgi_t;
-@@ -180,11 +190,13 @@ optional_policy(`
+@@ -180,11 +193,13 @@ optional_policy(`
#
allow nrpe_t self:capability { setuid setgid };
@@ -102171,7 +105529,7 @@ index bf64a4c..67708de 100644
domtrans_pattern(nrpe_t, nagios_checkdisk_plugin_exec_t, nagios_checkdisk_plugin_t)
read_files_pattern(nrpe_t, nagios_etc_t, nagios_etc_t)
-@@ -201,7 +213,8 @@ corecmd_exec_shell(nrpe_t)
+@@ -201,7 +216,8 @@ corecmd_exec_shell(nrpe_t)
corenet_tcp_bind_generic_node(nrpe_t)
corenet_tcp_bind_inetd_child_port(nrpe_t)
@@ -102181,7 +105539,7 @@ index bf64a4c..67708de 100644
dev_read_sysfs(nrpe_t)
dev_read_urand(nrpe_t)
-@@ -211,6 +224,7 @@ domain_read_all_domains_state(nrpe_t)
+@@ -211,6 +227,7 @@ domain_read_all_domains_state(nrpe_t)
files_read_etc_runtime_files(nrpe_t)
files_read_etc_files(nrpe_t)
@@ -102189,7 +105547,7 @@ index bf64a4c..67708de 100644
fs_getattr_all_fs(nrpe_t)
fs_search_auto_mountpoints(nrpe_t)
-@@ -270,12 +284,10 @@ files_getattr_all_file_type_fs(nagios_admin_plugin_t)
+@@ -270,12 +287,10 @@ files_getattr_all_file_type_fs(nagios_admin_plugin_t)
#
allow nagios_mail_plugin_t self:capability { setuid setgid dac_override };
@@ -102202,7 +105560,7 @@ index bf64a4c..67708de 100644
kernel_read_kernel_sysctls(nagios_mail_plugin_t)
corecmd_read_bin_files(nagios_mail_plugin_t)
-@@ -299,7 +311,7 @@ optional_policy(`
+@@ -299,7 +314,7 @@ optional_policy(`
optional_policy(`
postfix_stream_connect_master(nagios_mail_plugin_t)
@@ -102211,7 +105569,7 @@ index bf64a4c..67708de 100644
')
######################################
-@@ -310,6 +322,9 @@ optional_policy(`
+@@ -310,6 +325,9 @@ optional_policy(`
# needed by ioctl()
allow nagios_checkdisk_plugin_t self:capability { sys_admin sys_rawio };
@@ -102221,7 +105579,7 @@ index bf64a4c..67708de 100644
files_read_etc_runtime_files(nagios_checkdisk_plugin_t)
fs_getattr_all_fs(nagios_checkdisk_plugin_t)
-@@ -323,7 +338,6 @@ storage_raw_read_fixed_disk(nagios_checkdisk_plugin_t)
+@@ -323,7 +341,6 @@ storage_raw_read_fixed_disk(nagios_checkdisk_plugin_t)
allow nagios_services_plugin_t self:capability { net_bind_service net_raw };
allow nagios_services_plugin_t self:process { signal sigkill };
@@ -102229,7 +105587,7 @@ index bf64a4c..67708de 100644
allow nagios_services_plugin_t self:tcp_socket create_stream_socket_perms;
allow nagios_services_plugin_t self:udp_socket create_socket_perms;
-@@ -340,6 +354,8 @@ files_read_usr_files(nagios_services_plugin_t)
+@@ -340,6 +357,8 @@ files_read_usr_files(nagios_services_plugin_t)
optional_policy(`
netutils_domtrans_ping(nagios_services_plugin_t)
@@ -102238,7 +105596,7 @@ index bf64a4c..67708de 100644
')
optional_policy(`
-@@ -363,6 +379,8 @@ manage_files_pattern(nagios_system_plugin_t, nagios_system_plugin_tmp_t, nagios_
+@@ -363,6 +382,8 @@ manage_files_pattern(nagios_system_plugin_t, nagios_system_plugin_tmp_t, nagios_
manage_dirs_pattern(nagios_system_plugin_t, nagios_system_plugin_tmp_t, nagios_system_plugin_tmp_t)
files_tmp_filetrans(nagios_system_plugin_t, nagios_system_plugin_tmp_t, { dir file })
@@ -102247,7 +105605,7 @@ index bf64a4c..67708de 100644
kernel_read_system_state(nagios_system_plugin_t)
kernel_read_kernel_sysctls(nagios_system_plugin_t)
-@@ -376,6 +394,8 @@ domain_read_all_domains_state(nagios_system_plugin_t)
+@@ -376,6 +397,8 @@ domain_read_all_domains_state(nagios_system_plugin_t)
files_read_etc_files(nagios_system_plugin_t)
@@ -102256,7 +105614,7 @@ index bf64a4c..67708de 100644
# needed by check_users plugin
optional_policy(`
init_read_utmp(nagios_system_plugin_t)
-@@ -389,3 +409,40 @@ optional_policy(`
+@@ -389,3 +412,48 @@ optional_policy(`
optional_policy(`
unconfined_domain(nagios_unconfined_plugin_t)
')
@@ -102266,11 +105624,19 @@ index bf64a4c..67708de 100644
+# Event handler plugin plugin policy
+#
+
++manage_files_pattern(nagios_eventhandler_plugin_t, nagios_eventhandler_plugin_tmp_t, nagios_eventhandler_plugin_tmp_t)
++manage_dirs_pattern(nagios_eventhandler_plugin_t, nagios_eventhandler_plugin_tmp_t, nagios_eventhandler_plugin_tmp_t)
++files_tmp_filetrans(nagios_eventhandler_plugin_t, nagios_eventhandler_plugin_tmp_t, { dir file })
++
++corecmd_exec_bin(nagios_eventhandler_plugin_t)
++corecmd_exec_shell(nagios_eventhandler_plugin_t)
+
+init_domtrans_script(nagios_eventhandler_plugin_t)
+
+systemd_exec_systemctl(nagios_eventhandler_plugin_t)
+
++allow nagios_t nagios_eventhandler_plugin_exec_t:dir list_dir_perms;
++
+optional_policy(`
+ unconfined_domain(nagios_eventhandler_plugin_t)
+')
@@ -113355,7 +116721,7 @@ index cda37bb..617e83f 100644
+ allow $1 var_lib_nfs_t:file relabel_file_perms;
')
diff --git a/policy/modules/services/rpc.te b/policy/modules/services/rpc.te
-index b1468ed..32dd23d 100644
+index b1468ed..c378201 100644
--- a/policy/modules/services/rpc.te
+++ b/policy/modules/services/rpc.te
@@ -6,18 +6,18 @@ policy_module(rpc, 1.12.0)
@@ -113490,17 +116856,21 @@ index b1468ed..32dd23d 100644
')
tunable_policy(`nfs_export_all_ro',`
-@@ -170,8 +196,7 @@ tunable_policy(`nfs_export_all_ro',`
+@@ -170,8 +196,11 @@ tunable_policy(`nfs_export_all_ro',`
fs_read_noxattr_fs_files(nfsd_t)
- auth_read_all_dirs_except_shadow(nfsd_t)
- auth_read_all_files_except_shadow(nfsd_t)
+ files_read_non_security_files(nfsd_t)
++')
++
++optional_policy(`
++ mount_exec(nfsd_t)
')
########################################
-@@ -181,7 +206,7 @@ tunable_policy(`nfs_export_all_ro',`
+@@ -181,7 +210,7 @@ tunable_policy(`nfs_export_all_ro',`
allow gssd_t self:capability { dac_override dac_read_search setuid sys_nice };
allow gssd_t self:process { getsched setsched };
@@ -113509,7 +116879,7 @@ index b1468ed..32dd23d 100644
manage_dirs_pattern(gssd_t, gssd_tmp_t, gssd_tmp_t)
manage_files_pattern(gssd_t, gssd_tmp_t, gssd_tmp_t)
-@@ -199,6 +224,7 @@ corecmd_exec_bin(gssd_t)
+@@ -199,6 +228,7 @@ corecmd_exec_bin(gssd_t)
fs_list_rpc(gssd_t)
fs_rw_rpc_sockets(gssd_t)
fs_read_rpc_files(gssd_t)
@@ -113517,7 +116887,7 @@ index b1468ed..32dd23d 100644
fs_list_inotifyfs(gssd_t)
files_list_tmp(gssd_t)
-@@ -210,14 +236,14 @@ auth_manage_cache(gssd_t)
+@@ -210,14 +240,14 @@ auth_manage_cache(gssd_t)
miscfiles_read_generic_certs(gssd_t)
@@ -113534,7 +116904,7 @@ index b1468ed..32dd23d 100644
')
optional_policy(`
-@@ -229,6 +255,10 @@ optional_policy(`
+@@ -229,6 +259,10 @@ optional_policy(`
')
optional_policy(`
@@ -113970,7 +117340,7 @@ index 71ea0ea..26af97f 100644
init_labeled_script_domtrans($1, rwho_initrc_exec_t)
domain_system_change_exemption($1)
diff --git a/policy/modules/services/rwho.te b/policy/modules/services/rwho.te
-index a07b2f4..ee39810 100644
+index a07b2f4..36b4903 100644
--- a/policy/modules/services/rwho.te
+++ b/policy/modules/services/rwho.te
@@ -16,7 +16,7 @@ type rwho_log_t;
@@ -113982,7 +117352,15 @@ index a07b2f4..ee39810 100644
########################################
#
-@@ -55,6 +55,10 @@ files_read_etc_files(rwho_t)
+@@ -24,6 +24,7 @@ files_type(rwho_spool_t)
+ #
+
+ allow rwho_t self:capability sys_chroot;
++allow rwho_t self:process signal;
+ allow rwho_t self:unix_dgram_socket create;
+ allow rwho_t self:fifo_file rw_file_perms;
+ allow rwho_t self:unix_stream_socket create_stream_socket_perms;
+@@ -55,6 +56,10 @@ files_read_etc_files(rwho_t)
init_read_utmp(rwho_t)
init_dontaudit_write_utmp(rwho_t)
@@ -115573,12 +118951,15 @@ index bcdd16c..039b0c8 100644
files_list_var_lib($1)
admin_pattern($1, setroubleshoot_var_lib_t)
diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te
-index 086cd5f..49b1687 100644
+index 086cd5f..6ccfa96 100644
--- a/policy/modules/services/setroubleshoot.te
+++ b/policy/modules/services/setroubleshoot.te
-@@ -32,6 +32,8 @@ files_pid_file(setroubleshoot_var_run_t)
+@@ -30,8 +30,10 @@ files_pid_file(setroubleshoot_var_run_t)
+ # setroubleshootd local policy
+ #
- allow setroubleshootd_t self:capability { dac_override sys_nice sys_tty_config };
+-allow setroubleshootd_t self:capability { dac_override sys_nice sys_tty_config };
++allow setroubleshootd_t self:capability { dac_override sys_nice sys_ptrace sys_tty_config };
allow setroubleshootd_t self:process { getattr getsched setsched sigkill signull signal };
+# if bad library causes setroubleshoot to require these, we want to give it so setroubleshoot can continue to run
+allow setroubleshootd_t self:process { execmem execstack };
@@ -115925,7 +119306,7 @@ index adea9f9..145adbd 100644
init_labeled_script_domtrans($1, fsdaemon_initrc_exec_t)
domain_system_change_exemption($1)
diff --git a/policy/modules/services/smartmon.te b/policy/modules/services/smartmon.te
-index 606a098..441f753 100644
+index 606a098..522fb54 100644
--- a/policy/modules/services/smartmon.te
+++ b/policy/modules/services/smartmon.te
@@ -35,7 +35,7 @@ ifdef(`enable_mls',`
@@ -115945,7 +119326,7 @@ index 606a098..441f753 100644
kernel_read_software_raid_state(fsdaemon_t)
kernel_read_system_state(fsdaemon_t)
-@@ -73,19 +74,30 @@ files_read_etc_runtime_files(fsdaemon_t)
+@@ -73,19 +74,31 @@ files_read_etc_runtime_files(fsdaemon_t)
files_read_usr_files(fsdaemon_t)
# for config
files_read_etc_files(fsdaemon_t)
@@ -115959,6 +119340,7 @@ index 606a098..441f753 100644
#mls_rangetrans_target(fsdaemon_t)
+storage_create_fixed_disk_dev(fsdaemon_t)
++storage_dev_filetrans_named_fixed_disk(fsdaemon_t)
storage_raw_read_fixed_disk(fsdaemon_t)
storage_raw_write_fixed_disk(fsdaemon_t)
storage_raw_read_removable_device(fsdaemon_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index db99c90..aa85f0d 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.10.0
-Release: 96%{?dist}
+Release: 97%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -478,6 +478,19 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Thu Mar 8 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-97
+- Fix man pages fro domains
+- Add man pages for SELinux users and roles
+- Add storage_dev_filetrans_named_fixed_disk() and use it for smartmon
+- Add policy for matahari-rpcd
+- nfsd executes mount command on restart
+- Matahari domains execute renice and setsched
+- Dontaudit leaked tty in mozilla_plugin_config
+- mailman is changing to a per instance naming
+- Add 7600 and 4447 as jboss_management ports
+- Add fixes for nagios event handlers
+- Label httpd.event as httpd_exec_t, it is an apache daemon
+
* Mon Mar 5 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-96
- Add labeling for /var/spool/postfix/dev/log
- NM reads sysctl.conf
More information about the scm-commits
mailing list