[selinux-policy/f18] * Mon Oct 22 2012 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-42 - pki is leaking which we dontaudit u
Miroslav Grepl
mgrepl at fedoraproject.org
Mon Oct 22 20:24:39 UTC 2012
commit 30d2e18056ddba0b2737b04d408ec854f9f1c264
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Mon Oct 22 22:24:23 2012 +0200
* Mon Oct 22 2012 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-42
- pki is leaking which we dontaudit until a pki code fix
- Allow setcap for arping
- Update man pages
- Add labeling for /usr/sbin/mcollectived
- pki fixes
- Allow smokeping to execute fping in the netutils_t domain
policy-rawhide.patch |14180 ++++++++++++++++++++++++------------------
policy_contrib-rawhide.patch | 45 +-
selinux-policy.spec | 10 +-
3 files changed, 8010 insertions(+), 6225 deletions(-)
---
diff --git a/policy-rawhide.patch b/policy-rawhide.patch
index e5511e4..8466fb9 100644
--- a/policy-rawhide.patch
+++ b/policy-rawhide.patch
@@ -60,11 +60,11 @@ index 313d837..ef3c532 100644
########################################
diff --git a/man/man8/NetworkManager_selinux.8 b/man/man8/NetworkManager_selinux.8
new file mode 100644
-index 0000000..65c8768
+index 0000000..86ccc0e
--- /dev/null
+++ b/man/man8/NetworkManager_selinux.8
-@@ -0,0 +1,314 @@
-+.TH "NetworkManager_selinux" "8" "NetworkManager" "dwalsh at redhat.com" "NetworkManager SELinux Policy documentation"
+@@ -0,0 +1,292 @@
++.TH "NetworkManager_selinux" "8" "12-10-19" "NetworkManager" "SELinux Policy documentation for NetworkManager"
+.SH "NAME"
+NetworkManager_selinux \- Security Enhanced Linux Policy for the NetworkManager processes
+.SH "DESCRIPTION"
@@ -82,7 +82,7 @@ index 0000000..65c8768
+
+The NetworkManager_t SELinux type can be entered via the "NetworkManager_exec_t" file type. The default entrypoint paths for the NetworkManager_t domain are the following:"
+
-+/usr/s?bin/wpa_supplicant, /usr/sbin/wpa_supplicant, /sbin/wpa_supplicant, /usr/sbin/nm-system-settings, /usr/sbin/wicd, /usr/s?bin/NetworkManager, /usr/sbin/NetworkManagerDispatcher
++/usr/s?bin/NetworkManager, /usr/s?bin/wpa_supplicant, /usr/sbin/wicd, /sbin/wpa_supplicant, /usr/sbin/wpa_supplicant, /usr/sbin/nm-system-settings, /usr/sbin/NetworkManagerDispatcher
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -119,10 +119,6 @@ index 0000000..65c8768
+
+- Set files with the NetworkManager_etc_rw_t type, if you want to treat the files as NetworkManager etc read/write content.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/NetworkManager/system-connections(/.*)?, /etc/NetworkManager/NetworkManager\.conf
+
+.EX
+.PP
@@ -139,10 +135,6 @@ index 0000000..65c8768
+
+- Set files with the NetworkManager_exec_t type, if you want to transition an executable to the NetworkManager_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/s?bin/wpa_supplicant, /usr/sbin/wpa_supplicant, /sbin/wpa_supplicant, /usr/sbin/nm-system-settings, /usr/sbin/wicd, /usr/s?bin/NetworkManager, /usr/sbin/NetworkManagerDispatcher
+
+.EX
+.PP
@@ -151,10 +143,6 @@ index 0000000..65c8768
+
+- Set files with the NetworkManager_initrc_exec_t type, if you want to transition an executable to the NetworkManager_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/wicd, /etc/NetworkManager/dispatcher\.d(/.*)?, /usr/libexec/nm-dispatcher.action
+
+.EX
+.PP
@@ -163,10 +151,6 @@ index 0000000..65c8768
+
+- Set files with the NetworkManager_log_t type, if you want to treat the data as NetworkManager log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/wpa_supplicant.*, /var/log/wicd.*
+
+.EX
+.PP
@@ -191,10 +175,6 @@ index 0000000..65c8768
+
+- Set files with the NetworkManager_var_lib_t type, if you want to store the NetworkManager files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/wicd/wired-settings.conf, /var/lib/wicd(/.*)?, /etc/dhcp/wired-settings.conf, /etc/dhcp/wireless-settings.conf, /etc/wicd/manager-settings.conf, /etc/dhcp/manager-settings.conf, /etc/wicd/wireless-settings.conf, /var/lib/NetworkManager(/.*)?
+
+.EX
+.PP
@@ -203,10 +183,6 @@ index 0000000..65c8768
+
+- Set files with the NetworkManager_var_run_t type, if you want to store the NetworkManager files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/nm-dhclient.*, /var/run/wpa_supplicant(/.*)?, /var/run/NetworkManager\.pid, /var/run/wpa_supplicant-global, /var/run/nm-dns-dnsmasq\.conf, /var/run/NetworkManager(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -374,17 +350,19 @@ index 0000000..65c8768
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), NetworkManager(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), NetworkManager(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/abrt_dump_oops_selinux.8 b/man/man8/abrt_dump_oops_selinux.8
new file mode 100644
-index 0000000..71f34f5
+index 0000000..b875c8b
--- /dev/null
+++ b/man/man8/abrt_dump_oops_selinux.8
-@@ -0,0 +1,99 @@
-+.TH "abrt_dump_oops_selinux" "8" "abrt_dump_oops" "dwalsh at redhat.com" "abrt_dump_oops SELinux Policy documentation"
+@@ -0,0 +1,101 @@
++.TH "abrt_dump_oops_selinux" "8" "12-10-19" "abrt_dump_oops" "SELinux Policy documentation for abrt_dump_oops"
+.SH "NAME"
+abrt_dump_oops_selinux \- Security Enhanced Linux Policy for the abrt_dump_oops processes
+.SH "DESCRIPTION"
@@ -478,19 +456,21 @@ index 0000000..71f34f5
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), abrt_dump_oops(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), abrt_dump_oops(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, abrt_selinux(8), abrt_selinux(8), abrt_handle_event_selinux(8), abrt_helper_selinux(8), abrt_retrace_coredump_selinux(8), abrt_retrace_worker_selinux(8), abrt_watch_log_selinux(8)
\ No newline at end of file
diff --git a/man/man8/abrt_handle_event_selinux.8 b/man/man8/abrt_handle_event_selinux.8
new file mode 100644
-index 0000000..a82360a
+index 0000000..40bd92f
--- /dev/null
+++ b/man/man8/abrt_handle_event_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "abrt_handle_event_selinux" "8" "abrt_handle_event" "dwalsh at redhat.com" "abrt_handle_event SELinux Policy documentation"
+@@ -0,0 +1,108 @@
++.TH "abrt_handle_event_selinux" "8" "12-10-19" "abrt_handle_event" "SELinux Policy documentation for abrt_handle_event"
+.SH "NAME"
+abrt_handle_event_selinux \- Security Enhanced Linux Policy for the abrt_handle_event processes
+.SH "DESCRIPTION"
@@ -538,6 +518,13 @@ index 0000000..a82360a
+.B setsebool -P abrt_handle_event 1
+.EE
+
++.PP
++If you want to allow ABRT to run in abrt_handle_event_t domain to handle ABRT event scripts, you must turn on the abrt_handle_event boolean.
++
++.EX
++.B setsebool -P abrt_handle_event 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -564,10 +551,6 @@ index 0000000..a82360a
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type abrt_handle_event_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -588,19 +571,21 @@ index 0000000..a82360a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), abrt_handle_event(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), abrt_handle_event(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), abrt_selinux(8), abrt_selinux(8), abrt_dump_oops_selinux(8), abrt_helper_selinux(8), abrt_retrace_coredump_selinux(8), abrt_retrace_worker_selinux(8), abrt_watch_log_selinux(8)
\ No newline at end of file
diff --git a/man/man8/abrt_helper_selinux.8 b/man/man8/abrt_helper_selinux.8
new file mode 100644
-index 0000000..6208ba6
+index 0000000..55fd159
--- /dev/null
+++ b/man/man8/abrt_helper_selinux.8
-@@ -0,0 +1,113 @@
-+.TH "abrt_helper_selinux" "8" "abrt_helper" "dwalsh at redhat.com" "abrt_helper SELinux Policy documentation"
+@@ -0,0 +1,115 @@
++.TH "abrt_helper_selinux" "8" "12-10-19" "abrt_helper" "SELinux Policy documentation for abrt_helper"
+.SH "NAME"
+abrt_helper_selinux \- Security Enhanced Linux Policy for the abrt_helper processes
+.SH "DESCRIPTION"
@@ -708,19 +693,21 @@ index 0000000..6208ba6
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), abrt_helper(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), abrt_helper(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, abrt_selinux(8), abrt_selinux(8), abrt_dump_oops_selinux(8), abrt_handle_event_selinux(8), abrt_retrace_coredump_selinux(8), abrt_retrace_worker_selinux(8), abrt_watch_log_selinux(8)
\ No newline at end of file
diff --git a/man/man8/abrt_retrace_coredump_selinux.8 b/man/man8/abrt_retrace_coredump_selinux.8
new file mode 100644
-index 0000000..f252940
+index 0000000..f0a5e41
--- /dev/null
+++ b/man/man8/abrt_retrace_coredump_selinux.8
-@@ -0,0 +1,113 @@
-+.TH "abrt_retrace_coredump_selinux" "8" "abrt_retrace_coredump" "dwalsh at redhat.com" "abrt_retrace_coredump SELinux Policy documentation"
+@@ -0,0 +1,115 @@
++.TH "abrt_retrace_coredump_selinux" "8" "12-10-19" "abrt_retrace_coredump" "SELinux Policy documentation for abrt_retrace_coredump"
+.SH "NAME"
+abrt_retrace_coredump_selinux \- Security Enhanced Linux Policy for the abrt_retrace_coredump processes
+.SH "DESCRIPTION"
@@ -828,19 +815,21 @@ index 0000000..f252940
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), abrt_retrace_coredump(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), abrt_retrace_coredump(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, abrt_selinux(8), abrt_selinux(8), abrt_dump_oops_selinux(8), abrt_handle_event_selinux(8), abrt_helper_selinux(8), abrt_retrace_worker_selinux(8), abrt_watch_log_selinux(8)
\ No newline at end of file
diff --git a/man/man8/abrt_retrace_worker_selinux.8 b/man/man8/abrt_retrace_worker_selinux.8
new file mode 100644
-index 0000000..2f3db29
+index 0000000..6badd93
--- /dev/null
+++ b/man/man8/abrt_retrace_worker_selinux.8
-@@ -0,0 +1,101 @@
-+.TH "abrt_retrace_worker_selinux" "8" "abrt_retrace_worker" "dwalsh at redhat.com" "abrt_retrace_worker SELinux Policy documentation"
+@@ -0,0 +1,99 @@
++.TH "abrt_retrace_worker_selinux" "8" "12-10-19" "abrt_retrace_worker" "SELinux Policy documentation for abrt_retrace_worker"
+.SH "NAME"
+abrt_retrace_worker_selinux \- Security Enhanced Linux Policy for the abrt_retrace_worker processes
+.SH "DESCRIPTION"
@@ -858,7 +847,7 @@ index 0000000..2f3db29
+
+The abrt_retrace_worker_t SELinux type can be entered via the "abrt_retrace_worker_exec_t" file type. The default entrypoint paths for the abrt_retrace_worker_t domain are the following:"
+
-+/usr/bin/retrace-server-worker, /usr/bin/abrt-retrace-worker
++/usr/bin/abrt-retrace-worker, /usr/bin/retrace-server-worker
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -895,10 +884,6 @@ index 0000000..2f3db29
+
+- Set files with the abrt_retrace_worker_exec_t type, if you want to transition an executable to the abrt_retrace_worker_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/retrace-server-worker, /usr/bin/abrt-retrace-worker
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -936,19 +921,21 @@ index 0000000..2f3db29
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), abrt_retrace_worker(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), abrt_retrace_worker(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, abrt_selinux(8), abrt_selinux(8), abrt_dump_oops_selinux(8), abrt_handle_event_selinux(8), abrt_helper_selinux(8), abrt_retrace_coredump_selinux(8), abrt_watch_log_selinux(8)
\ No newline at end of file
diff --git a/man/man8/abrt_selinux.8 b/man/man8/abrt_selinux.8
new file mode 100644
-index 0000000..8eb7d9a
+index 0000000..cdb12a6
--- /dev/null
+++ b/man/man8/abrt_selinux.8
-@@ -0,0 +1,355 @@
-+.TH "abrt_selinux" "8" "abrt" "dwalsh at redhat.com" "abrt SELinux Policy documentation"
+@@ -0,0 +1,347 @@
++.TH "abrt_selinux" "8" "12-10-19" "abrt" "SELinux Policy documentation for abrt"
+.SH "NAME"
+abrt_selinux \- Security Enhanced Linux Policy for the abrt processes
+.SH "DESCRIPTION"
@@ -996,6 +983,13 @@ index 0000000..8eb7d9a
+.B setsebool -P abrt_handle_event 1
+.EE
+
++.PP
++If you want to allow ABRT to run in abrt_handle_event_t domain to handle ABRT event scripts, you must turn on the abrt_handle_event boolean.
++
++.EX
++.B setsebool -P abrt_handle_event 1
++.EE
++
+.SH SHARING FILES
+If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
+.TP
@@ -1022,6 +1016,13 @@ index 0000000..8eb7d9a
+.B setsebool -P abrt_anon_write 1
+.EE
+
++.PP
++If you want to allow ABRT to modify public files used for public file transfer services., you must turn on the abrt_anon_write boolean.
++
++.EX
++.B setsebool -P abrt_anon_write 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -1056,10 +1057,6 @@ index 0000000..8eb7d9a
+
+- Set files with the abrt_exec_t type, if you want to transition an executable to the abrt_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/abrtd, /usr/sbin/abrt-dbus
+
+.EX
+.PP
@@ -1092,10 +1089,6 @@ index 0000000..8eb7d9a
+
+- Set files with the abrt_retrace_cache_t type, if you want to store the files under the /var/cache directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/cache/retrace-server(/.*)?, /var/cache/abrt-retrace(/.*)?
+
+.EX
+.PP
@@ -1112,10 +1105,6 @@ index 0000000..8eb7d9a
+
+- Set files with the abrt_retrace_spool_t type, if you want to store the abrt retrace files under the /var/spool directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/spool/retrace-server(/.*)?, /var/spool/abrt-retrace(/.*)?
+
+.EX
+.PP
@@ -1124,10 +1113,6 @@ index 0000000..8eb7d9a
+
+- Set files with the abrt_retrace_worker_exec_t type, if you want to transition an executable to the abrt_retrace_worker_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/retrace-server-worker, /usr/bin/abrt-retrace-worker
+
+.EX
+.PP
@@ -1152,10 +1137,6 @@ index 0000000..8eb7d9a
+
+- Set files with the abrt_var_cache_t type, if you want to store the files under the /var/cache directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/cache/abrt(/.*)?, /var/spool/abrt(/.*)?, /var/cache/abrt-di(/.*)?
+
+.EX
+.PP
@@ -1172,10 +1153,6 @@ index 0000000..8eb7d9a
+
+- Set files with the abrt_var_run_t type, if you want to store the abrt files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/abrtd?\.socket, /var/run/abrtd?\.lock, /var/run/abrt(/.*)?, /var/run/abrt\.pid
+
+.EX
+.PP
@@ -1298,19 +1275,21 @@ index 0000000..8eb7d9a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), abrt(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), abrt(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), abrt_dump_oops_selinux(8), abrt_handle_event_selinux(8), abrt_helper_selinux(8), abrt_retrace_coredump_selinux(8), abrt_retrace_worker_selinux(8), abrt_watch_log_selinux(8)
\ No newline at end of file
diff --git a/man/man8/abrt_watch_log_selinux.8 b/man/man8/abrt_watch_log_selinux.8
new file mode 100644
-index 0000000..110e3c9
+index 0000000..e37300c
--- /dev/null
+++ b/man/man8/abrt_watch_log_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "abrt_watch_log_selinux" "8" "abrt_watch_log" "dwalsh at redhat.com" "abrt_watch_log SELinux Policy documentation"
+@@ -0,0 +1,87 @@
++.TH "abrt_watch_log_selinux" "8" "12-10-19" "abrt_watch_log" "SELinux Policy documentation for abrt_watch_log"
+.SH "NAME"
+abrt_watch_log_selinux \- Security Enhanced Linux Policy for the abrt_watch_log processes
+.SH "DESCRIPTION"
@@ -1373,10 +1352,6 @@ index 0000000..110e3c9
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type abrt_watch_log_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -1394,19 +1369,21 @@ index 0000000..110e3c9
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), abrt_watch_log(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), abrt_watch_log(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, abrt_selinux(8), abrt_selinux(8), abrt_dump_oops_selinux(8), abrt_handle_event_selinux(8), abrt_helper_selinux(8), abrt_retrace_coredump_selinux(8), abrt_retrace_worker_selinux(8)
\ No newline at end of file
diff --git a/man/man8/accountsd_selinux.8 b/man/man8/accountsd_selinux.8
new file mode 100644
-index 0000000..dd7fc21
+index 0000000..536e3cf
--- /dev/null
+++ b/man/man8/accountsd_selinux.8
-@@ -0,0 +1,130 @@
-+.TH "accountsd_selinux" "8" "accountsd" "dwalsh at redhat.com" "accountsd SELinux Policy documentation"
+@@ -0,0 +1,132 @@
++.TH "accountsd_selinux" "8" "12-10-19" "accountsd" "SELinux Policy documentation for accountsd"
+.SH "NAME"
+accountsd_selinux \- Security Enhanced Linux Policy for the accountsd processes
+.SH "DESCRIPTION"
@@ -1532,17 +1509,19 @@ index 0000000..dd7fc21
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), accountsd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), accountsd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/acct_selinux.8 b/man/man8/acct_selinux.8
new file mode 100644
-index 0000000..f6eba23
+index 0000000..169b689
--- /dev/null
+++ b/man/man8/acct_selinux.8
-@@ -0,0 +1,132 @@
-+.TH "acct_selinux" "8" "acct" "dwalsh at redhat.com" "acct SELinux Policy documentation"
+@@ -0,0 +1,126 @@
++.TH "acct_selinux" "8" "12-10-19" "acct" "SELinux Policy documentation for acct"
+.SH "NAME"
+acct_selinux \- Security Enhanced Linux Policy for the acct processes
+.SH "DESCRIPTION"
@@ -1560,7 +1539,7 @@ index 0000000..f6eba23
+
+The acct_t SELinux type can be entered via the "acct_exec_t" file type. The default entrypoint paths for the acct_t domain are the following:"
+
-+/usr/sbin/accton, /sbin/accton, /etc/cron\.(daily|monthly)/acct
++/etc/cron\.(daily|monthly)/acct, /sbin/accton, /usr/sbin/accton
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -1597,10 +1576,6 @@ index 0000000..f6eba23
+
+- Set files with the acct_data_t type, if you want to treat the files as acct content.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/account(/.*)?, /var/account(/.*)?
+
+.EX
+.PP
@@ -1609,10 +1584,6 @@ index 0000000..f6eba23
+
+- Set files with the acct_exec_t type, if you want to transition an executable to the acct_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/accton, /sbin/accton, /etc/cron\.(daily|monthly)/acct
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -1670,17 +1641,19 @@ index 0000000..f6eba23
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), acct(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), acct(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/afs_bosserver_selinux.8 b/man/man8/afs_bosserver_selinux.8
new file mode 100644
-index 0000000..49d6a56
+index 0000000..f348da2
--- /dev/null
+++ b/man/man8/afs_bosserver_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "afs_bosserver_selinux" "8" "afs_bosserver" "dwalsh at redhat.com" "afs_bosserver SELinux Policy documentation"
+@@ -0,0 +1,105 @@
++.TH "afs_bosserver_selinux" "8" "12-10-19" "afs_bosserver" "SELinux Policy documentation for afs_bosserver"
+.SH "NAME"
+afs_bosserver_selinux \- Security Enhanced Linux Policy for the afs_bosserver processes
+.SH "DESCRIPTION"
@@ -1778,19 +1751,21 @@ index 0000000..49d6a56
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), afs_bosserver(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), afs_bosserver(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, afs_selinux(8), afs_selinux(8), afs_fsserver_selinux(8), afs_kaserver_selinux(8), afs_ptserver_selinux(8), afs_vlserver_selinux(8)
\ No newline at end of file
diff --git a/man/man8/afs_fsserver_selinux.8 b/man/man8/afs_fsserver_selinux.8
new file mode 100644
-index 0000000..2ece7ee
+index 0000000..1d77e12
--- /dev/null
+++ b/man/man8/afs_fsserver_selinux.8
-@@ -0,0 +1,117 @@
-+.TH "afs_fsserver_selinux" "8" "afs_fsserver" "dwalsh at redhat.com" "afs_fsserver SELinux Policy documentation"
+@@ -0,0 +1,115 @@
++.TH "afs_fsserver_selinux" "8" "12-10-19" "afs_fsserver" "SELinux Policy documentation for afs_fsserver"
+.SH "NAME"
+afs_fsserver_selinux \- Security Enhanced Linux Policy for the afs_fsserver processes
+.SH "DESCRIPTION"
@@ -1808,7 +1783,7 @@ index 0000000..2ece7ee
+
+The afs_fsserver_t SELinux type can be entered via the "afs_fsserver_exec_t" file type. The default entrypoint paths for the afs_fsserver_t domain are the following:"
+
-+/usr/afs/bin/volserver, /usr/afs/bin/fileserver, /usr/afs/bin/salvager
++/usr/afs/bin/salvager, /usr/afs/bin/volserver, /usr/afs/bin/fileserver
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -1845,10 +1820,6 @@ index 0000000..2ece7ee
+
+- Set files with the afs_fsserver_exec_t type, if you want to transition an executable to the afs_fsserver_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/afs/bin/volserver, /usr/afs/bin/fileserver, /usr/afs/bin/salvager
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -1902,19 +1873,21 @@ index 0000000..2ece7ee
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), afs_fsserver(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), afs_fsserver(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, afs_selinux(8), afs_selinux(8), afs_bosserver_selinux(8), afs_kaserver_selinux(8), afs_ptserver_selinux(8), afs_vlserver_selinux(8)
\ No newline at end of file
diff --git a/man/man8/afs_kaserver_selinux.8 b/man/man8/afs_kaserver_selinux.8
new file mode 100644
-index 0000000..8e77b36
+index 0000000..2604018
--- /dev/null
+++ b/man/man8/afs_kaserver_selinux.8
-@@ -0,0 +1,109 @@
-+.TH "afs_kaserver_selinux" "8" "afs_kaserver" "dwalsh at redhat.com" "afs_kaserver SELinux Policy documentation"
+@@ -0,0 +1,111 @@
++.TH "afs_kaserver_selinux" "8" "12-10-19" "afs_kaserver" "SELinux Policy documentation for afs_kaserver"
+.SH "NAME"
+afs_kaserver_selinux \- Security Enhanced Linux Policy for the afs_kaserver processes
+.SH "DESCRIPTION"
@@ -2018,19 +1991,21 @@ index 0000000..8e77b36
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), afs_kaserver(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), afs_kaserver(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, afs_selinux(8), afs_selinux(8), afs_bosserver_selinux(8), afs_fsserver_selinux(8), afs_ptserver_selinux(8), afs_vlserver_selinux(8)
\ No newline at end of file
diff --git a/man/man8/afs_ptserver_selinux.8 b/man/man8/afs_ptserver_selinux.8
new file mode 100644
-index 0000000..72ef400
+index 0000000..07a13ec
--- /dev/null
+++ b/man/man8/afs_ptserver_selinux.8
-@@ -0,0 +1,101 @@
-+.TH "afs_ptserver_selinux" "8" "afs_ptserver" "dwalsh at redhat.com" "afs_ptserver SELinux Policy documentation"
+@@ -0,0 +1,103 @@
++.TH "afs_ptserver_selinux" "8" "12-10-19" "afs_ptserver" "SELinux Policy documentation for afs_ptserver"
+.SH "NAME"
+afs_ptserver_selinux \- Security Enhanced Linux Policy for the afs_ptserver processes
+.SH "DESCRIPTION"
@@ -2126,19 +2101,21 @@ index 0000000..72ef400
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), afs_ptserver(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), afs_ptserver(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, afs_selinux(8), afs_selinux(8), afs_bosserver_selinux(8), afs_fsserver_selinux(8), afs_kaserver_selinux(8), afs_vlserver_selinux(8)
\ No newline at end of file
diff --git a/man/man8/afs_selinux.8 b/man/man8/afs_selinux.8
new file mode 100644
-index 0000000..4fcd18a
+index 0000000..a24371e
--- /dev/null
+++ b/man/man8/afs_selinux.8
-@@ -0,0 +1,374 @@
-+.TH "afs_selinux" "8" "afs" "dwalsh at redhat.com" "afs SELinux Policy documentation"
+@@ -0,0 +1,352 @@
++.TH "afs_selinux" "8" "12-10-19" "afs" "SELinux Policy documentation for afs"
+.SH "NAME"
+afs_selinux \- Security Enhanced Linux Policy for the afs processes
+.SH "DESCRIPTION"
@@ -2156,7 +2133,7 @@ index 0000000..4fcd18a
+
+The afs_t SELinux type can be entered via the "afs_exec_t" file type. The default entrypoint paths for the afs_t domain are the following:"
+
-+/usr/vice/etc/afsd, /usr/sbin/afsd
++/usr/sbin/afsd, /usr/vice/etc/afsd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -2201,10 +2178,6 @@ index 0000000..4fcd18a
+
+- Set files with the afs_cache_t type, if you want to store the files under the /var/cache directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/cache/afs(/.*)?, /usr/vice/cache(/.*)?
+
+.EX
+.PP
@@ -2213,10 +2186,6 @@ index 0000000..4fcd18a
+
+- Set files with the afs_config_t type, if you want to treat the files as afs configuration data, usually stored under the /etc directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/afs/local(/.*)?, /usr/afs/etc(/.*)?
+
+.EX
+.PP
@@ -2233,10 +2202,6 @@ index 0000000..4fcd18a
+
+- Set files with the afs_exec_t type, if you want to transition an executable to the afs_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/vice/etc/afsd, /usr/sbin/afsd
+
+.EX
+.PP
@@ -2245,10 +2210,6 @@ index 0000000..4fcd18a
+
+- Set files with the afs_files_t type, if you want to treat the files as afs content.
+
-+.br
-+.TP 5
-+Paths:
-+/vicepc, /vicepb, /vicepa
+
+.EX
+.PP
@@ -2257,10 +2218,6 @@ index 0000000..4fcd18a
+
+- Set files with the afs_fsserver_exec_t type, if you want to transition an executable to the afs_fsserver_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/afs/bin/volserver, /usr/afs/bin/fileserver, /usr/afs/bin/salvager
+
+.EX
+.PP
@@ -2269,10 +2226,6 @@ index 0000000..4fcd18a
+
+- Set files with the afs_initrc_exec_t type, if you want to transition an executable to the afs_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/afs, /etc/rc\.d/init\.d/openafs-client
+
+.EX
+.PP
@@ -2462,10 +2415,10 @@ index 0000000..4fcd18a
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -2507,19 +2460,21 @@ index 0000000..4fcd18a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), afs(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), afs(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, afs_bosserver_selinux(8), afs_fsserver_selinux(8), afs_kaserver_selinux(8), afs_ptserver_selinux(8), afs_vlserver_selinux(8)
\ No newline at end of file
diff --git a/man/man8/afs_vlserver_selinux.8 b/man/man8/afs_vlserver_selinux.8
new file mode 100644
-index 0000000..e05af72
+index 0000000..cda5c42
--- /dev/null
+++ b/man/man8/afs_vlserver_selinux.8
-@@ -0,0 +1,101 @@
-+.TH "afs_vlserver_selinux" "8" "afs_vlserver" "dwalsh at redhat.com" "afs_vlserver SELinux Policy documentation"
+@@ -0,0 +1,103 @@
++.TH "afs_vlserver_selinux" "8" "12-10-19" "afs_vlserver" "SELinux Policy documentation for afs_vlserver"
+.SH "NAME"
+afs_vlserver_selinux \- Security Enhanced Linux Policy for the afs_vlserver processes
+.SH "DESCRIPTION"
@@ -2615,19 +2570,21 @@ index 0000000..e05af72
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), afs_vlserver(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), afs_vlserver(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, afs_selinux(8), afs_selinux(8), afs_bosserver_selinux(8), afs_fsserver_selinux(8), afs_kaserver_selinux(8), afs_ptserver_selinux(8)
\ No newline at end of file
diff --git a/man/man8/aiccu_selinux.8 b/man/man8/aiccu_selinux.8
new file mode 100644
-index 0000000..16c836c
+index 0000000..fa87757
--- /dev/null
+++ b/man/man8/aiccu_selinux.8
-@@ -0,0 +1,118 @@
-+.TH "aiccu_selinux" "8" "aiccu" "dwalsh at redhat.com" "aiccu SELinux Policy documentation"
+@@ -0,0 +1,120 @@
++.TH "aiccu_selinux" "8" "12-10-19" "aiccu" "SELinux Policy documentation for aiccu"
+.SH "NAME"
+aiccu_selinux \- Security Enhanced Linux Policy for the aiccu processes
+.SH "DESCRIPTION"
@@ -2741,17 +2698,19 @@ index 0000000..16c836c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), aiccu(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), aiccu(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/aide_selinux.8 b/man/man8/aide_selinux.8
new file mode 100644
-index 0000000..57ff4a2
+index 0000000..558980e
--- /dev/null
+++ b/man/man8/aide_selinux.8
-@@ -0,0 +1,122 @@
-+.TH "aide_selinux" "8" "aide" "dwalsh at redhat.com" "aide SELinux Policy documentation"
+@@ -0,0 +1,120 @@
++.TH "aide_selinux" "8" "12-10-19" "aide" "SELinux Policy documentation for aide"
+.SH "NAME"
+aide_selinux \- Security Enhanced Linux Policy for the aide processes
+.SH "DESCRIPTION"
@@ -2822,10 +2781,6 @@ index 0000000..57ff4a2
+
+- Set files with the aide_log_t type, if you want to treat the data as aide log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/aide\.log.*, /var/log/aide(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -2869,17 +2824,19 @@ index 0000000..57ff4a2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), aide(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), aide(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/aisexec_selinux.8 b/man/man8/aisexec_selinux.8
new file mode 100644
-index 0000000..2327fe6
+index 0000000..2590859
--- /dev/null
+++ b/man/man8/aisexec_selinux.8
-@@ -0,0 +1,204 @@
-+.TH "aisexec_selinux" "8" "aisexec" "dwalsh at redhat.com" "aisexec SELinux Policy documentation"
+@@ -0,0 +1,206 @@
++.TH "aisexec_selinux" "8" "12-10-19" "aisexec" "SELinux Policy documentation for aisexec"
+.SH "NAME"
+aisexec_selinux \- Security Enhanced Linux Policy for the aisexec processes
+.SH "DESCRIPTION"
@@ -3079,17 +3036,19 @@ index 0000000..2327fe6
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), aisexec(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), aisexec(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ajaxterm_selinux.8 b/man/man8/ajaxterm_selinux.8
new file mode 100644
-index 0000000..0e75606
+index 0000000..bb9df23
--- /dev/null
+++ b/man/man8/ajaxterm_selinux.8
-@@ -0,0 +1,180 @@
-+.TH "ajaxterm_selinux" "8" "ajaxterm" "dwalsh at redhat.com" "ajaxterm SELinux Policy documentation"
+@@ -0,0 +1,184 @@
++.TH "ajaxterm_selinux" "8" "12-10-19" "ajaxterm" "SELinux Policy documentation for ajaxterm"
+.SH "NAME"
+ajaxterm_selinux \- Security Enhanced Linux Policy for the ajaxterm processes
+.SH "DESCRIPTION"
@@ -3206,6 +3165,8 @@ index 0000000..0e75606
+
+ /root/\.ssh(/.*)?
+.br
++ /var/lib/openshift/[^/]+/\.ssh(/.*)?
++.br
+ /var/lib/amanda/\.ssh(/.*)?
+.br
+ /var/lib/stickshift/[^/]+/\.ssh(/.*)?
@@ -3265,17 +3226,19 @@ index 0000000..0e75606
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ajaxterm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ajaxterm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/alsa_selinux.8 b/man/man8/alsa_selinux.8
new file mode 100644
-index 0000000..cf09172
+index 0000000..0c3c792
--- /dev/null
+++ b/man/man8/alsa_selinux.8
-@@ -0,0 +1,176 @@
-+.TH "alsa_selinux" "8" "alsa" "dwalsh at redhat.com" "alsa SELinux Policy documentation"
+@@ -0,0 +1,170 @@
++.TH "alsa_selinux" "8" "12-10-19" "alsa" "SELinux Policy documentation for alsa"
+.SH "NAME"
+alsa_selinux \- Security Enhanced Linux Policy for the alsa processes
+.SH "DESCRIPTION"
@@ -3293,7 +3256,7 @@ index 0000000..cf09172
+
+The alsa_t SELinux type can be entered via the "alsa_exec_t" file type. The default entrypoint paths for the alsa_t domain are the following:"
+
-+/usr/sbin/salsa, /usr/bin/ainit, /usr/bin/alsaunmute, /sbin/salsa, /usr/sbin/alsactl, /sbin/alsactl, /bin/alsaunmute
++/sbin/salsa, /sbin/alsactl, /usr/bin/ainit, /bin/alsaunmute, /usr/sbin/salsa, /usr/sbin/alsactl, /usr/bin/alsaunmute
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -3330,10 +3293,6 @@ index 0000000..cf09172
+
+- Set files with the alsa_etc_rw_t type, if you want to treat the files as alsa etc read/write content.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/alsa/pcm(/.*)?, /etc/alsa/asound\.state, /usr/share/alsa/pcm(/.*)?, /etc/asound\.state, /etc/asound(/.*)?, /usr/share/alsa/alsa\.conf
+
+.EX
+.PP
@@ -3342,10 +3301,6 @@ index 0000000..cf09172
+
+- Set files with the alsa_exec_t type, if you want to transition an executable to the alsa_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/salsa, /usr/bin/ainit, /usr/bin/alsaunmute, /sbin/salsa, /usr/sbin/alsactl, /sbin/alsactl, /bin/alsaunmute
+
+.EX
+.PP
@@ -3447,17 +3402,19 @@ index 0000000..cf09172
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), alsa(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), alsa(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/amanda_recover_selinux.8 b/man/man8/amanda_recover_selinux.8
new file mode 100644
-index 0000000..6d4c3b8
+index 0000000..a99b9cb
--- /dev/null
+++ b/man/man8/amanda_recover_selinux.8
-@@ -0,0 +1,129 @@
-+.TH "amanda_recover_selinux" "8" "amanda_recover" "dwalsh at redhat.com" "amanda_recover SELinux Policy documentation"
+@@ -0,0 +1,131 @@
++.TH "amanda_recover_selinux" "8" "12-10-19" "amanda_recover" "SELinux Policy documentation for amanda_recover"
+.SH "NAME"
+amanda_recover_selinux \- Security Enhanced Linux Policy for the amanda_recover processes
+.SH "DESCRIPTION"
@@ -3581,19 +3538,21 @@ index 0000000..6d4c3b8
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), amanda_recover(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), amanda_recover(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, amanda_selinux(8), amanda_selinux(8)
\ No newline at end of file
diff --git a/man/man8/amanda_selinux.8 b/man/man8/amanda_selinux.8
new file mode 100644
-index 0000000..c9c7a70
+index 0000000..9161d06
--- /dev/null
+++ b/man/man8/amanda_selinux.8
-@@ -0,0 +1,295 @@
-+.TH "amanda_selinux" "8" "amanda" "dwalsh at redhat.com" "amanda SELinux Policy documentation"
+@@ -0,0 +1,277 @@
++.TH "amanda_selinux" "8" "12-10-19" "amanda" "SELinux Policy documentation for amanda"
+.SH "NAME"
+amanda_selinux \- Security Enhanced Linux Policy for the amanda processes
+.SH "DESCRIPTION"
@@ -3611,7 +3570,7 @@ index 0000000..c9c7a70
+
+The amanda_t SELinux type can be entered via the "amanda_exec_t,amanda_inetd_exec_t" file types. The default entrypoint paths for the amanda_t domain are the following:"
+
-+/usr/lib/amanda/.+, /usr/lib/amanda/amindexd, /usr/lib/amanda/amidxtaped, /usr/lib/amanda/amandad
++/usr/lib/amanda/.+, /usr/lib/amanda/amandad, /usr/lib/amanda/amindexd, /usr/lib/amanda/amidxtaped
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -3656,10 +3615,6 @@ index 0000000..c9c7a70
+
+- Set files with the amanda_config_t type, if you want to treat the files as amanda configuration data, usually stored under the /etc directory.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/amanda(/.*)?, /var/lib/amanda/\.amandahosts
+
+.EX
+.PP
@@ -3668,10 +3623,6 @@ index 0000000..c9c7a70
+
+- Set files with the amanda_data_t type, if you want to treat the files as amanda content.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/amanda/[^/]+(/.*)?, /etc/amanda/.*/tapelist(/.*)?, /etc/amanda/.*/index(/.*)?
+
+.EX
+.PP
@@ -3704,10 +3655,6 @@ index 0000000..c9c7a70
+
+- Set files with the amanda_inetd_exec_t type, if you want to transition an executable to the amanda_inetd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/amanda/amindexd, /usr/lib/amanda/amidxtaped, /usr/lib/amanda/amandad
+
+.EX
+.PP
@@ -3716,10 +3663,6 @@ index 0000000..c9c7a70
+
+- Set files with the amanda_log_t type, if you want to treat the data as amanda log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/amanda(/.*)?, /var/lib/amanda/[^/]*/log(/.*)?
+
+.EX
+.PP
@@ -3760,10 +3703,6 @@ index 0000000..c9c7a70
+
+- Set files with the amanda_var_lib_t type, if you want to store the amanda files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/amanda/[^/]+/index(/.*)?, /var/lib/amanda
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -3883,19 +3822,21 @@ index 0000000..c9c7a70
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), amanda(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), amanda(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, amanda_recover_selinux(8)
\ No newline at end of file
diff --git a/man/man8/amavis_selinux.8 b/man/man8/amavis_selinux.8
new file mode 100644
-index 0000000..24e30ba
+index 0000000..4dc37f2
--- /dev/null
+++ b/man/man8/amavis_selinux.8
-@@ -0,0 +1,286 @@
-+.TH "amavis_selinux" "8" "amavis" "dwalsh at redhat.com" "amavis SELinux Policy documentation"
+@@ -0,0 +1,283 @@
++.TH "amavis_selinux" "8" "12-10-19" "amavis" "SELinux Policy documentation for amavis"
+.SH "NAME"
+amavis_selinux \- Security Enhanced Linux Policy for the amavis processes
+.SH "DESCRIPTION"
@@ -3943,6 +3884,13 @@ index 0000000..24e30ba
+.B setsebool -P amavis_use_jit 1
+.EE
+
++.PP
++If you want to allow amavis to use JIT compiler, you must turn on the amavis_use_jit boolean.
++
++.EX
++.B setsebool -P amavis_use_jit 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -3961,10 +3909,6 @@ index 0000000..24e30ba
+
+- Set files with the amavis_etc_t type, if you want to store amavis files in the /etc directories.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/amavisd(/.*)?, /etc/amavis(d)?\.conf
+
+.EX
+.PP
@@ -3973,10 +3917,6 @@ index 0000000..24e30ba
+
+- Set files with the amavis_exec_t type, if you want to transition an executable to the amavis_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/amavisd.*, /usr/lib/AntiVir/antivir
+
+.EX
+.PP
@@ -3985,10 +3925,6 @@ index 0000000..24e30ba
+
+- Set files with the amavis_initrc_exec_t type, if you want to transition an executable to the amavis_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/amavis, /etc/rc\.d/init\.d/amavisd-snmp
+
+.EX
+.PP
@@ -4021,10 +3957,6 @@ index 0000000..24e30ba
+
+- Set files with the amavis_var_lib_t type, if you want to store the amavis files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/amavis(/.*)?, /var/opt/f-secure(/.*)?, /var/amavis(/.*)?
+
+.EX
+.PP
@@ -4110,8 +4042,6 @@ index 0000000..24e30ba
+.br
+ /var/lib/amavis(/.*)?
+.br
-+ /var/opt/f-secure(/.*)?
-+.br
+
+.br
+.B amavis_var_log_t
@@ -4126,6 +4056,12 @@ index 0000000..24e30ba
+.br
+
+.br
++.B antivirus_db_t
++
++ /var/opt/f-secure(/.*)?
++.br
++
++.br
+.B snmpd_var_lib_t
+
+ /var/agentx(/.*)?
@@ -4176,19 +4112,21 @@ index 0000000..24e30ba
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), amavis(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), amavis(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/amtu_selinux.8 b/man/man8/amtu_selinux.8
new file mode 100644
-index 0000000..9b2fbbc
+index 0000000..a5884c1
--- /dev/null
+++ b/man/man8/amtu_selinux.8
-@@ -0,0 +1,100 @@
-+.TH "amtu_selinux" "8" "amtu" "dwalsh at redhat.com" "amtu SELinux Policy documentation"
+@@ -0,0 +1,102 @@
++.TH "amtu_selinux" "8" "12-10-19" "amtu" "SELinux Policy documentation for amtu"
+.SH "NAME"
+amtu_selinux \- Security Enhanced Linux Policy for the amtu processes
+.SH "DESCRIPTION"
@@ -4284,17 +4222,19 @@ index 0000000..9b2fbbc
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), amtu(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), amtu(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/apcupsd_selinux.8 b/man/man8/apcupsd_selinux.8
new file mode 100644
-index 0000000..c08deee
+index 0000000..f9dde96
--- /dev/null
+++ b/man/man8/apcupsd_selinux.8
-@@ -0,0 +1,270 @@
-+.TH "apcupsd_selinux" "8" "apcupsd" "dwalsh at redhat.com" "apcupsd SELinux Policy documentation"
+@@ -0,0 +1,264 @@
++.TH "apcupsd_selinux" "8" "12-10-19" "apcupsd" "SELinux Policy documentation for apcupsd"
+.SH "NAME"
+apcupsd_selinux \- Security Enhanced Linux Policy for the apcupsd processes
+.SH "DESCRIPTION"
@@ -4349,10 +4289,6 @@ index 0000000..c08deee
+
+- Set files with the apcupsd_exec_t type, if you want to transition an executable to the apcupsd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/apcupsd, /usr/sbin/apcupsd
+
+.EX
+.PP
@@ -4377,10 +4313,6 @@ index 0000000..c08deee
+
+- Set files with the apcupsd_log_t type, if you want to treat the data as apcupsd log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/apcupsd\.status.*, /var/log/apcupsd\.events.*
+
+.EX
+.PP
@@ -4499,10 +4431,10 @@ index 0000000..c08deee
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -4560,17 +4492,19 @@ index 0000000..c08deee
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), apcupsd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), apcupsd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/apm_selinux.8 b/man/man8/apm_selinux.8
new file mode 100644
-index 0000000..a07ae78
+index 0000000..fb2cd8f
--- /dev/null
+++ b/man/man8/apm_selinux.8
-@@ -0,0 +1,159 @@
-+.TH "apm_selinux" "8" "apm" "dwalsh at redhat.com" "apm SELinux Policy documentation"
+@@ -0,0 +1,149 @@
++.TH "apm_selinux" "8" "12-10-19" "apm" "SELinux Policy documentation for apm"
+.SH "NAME"
+apm_selinux \- Security Enhanced Linux Policy for the apm processes
+.SH "DESCRIPTION"
@@ -4633,10 +4567,6 @@ index 0000000..a07ae78
+
+- Set files with the apmd_exec_t type, if you want to transition an executable to the apmd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/powersaved, /usr/sbin/acpid, /usr/sbin/apmd
+
+.EX
+.PP
@@ -4677,10 +4607,6 @@ index 0000000..a07ae78
+
+- Set files with the apmd_var_run_t type, if you want to store the apmd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/\.?acpid\.socket, /var/run/apmd\.pid, /var/run/powersaved\.pid, /var/run/powersave_socket
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -4689,10 +4615,6 @@ index 0000000..a07ae78
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type apm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -4724,19 +4646,21 @@ index 0000000..a07ae78
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), apm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), apm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, apmd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/apmd_selinux.8 b/man/man8/apmd_selinux.8
new file mode 100644
-index 0000000..ce8e64e
+index 0000000..bebe5b0
--- /dev/null
+++ b/man/man8/apmd_selinux.8
-@@ -0,0 +1,235 @@
-+.TH "apmd_selinux" "8" "apmd" "dwalsh at redhat.com" "apmd SELinux Policy documentation"
+@@ -0,0 +1,229 @@
++.TH "apmd_selinux" "8" "12-10-19" "apmd" "SELinux Policy documentation for apmd"
+.SH "NAME"
+apmd_selinux \- Security Enhanced Linux Policy for the apmd processes
+.SH "DESCRIPTION"
@@ -4754,7 +4678,7 @@ index 0000000..ce8e64e
+
+The apmd_t SELinux type can be entered via the "apmd_exec_t" file type. The default entrypoint paths for the apmd_t domain are the following:"
+
-+/usr/sbin/powersaved, /usr/sbin/acpid, /usr/sbin/apmd
++/usr/sbin/apmd, /usr/sbin/acpid, /usr/sbin/powersaved
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -4791,10 +4715,6 @@ index 0000000..ce8e64e
+
+- Set files with the apmd_exec_t type, if you want to transition an executable to the apmd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/powersaved, /usr/sbin/acpid, /usr/sbin/apmd
+
+.EX
+.PP
@@ -4835,10 +4755,6 @@ index 0000000..ce8e64e
+
+- Set files with the apmd_var_run_t type, if you want to store the apmd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/\.?acpid\.socket, /var/run/apmd\.pid, /var/run/powersaved\.pid, /var/run/powersave_socket
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -4966,19 +4882,21 @@ index 0000000..ce8e64e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), apmd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), apmd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, apm_selinux(8), apm_selinux(8)
\ No newline at end of file
diff --git a/man/man8/arpwatch_selinux.8 b/man/man8/arpwatch_selinux.8
new file mode 100644
-index 0000000..5eccc0b
+index 0000000..6bbce9a
--- /dev/null
+++ b/man/man8/arpwatch_selinux.8
-@@ -0,0 +1,162 @@
-+.TH "arpwatch_selinux" "8" "arpwatch" "dwalsh at redhat.com" "arpwatch SELinux Policy documentation"
+@@ -0,0 +1,160 @@
++.TH "arpwatch_selinux" "8" "12-10-19" "arpwatch" "SELinux Policy documentation for arpwatch"
+.SH "NAME"
+arpwatch_selinux \- Security Enhanced Linux Policy for the arpwatch processes
+.SH "DESCRIPTION"
@@ -5033,10 +4951,6 @@ index 0000000..5eccc0b
+
+- Set files with the arpwatch_data_t type, if you want to treat the files as arpwatch content.
+
-+.br
-+.TP 5
-+Paths:
-+/var/arpwatch(/.*)?, /var/lib/arpwatch(/.*)?
+
+.EX
+.PP
@@ -5136,17 +5050,19 @@ index 0000000..5eccc0b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), arpwatch(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), arpwatch(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/asterisk_selinux.8 b/man/man8/asterisk_selinux.8
new file mode 100644
-index 0000000..ce8533a
+index 0000000..cc69a71
--- /dev/null
+++ b/man/man8/asterisk_selinux.8
-@@ -0,0 +1,226 @@
-+.TH "asterisk_selinux" "8" "asterisk" "dwalsh at redhat.com" "asterisk SELinux Policy documentation"
+@@ -0,0 +1,228 @@
++.TH "asterisk_selinux" "8" "12-10-19" "asterisk" "SELinux Policy documentation for asterisk"
+.SH "NAME"
+asterisk_selinux \- Security Enhanced Linux Policy for the asterisk processes
+.SH "DESCRIPTION"
@@ -5368,17 +5284,19 @@ index 0000000..ce8533a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), asterisk(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), asterisk(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/audisp_remote_selinux.8 b/man/man8/audisp_remote_selinux.8
new file mode 100644
-index 0000000..8e4c00f
+index 0000000..2d38bd7
--- /dev/null
+++ b/man/man8/audisp_remote_selinux.8
-@@ -0,0 +1,121 @@
-+.TH "audisp_remote_selinux" "8" "audisp_remote" "dwalsh at redhat.com" "audisp_remote SELinux Policy documentation"
+@@ -0,0 +1,119 @@
++.TH "audisp_remote_selinux" "8" "12-10-19" "audisp_remote" "SELinux Policy documentation for audisp_remote"
+.SH "NAME"
+audisp_remote_selinux \- Security Enhanced Linux Policy for the audisp_remote processes
+.SH "DESCRIPTION"
@@ -5396,7 +5314,7 @@ index 0000000..8e4c00f
+
+The audisp_remote_t SELinux type can be entered via the "audisp_remote_exec_t" file type. The default entrypoint paths for the audisp_remote_t domain are the following:"
+
-+/usr/sbin/audisp-remote, /sbin/audisp-remote
++/sbin/audisp-remote, /usr/sbin/audisp-remote
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -5433,10 +5351,6 @@ index 0000000..8e4c00f
+
+- Set files with the audisp_remote_exec_t type, if you want to transition an executable to the audisp_remote_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/audisp-remote, /sbin/audisp-remote
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -5494,19 +5408,21 @@ index 0000000..8e4c00f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), audisp_remote(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), audisp_remote(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, audisp_selinux(8), audisp_selinux(8)
\ No newline at end of file
diff --git a/man/man8/audisp_selinux.8 b/man/man8/audisp_selinux.8
new file mode 100644
-index 0000000..46ac866
+index 0000000..9809429
--- /dev/null
+++ b/man/man8/audisp_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "audisp_selinux" "8" "audisp" "dwalsh at redhat.com" "audisp SELinux Policy documentation"
+@@ -0,0 +1,117 @@
++.TH "audisp_selinux" "8" "12-10-19" "audisp" "SELinux Policy documentation for audisp"
+.SH "NAME"
+audisp_selinux \- Security Enhanced Linux Policy for the audisp processes
+.SH "DESCRIPTION"
@@ -5561,10 +5477,6 @@ index 0000000..46ac866
+
+- Set files with the audisp_exec_t type, if you want to transition an executable to the audisp_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/audispd, /usr/sbin/audispd
+
+.EX
+.PP
@@ -5573,10 +5485,6 @@ index 0000000..46ac866
+
+- Set files with the audisp_remote_exec_t type, if you want to transition an executable to the audisp_remote_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/audisp-remote, /sbin/audisp-remote
+
+.EX
+.PP
@@ -5593,10 +5501,6 @@ index 0000000..46ac866
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type audisp_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -5628,18 +5532,20 @@ index 0000000..46ac866
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), audisp(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), audisp(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, audisp_remote_selinux(8)
\ No newline at end of file
diff --git a/man/man8/auditadm_selinux.8 b/man/man8/auditadm_selinux.8
new file mode 100644
-index 0000000..9606db3
+index 0000000..ba7eafd
--- /dev/null
+++ b/man/man8/auditadm_selinux.8
-@@ -0,0 +1,240 @@
+@@ -0,0 +1,242 @@
+.TH "auditadm_selinux" "8" "auditadm" "mgrepl at redhat.com" "auditadm SELinux Policy documentation"
+.SH "NAME"
+auditadm_r \- \fBAudit administrator role\fP - Security Enhanced Linux Policy
@@ -5686,7 +5592,7 @@ index 0000000..9606db3
+SELinux policy also controls which roles can transition to a different role.
+You can list these rules using the following command.
+
-+.B sesearch --role_allow
++.B search --role_allow
+
+SELinux policy allows the sysadm_r, secadm_r, staff_r roles can transition to the auditadm_r role.
+
@@ -5876,17 +5782,19 @@ index 0000000..9606db3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), auditadm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), auditadm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/auditctl_selinux.8 b/man/man8/auditctl_selinux.8
new file mode 100644
-index 0000000..574ee84
+index 0000000..b93503d
--- /dev/null
+++ b/man/man8/auditctl_selinux.8
-@@ -0,0 +1,92 @@
-+.TH "auditctl_selinux" "8" "auditctl" "dwalsh at redhat.com" "auditctl SELinux Policy documentation"
+@@ -0,0 +1,86 @@
++.TH "auditctl_selinux" "8" "12-10-19" "auditctl" "SELinux Policy documentation for auditctl"
+.SH "NAME"
+auditctl_selinux \- Security Enhanced Linux Policy for the auditctl processes
+.SH "DESCRIPTION"
@@ -5941,10 +5849,6 @@ index 0000000..574ee84
+
+- Set files with the auditctl_exec_t type, if you want to transition an executable to the auditctl_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/auditctl, /usr/sbin/auditctl
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -5953,10 +5857,6 @@ index 0000000..574ee84
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type auditctl_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -5974,17 +5874,19 @@ index 0000000..574ee84
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), auditctl(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), auditctl(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/auditd_selinux.8 b/man/man8/auditd_selinux.8
new file mode 100644
-index 0000000..a991ae1
+index 0000000..ac6fad6
--- /dev/null
+++ b/man/man8/auditd_selinux.8
-@@ -0,0 +1,211 @@
-+.TH "auditd_selinux" "8" "auditd" "dwalsh at redhat.com" "auditd SELinux Policy documentation"
+@@ -0,0 +1,201 @@
++.TH "auditd_selinux" "8" "12-10-19" "auditd" "SELinux Policy documentation for auditd"
+.SH "NAME"
+auditd_selinux \- Security Enhanced Linux Policy for the auditd processes
+.SH "DESCRIPTION"
@@ -6047,10 +5949,6 @@ index 0000000..a991ae1
+
+- Set files with the auditd_exec_t type, if you want to transition an executable to the auditd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/auditd, /usr/sbin/auditd
+
+.EX
+.PP
@@ -6067,10 +5965,6 @@ index 0000000..a991ae1
+
+- Set files with the auditd_log_t type, if you want to treat the data as auditd log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/audit(/.*)?, /var/log/audit\.log
+
+.EX
+.PP
@@ -6087,10 +5981,6 @@ index 0000000..a991ae1
+
+- Set files with the auditd_var_run_t type, if you want to store the auditd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/audit_events, /var/run/auditd_sock, /var/run/auditd\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -6190,19 +6080,21 @@ index 0000000..a991ae1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), auditd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), auditd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, auditadm_selinux(8), auditctl_selinux(8)
\ No newline at end of file
diff --git a/man/man8/automount_selinux.8 b/man/man8/automount_selinux.8
new file mode 100644
-index 0000000..74ebe46
+index 0000000..b65c89a
--- /dev/null
+++ b/man/man8/automount_selinux.8
-@@ -0,0 +1,178 @@
-+.TH "automount_selinux" "8" "automount" "dwalsh at redhat.com" "automount SELinux Policy documentation"
+@@ -0,0 +1,176 @@
++.TH "automount_selinux" "8" "12-10-19" "automount" "SELinux Policy documentation for automount"
+.SH "NAME"
+automount_selinux \- Security Enhanced Linux Policy for the automount processes
+.SH "DESCRIPTION"
@@ -6257,10 +6149,6 @@ index 0000000..74ebe46
+
+- Set files with the automount_exec_t type, if you want to transition an executable to the automount_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/automount, /etc/apm/event\.d/autofs
+
+.EX
+.PP
@@ -6376,17 +6264,19 @@ index 0000000..74ebe46
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), automount(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), automount(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/avahi_selinux.8 b/man/man8/avahi_selinux.8
new file mode 100644
-index 0000000..9dbaaf6
+index 0000000..6c70cab
--- /dev/null
+++ b/man/man8/avahi_selinux.8
-@@ -0,0 +1,191 @@
-+.TH "avahi_selinux" "8" "avahi" "dwalsh at redhat.com" "avahi SELinux Policy documentation"
+@@ -0,0 +1,196 @@
++.TH "avahi_selinux" "8" "12-10-19" "avahi" "SELinux Policy documentation for avahi"
+.SH "NAME"
+avahi_selinux \- Security Enhanced Linux Policy for the avahi processes
+.SH "DESCRIPTION"
@@ -6404,7 +6294,7 @@ index 0000000..9dbaaf6
+
+The avahi_t SELinux type can be entered via the "avahi_exec_t" file type. The default entrypoint paths for the avahi_t domain are the following:"
+
-+/usr/sbin/avahi-dnsconfd, /usr/sbin/avahi-autoipd, /usr/sbin/avahi-daemon
++/usr/sbin/avahi-daemon, /usr/sbin/avahi-autoipd, /usr/sbin/avahi-dnsconfd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -6434,6 +6324,13 @@ index 0000000..9dbaaf6
+.B setsebool -P httpd_dbus_avahi 1
+.EE
+
++.PP
++If you want to allow Apache to communicate with avahi service via dbus, you must turn on the httpd_dbus_avahi boolean.
++
++.EX
++.B setsebool -P httpd_dbus_avahi 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -6452,10 +6349,6 @@ index 0000000..9dbaaf6
+
+- Set files with the avahi_exec_t type, if you want to transition an executable to the avahi_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/avahi-dnsconfd, /usr/sbin/avahi-autoipd, /usr/sbin/avahi-daemon
+
+.EX
+.PP
@@ -6572,19 +6465,21 @@ index 0000000..9dbaaf6
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), avahi(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), avahi(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/awstats_selinux.8 b/man/man8/awstats_selinux.8
new file mode 100644
-index 0000000..ca1842d
+index 0000000..c92913c
--- /dev/null
+++ b/man/man8/awstats_selinux.8
-@@ -0,0 +1,114 @@
-+.TH "awstats_selinux" "8" "awstats" "dwalsh at redhat.com" "awstats SELinux Policy documentation"
+@@ -0,0 +1,116 @@
++.TH "awstats_selinux" "8" "12-10-19" "awstats" "SELinux Policy documentation for awstats"
+.SH "NAME"
+awstats_selinux \- Security Enhanced Linux Policy for the awstats processes
+.SH "DESCRIPTION"
@@ -6694,17 +6589,19 @@ index 0000000..ca1842d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), awstats(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), awstats(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/bcfg2_selinux.8 b/man/man8/bcfg2_selinux.8
new file mode 100644
-index 0000000..14fe6d5
+index 0000000..9df8dd1
--- /dev/null
+++ b/man/man8/bcfg2_selinux.8
-@@ -0,0 +1,146 @@
-+.TH "bcfg2_selinux" "8" "bcfg2" "dwalsh at redhat.com" "bcfg2 SELinux Policy documentation"
+@@ -0,0 +1,148 @@
++.TH "bcfg2_selinux" "8" "12-10-19" "bcfg2" "SELinux Policy documentation for bcfg2"
+.SH "NAME"
+bcfg2_selinux \- Security Enhanced Linux Policy for the bcfg2 processes
+.SH "DESCRIPTION"
@@ -6846,17 +6743,19 @@ index 0000000..14fe6d5
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), bcfg2(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), bcfg2(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/bitlbee_selinux.8 b/man/man8/bitlbee_selinux.8
new file mode 100644
-index 0000000..10c37dd
+index 0000000..7c854aa
--- /dev/null
+++ b/man/man8/bitlbee_selinux.8
-@@ -0,0 +1,184 @@
-+.TH "bitlbee_selinux" "8" "bitlbee" "dwalsh at redhat.com" "bitlbee SELinux Policy documentation"
+@@ -0,0 +1,178 @@
++.TH "bitlbee_selinux" "8" "12-10-19" "bitlbee" "SELinux Policy documentation for bitlbee"
+.SH "NAME"
+bitlbee_selinux \- Security Enhanced Linux Policy for the bitlbee processes
+.SH "DESCRIPTION"
@@ -6874,7 +6773,7 @@ index 0000000..10c37dd
+
+The bitlbee_t SELinux type can be entered via the "bitlbee_exec_t" file type. The default entrypoint paths for the bitlbee_t domain are the following:"
+
-+/usr/sbin/bitlbee, /usr/bin/bip
++/usr/bin/bip, /usr/sbin/bitlbee
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -6919,10 +6818,6 @@ index 0000000..10c37dd
+
+- Set files with the bitlbee_exec_t type, if you want to transition an executable to the bitlbee_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/bitlbee, /usr/bin/bip
+
+.EX
+.PP
@@ -6955,10 +6850,6 @@ index 0000000..10c37dd
+
+- Set files with the bitlbee_var_run_t type, if you want to store the bitlbee files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/bitlbee\.pid, /var/run/bip(/.*)?, /var/run/bitlbee\.sock
+
+.EX
+.PP
@@ -7036,17 +6927,19 @@ index 0000000..10c37dd
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), bitlbee(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), bitlbee(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/blktap_selinux.8 b/man/man8/blktap_selinux.8
new file mode 100644
-index 0000000..035dcea
+index 0000000..1c4df1a
--- /dev/null
+++ b/man/man8/blktap_selinux.8
-@@ -0,0 +1,115 @@
-+.TH "blktap_selinux" "8" "blktap" "dwalsh at redhat.com" "blktap SELinux Policy documentation"
+@@ -0,0 +1,116 @@
++.TH "blktap_selinux" "8" "12-10-19" "blktap" "SELinux Policy documentation for blktap"
+.SH "NAME"
+blktap_selinux \- Security Enhanced Linux Policy for the blktap processes
+.SH "DESCRIPTION"
@@ -7064,7 +6957,7 @@ index 0000000..035dcea
+
+The blktap_t SELinux type can be entered via the "blktap_exec_t" file type. The default entrypoint paths for the blktap_t domain are the following:"
+
-+/usr/sbin/blktapctrl, /usr/sbin/tapdisk
++/usr/sbin/tapdisk, /usr/sbin/blktapctrl
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -7094,6 +6987,13 @@ index 0000000..035dcea
+.B setsebool -P xend_run_blktap 1
+.EE
+
++.PP
++If you want to allow xend to run blktapctrl/tapdisk. Not required if using dedicated logical volumes for disk images, you must turn on the xend_run_blktap boolean.
++
++.EX
++.B setsebool -P xend_run_blktap 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -7112,10 +7012,6 @@ index 0000000..035dcea
+
+- Set files with the blktap_exec_t type, if you want to transition an executable to the blktap_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/blktapctrl, /usr/sbin/tapdisk
+
+.EX
+.PP
@@ -7132,10 +7028,6 @@ index 0000000..035dcea
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type blktap_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -7156,19 +7048,21 @@ index 0000000..035dcea
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), blktap(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), blktap(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/blueman_selinux.8 b/man/man8/blueman_selinux.8
new file mode 100644
-index 0000000..c83d198
+index 0000000..639e3ed
--- /dev/null
+++ b/man/man8/blueman_selinux.8
-@@ -0,0 +1,116 @@
-+.TH "blueman_selinux" "8" "blueman" "dwalsh at redhat.com" "blueman SELinux Policy documentation"
+@@ -0,0 +1,118 @@
++.TH "blueman_selinux" "8" "12-10-19" "blueman" "SELinux Policy documentation for blueman"
+.SH "NAME"
+blueman_selinux \- Security Enhanced Linux Policy for the blueman processes
+.SH "DESCRIPTION"
@@ -7280,17 +7174,19 @@ index 0000000..c83d198
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), blueman(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), blueman(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/bluetooth_helper_selinux.8 b/man/man8/bluetooth_helper_selinux.8
new file mode 100644
-index 0000000..f7f3b94
+index 0000000..17f4f4b
--- /dev/null
+++ b/man/man8/bluetooth_helper_selinux.8
-@@ -0,0 +1,155 @@
-+.TH "bluetooth_helper_selinux" "8" "bluetooth_helper" "dwalsh at redhat.com" "bluetooth_helper SELinux Policy documentation"
+@@ -0,0 +1,157 @@
++.TH "bluetooth_helper_selinux" "8" "12-10-19" "bluetooth_helper" "SELinux Policy documentation for bluetooth_helper"
+.SH "NAME"
+bluetooth_helper_selinux \- Security Enhanced Linux Policy for the bluetooth_helper processes
+.SH "DESCRIPTION"
@@ -7440,19 +7336,21 @@ index 0000000..f7f3b94
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), bluetooth_helper(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), bluetooth_helper(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, bluetooth_selinux(8), bluetooth_selinux(8)
\ No newline at end of file
diff --git a/man/man8/bluetooth_selinux.8 b/man/man8/bluetooth_selinux.8
new file mode 100644
-index 0000000..bdb692e
+index 0000000..49cc163
--- /dev/null
+++ b/man/man8/bluetooth_selinux.8
-@@ -0,0 +1,249 @@
-+.TH "bluetooth_selinux" "8" "bluetooth" "dwalsh at redhat.com" "bluetooth SELinux Policy documentation"
+@@ -0,0 +1,246 @@
++.TH "bluetooth_selinux" "8" "12-10-19" "bluetooth" "SELinux Policy documentation for bluetooth"
+.SH "NAME"
+bluetooth_selinux \- Security Enhanced Linux Policy for the bluetooth processes
+.SH "DESCRIPTION"
@@ -7470,7 +7368,7 @@ index 0000000..bdb692e
+
+The bluetooth_t SELinux type can be entered via the "bluetooth_exec_t" file type. The default entrypoint paths for the bluetooth_t domain are the following:"
+
-+/usr/sbin/hcid, /usr/bin/rfcomm, /usr/sbin/sdpd, /usr/bin/hidd, /usr/sbin/bluetoothd, /usr/sbin/hid2hci, /usr/bin/dund, /usr/sbin/hciattach
++/usr/bin/dund, /usr/bin/hidd, /usr/sbin/hcid, /usr/sbin/sdpd, /usr/bin/rfcomm, /usr/sbin/hid2hci, /usr/sbin/hciattach, /usr/sbin/bluetoothd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -7500,6 +7398,13 @@ index 0000000..bdb692e
+.B setsebool -P xguest_use_bluetooth 1
+.EE
+
++.PP
++If you want to allow xguest to use blue tooth devices, you must turn on the xguest_use_bluetooth boolean.
++
++.EX
++.B setsebool -P xguest_use_bluetooth 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -7534,10 +7439,6 @@ index 0000000..bdb692e
+
+- Set files with the bluetooth_exec_t type, if you want to transition an executable to the bluetooth_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/hcid, /usr/bin/rfcomm, /usr/sbin/sdpd, /usr/bin/hidd, /usr/sbin/bluetoothd, /usr/sbin/hid2hci, /usr/bin/dund, /usr/sbin/hciattach
+
+.EX
+.PP
@@ -7570,10 +7471,6 @@ index 0000000..bdb692e
+
+- Set files with the bluetooth_initrc_exec_t type, if you want to transition an executable to the bluetooth_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/dund, /etc/rc\.d/init\.d/bluetooth, /etc/rc\.d/init\.d/pand
+
+.EX
+.PP
@@ -7614,10 +7511,6 @@ index 0000000..bdb692e
+
+- Set files with the bluetooth_var_run_t type, if you want to store the bluetooth files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/bluetoothd_address, /var/run/sdp
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -7696,19 +7589,21 @@ index 0000000..bdb692e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), bluetooth(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), bluetooth(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), bluetooth_helper_selinux(8)
\ No newline at end of file
diff --git a/man/man8/boinc_selinux.8 b/man/man8/boinc_selinux.8
new file mode 100644
-index 0000000..5650e12
+index 0000000..c0034f4
--- /dev/null
+++ b/man/man8/boinc_selinux.8
-@@ -0,0 +1,221 @@
-+.TH "boinc_selinux" "8" "boinc" "dwalsh at redhat.com" "boinc SELinux Policy documentation"
+@@ -0,0 +1,219 @@
++.TH "boinc_selinux" "8" "12-10-19" "boinc" "SELinux Policy documentation for boinc"
+.SH "NAME"
+boinc_selinux \- Security Enhanced Linux Policy for the boinc processes
+.SH "DESCRIPTION"
@@ -7795,10 +7690,6 @@ index 0000000..5650e12
+
+- Set files with the boinc_project_var_lib_t type, if you want to store the boinc project files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/boinc/projects(/.*)?, /var/lib/boinc/slots(/.*)?
+
+.EX
+.PP
@@ -7925,17 +7816,19 @@ index 0000000..5650e12
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), boinc(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), boinc(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/bootloader_selinux.8 b/man/man8/bootloader_selinux.8
new file mode 100644
-index 0000000..0627d5a
+index 0000000..fa74f70
--- /dev/null
+++ b/man/man8/bootloader_selinux.8
-@@ -0,0 +1,295 @@
-+.TH "bootloader_selinux" "8" "bootloader" "dwalsh at redhat.com" "bootloader SELinux Policy documentation"
+@@ -0,0 +1,292 @@
++.TH "bootloader_selinux" "8" "12-10-19" "bootloader" "SELinux Policy documentation for bootloader"
+.SH "NAME"
+bootloader_selinux \- Security Enhanced Linux Policy for the bootloader processes
+.SH "DESCRIPTION"
@@ -7953,7 +7846,7 @@ index 0000000..0627d5a
+
+The bootloader_t SELinux type can be entered via the "bootloader_exec_t" file type. The default entrypoint paths for the bootloader_t domain are the following:"
+
-+/usr/sbin/ybin.*, /usr/sbin/zipl, /sbin/lilo.*, /sbin/ybin.*, /usr/sbin/lilo.*, /sbin/grub.*, /sbin/zipl, /usr/sbin/grub.*
++/sbin/grub.*, /sbin/lilo.*, /sbin/ybin.*, /usr/sbin/grub.*, /usr/sbin/lilo.*, /usr/sbin/ybin.*, /sbin/zipl, /usr/sbin/zipl
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -7983,6 +7876,13 @@ index 0000000..0627d5a
+.B setsebool -P xdm_exec_bootloader 1
+.EE
+
++.PP
++If you want to allow the graphical login program to execute bootloader, you must turn on the xdm_exec_bootloader boolean.
++
++.EX
++.B setsebool -P xdm_exec_bootloader 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -8001,10 +7901,6 @@ index 0000000..0627d5a
+
+- Set files with the bootloader_etc_t type, if you want to store bootloader files in the /etc directories.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/zipl\.conf.*, /etc/yaboot\.conf.*, /etc/default/grub, /etc/lilo\.conf.*
+
+.EX
+.PP
@@ -8013,10 +7909,6 @@ index 0000000..0627d5a
+
+- Set files with the bootloader_exec_t type, if you want to transition an executable to the bootloader_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/ybin.*, /usr/sbin/zipl, /sbin/lilo.*, /sbin/ybin.*, /usr/sbin/lilo.*, /sbin/grub.*, /sbin/zipl, /usr/sbin/grub.*
+
+.EX
+.PP
@@ -8102,10 +7994,10 @@ index 0000000..0627d5a
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -8184,12 +8076,8 @@ index 0000000..0627d5a
+.br
+ /var/log/syslog
+.br
-+ /var/log/boot\.log
-+.br
+ /var/named/chroot/var/log
+.br
-+ /var/spool/plymouth/boot\.log
-+.br
+
+.SH NSSWITCH DOMAIN
+
@@ -8225,19 +8113,21 @@ index 0000000..0627d5a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), bootloader(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), bootloader(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/brctl_selinux.8 b/man/man8/brctl_selinux.8
new file mode 100644
-index 0000000..af78eb3
+index 0000000..9d953ac
--- /dev/null
+++ b/man/man8/brctl_selinux.8
-@@ -0,0 +1,94 @@
-+.TH "brctl_selinux" "8" "brctl" "dwalsh at redhat.com" "brctl SELinux Policy documentation"
+@@ -0,0 +1,96 @@
++.TH "brctl_selinux" "8" "12-10-19" "brctl" "SELinux Policy documentation for brctl"
+.SH "NAME"
+brctl_selinux \- Security Enhanced Linux Policy for the brctl processes
+.SH "DESCRIPTION"
@@ -8327,17 +8217,19 @@ index 0000000..af78eb3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), brctl(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), brctl(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/cachefilesd_selinux.8 b/man/man8/cachefilesd_selinux.8
new file mode 100644
-index 0000000..e942ebc
+index 0000000..fd4970e
--- /dev/null
+++ b/man/man8/cachefilesd_selinux.8
-@@ -0,0 +1,114 @@
-+.TH "cachefilesd_selinux" "8" "cachefilesd" "dwalsh at redhat.com" "cachefilesd SELinux Policy documentation"
+@@ -0,0 +1,112 @@
++.TH "cachefilesd_selinux" "8" "12-10-19" "cachefilesd" "SELinux Policy documentation for cachefilesd"
+.SH "NAME"
+cachefilesd_selinux \- Security Enhanced Linux Policy for the cachefilesd processes
+.SH "DESCRIPTION"
@@ -8392,10 +8284,6 @@ index 0000000..e942ebc
+
+- Set files with the cachefilesd_exec_t type, if you want to transition an executable to the cachefilesd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/cachefilesd, /usr/sbin/cachefilesd
+
+.EX
+.PP
@@ -8447,17 +8335,19 @@ index 0000000..e942ebc
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cachefilesd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cachefilesd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/calamaris_selinux.8 b/man/man8/calamaris_selinux.8
new file mode 100644
-index 0000000..f0c3e0e
+index 0000000..84b93eb
--- /dev/null
+++ b/man/man8/calamaris_selinux.8
-@@ -0,0 +1,130 @@
-+.TH "calamaris_selinux" "8" "calamaris" "dwalsh at redhat.com" "calamaris SELinux Policy documentation"
+@@ -0,0 +1,132 @@
++.TH "calamaris_selinux" "8" "12-10-19" "calamaris" "SELinux Policy documentation for calamaris"
+.SH "NAME"
+calamaris_selinux \- Security Enhanced Linux Policy for the calamaris processes
+.SH "DESCRIPTION"
@@ -8583,17 +8473,19 @@ index 0000000..f0c3e0e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), calamaris(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), calamaris(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/callweaver_selinux.8 b/man/man8/callweaver_selinux.8
new file mode 100644
-index 0000000..e40fedf
+index 0000000..810b002
--- /dev/null
+++ b/man/man8/callweaver_selinux.8
-@@ -0,0 +1,166 @@
-+.TH "callweaver_selinux" "8" "callweaver" "dwalsh at redhat.com" "callweaver SELinux Policy documentation"
+@@ -0,0 +1,168 @@
++.TH "callweaver_selinux" "8" "12-10-19" "callweaver" "SELinux Policy documentation for callweaver"
+.SH "NAME"
+callweaver_selinux \- Security Enhanced Linux Policy for the callweaver processes
+.SH "DESCRIPTION"
@@ -8755,17 +8647,19 @@ index 0000000..e40fedf
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), callweaver(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), callweaver(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/canna_selinux.8 b/man/man8/canna_selinux.8
new file mode 100644
-index 0000000..641a511
+index 0000000..1ab7e32
--- /dev/null
+++ b/man/man8/canna_selinux.8
-@@ -0,0 +1,162 @@
-+.TH "canna_selinux" "8" "canna" "dwalsh at redhat.com" "canna SELinux Policy documentation"
+@@ -0,0 +1,148 @@
++.TH "canna_selinux" "8" "12-10-19" "canna" "SELinux Policy documentation for canna"
+.SH "NAME"
+canna_selinux \- Security Enhanced Linux Policy for the canna processes
+.SH "DESCRIPTION"
@@ -8783,7 +8677,7 @@ index 0000000..641a511
+
+The canna_t SELinux type can be entered via the "canna_exec_t" file type. The default entrypoint paths for the canna_t domain are the following:"
+
-+/usr/bin/catdic, /usr/bin/cannaping, /usr/sbin/jserver, /usr/sbin/cannaserver
++/usr/bin/catdic, /usr/sbin/jserver, /usr/bin/cannaping, /usr/sbin/cannaserver
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -8820,10 +8714,6 @@ index 0000000..641a511
+
+- Set files with the canna_exec_t type, if you want to transition an executable to the canna_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/catdic, /usr/bin/cannaping, /usr/sbin/jserver, /usr/sbin/cannaserver
+
+.EX
+.PP
@@ -8840,10 +8730,6 @@ index 0000000..641a511
+
+- Set files with the canna_log_t type, if you want to treat the data as canna log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/wnn(/.*)?, /var/log/canna(/.*)?
+
+.EX
+.PP
@@ -8852,10 +8738,6 @@ index 0000000..641a511
+
+- Set files with the canna_var_lib_t type, if you want to store the canna files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/wnn/dic(/.*)?, /var/lib/canna/dic(/.*)?
+
+.EX
+.PP
@@ -8864,10 +8746,6 @@ index 0000000..641a511
+
+- Set files with the canna_var_run_t type, if you want to store the canna files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/\.iroha_unix/.*, /var/run/wnn-unix(/.*)?, /var/run/\.iroha_unix
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -8923,17 +8801,19 @@ index 0000000..641a511
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), canna(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), canna(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/cardmgr_selinux.8 b/man/man8/cardmgr_selinux.8
new file mode 100644
-index 0000000..a30fcc9
+index 0000000..88482e4
--- /dev/null
+++ b/man/man8/cardmgr_selinux.8
-@@ -0,0 +1,168 @@
-+.TH "cardmgr_selinux" "8" "cardmgr" "dwalsh at redhat.com" "cardmgr SELinux Policy documentation"
+@@ -0,0 +1,162 @@
++.TH "cardmgr_selinux" "8" "12-10-19" "cardmgr" "SELinux Policy documentation for cardmgr"
+.SH "NAME"
+cardmgr_selinux \- Security Enhanced Linux Policy for the cardmgr processes
+.SH "DESCRIPTION"
@@ -8949,9 +8829,9 @@ index 0000000..a30fcc9
+
+.SH "ENTRYPOINTS"
+
-+The cardmgr_t SELinux type can be entered via the "cardmgr_exec_t,cardctl_exec_t" file types. The default entrypoint paths for the cardmgr_t domain are the following:"
++The cardmgr_t SELinux type can be entered via the "cardctl_exec_t,cardmgr_exec_t" file types. The default entrypoint paths for the cardmgr_t domain are the following:"
+
-+/sbin/cardmgr, /etc/apm/event\.d/pcmcia, /usr/sbin/cardmgr, /sbin/cardctl, /usr/sbin/cardctl
++/sbin/cardctl, /usr/sbin/cardctl, /sbin/cardmgr, /usr/sbin/cardmgr, /etc/apm/event\.d/pcmcia
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -8996,10 +8876,6 @@ index 0000000..a30fcc9
+
+- Set files with the cardmgr_exec_t type, if you want to transition an executable to the cardmgr_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/cardmgr, /etc/apm/event\.d/pcmcia, /usr/sbin/cardmgr
+
+.EX
+.PP
@@ -9024,10 +8900,6 @@ index 0000000..a30fcc9
+
+- Set files with the cardmgr_var_run_t type, if you want to store the cardmgr files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/cardmgr\.pid, /var/run/stab, /var/lib/pcmcia(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -9097,17 +8969,19 @@ index 0000000..a30fcc9
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cardmgr(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cardmgr(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ccs_selinux.8 b/man/man8/ccs_selinux.8
new file mode 100644
-index 0000000..31882ef
+index 0000000..d9b1c2e
--- /dev/null
+++ b/man/man8/ccs_selinux.8
-@@ -0,0 +1,178 @@
-+.TH "ccs_selinux" "8" "ccs" "dwalsh at redhat.com" "ccs SELinux Policy documentation"
+@@ -0,0 +1,172 @@
++.TH "ccs_selinux" "8" "12-10-19" "ccs" "SELinux Policy documentation for ccs"
+.SH "NAME"
+ccs_selinux \- Security Enhanced Linux Policy for the ccs processes
+.SH "DESCRIPTION"
@@ -9125,7 +8999,7 @@ index 0000000..31882ef
+
+The ccs_t SELinux type can be entered via the "ccs_exec_t" file type. The default entrypoint paths for the ccs_t domain are the following:"
+
-+/usr/sbin/ccsd, /sbin/ccsd
++/sbin/ccsd, /usr/sbin/ccsd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -9162,10 +9036,6 @@ index 0000000..31882ef
+
+- Set files with the ccs_exec_t type, if you want to transition an executable to the ccs_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/ccsd, /sbin/ccsd
+
+.EX
+.PP
@@ -9206,10 +9076,6 @@ index 0000000..31882ef
+
+- Set files with the ccs_var_run_t type, if you want to store the ccs files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/cluster/ccsd\.pid, /var/run/cluster/ccsd\.sock
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -9281,17 +9147,19 @@ index 0000000..31882ef
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ccs(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ccs(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/cdcc_selinux.8 b/man/man8/cdcc_selinux.8
new file mode 100644
-index 0000000..9cdf58f
+index 0000000..c97e54d
--- /dev/null
+++ b/man/man8/cdcc_selinux.8
-@@ -0,0 +1,126 @@
-+.TH "cdcc_selinux" "8" "cdcc" "dwalsh at redhat.com" "cdcc SELinux Policy documentation"
+@@ -0,0 +1,128 @@
++.TH "cdcc_selinux" "8" "12-10-19" "cdcc" "SELinux Policy documentation for cdcc"
+.SH "NAME"
+cdcc_selinux \- Security Enhanced Linux Policy for the cdcc processes
+.SH "DESCRIPTION"
@@ -9413,17 +9281,19 @@ index 0000000..9cdf58f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cdcc(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cdcc(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/cdrecord_selinux.8 b/man/man8/cdrecord_selinux.8
new file mode 100644
-index 0000000..37db85e
+index 0000000..49351db
--- /dev/null
+++ b/man/man8/cdrecord_selinux.8
-@@ -0,0 +1,107 @@
-+.TH "cdrecord_selinux" "8" "cdrecord" "dwalsh at redhat.com" "cdrecord SELinux Policy documentation"
+@@ -0,0 +1,108 @@
++.TH "cdrecord_selinux" "8" "12-10-19" "cdrecord" "SELinux Policy documentation for cdrecord"
+.SH "NAME"
+cdrecord_selinux \- Security Enhanced Linux Policy for the cdrecord processes
+.SH "DESCRIPTION"
@@ -9441,7 +9311,7 @@ index 0000000..37db85e
+
+The cdrecord_t SELinux type can be entered via the "cdrecord_exec_t" file type. The default entrypoint paths for the cdrecord_t domain are the following:"
+
-+/usr/bin/cdrecord, /usr/bin/wodim, /usr/bin/growisofs
++/usr/bin/wodim, /usr/bin/cdrecord, /usr/bin/growisofs
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -9471,6 +9341,13 @@ index 0000000..37db85e
+.B setsebool -P cdrecord_read_content 1
+.EE
+
++.PP
++If you want to allow cdrecord to read various content. nfs, samba, removable devices, user temp and untrusted content files, you must turn on the cdrecord_read_content boolean.
++
++.EX
++.B setsebool -P cdrecord_read_content 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -9489,10 +9366,6 @@ index 0000000..37db85e
+
+- Set files with the cdrecord_exec_t type, if you want to transition an executable to the cdrecord_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/cdrecord, /usr/bin/wodim, /usr/bin/growisofs
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -9501,10 +9374,6 @@ index 0000000..37db85e
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type cdrecord_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -9525,19 +9394,21 @@ index 0000000..37db85e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cdrecord(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cdrecord(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/certmaster_selinux.8 b/man/man8/certmaster_selinux.8
new file mode 100644
-index 0000000..f8b1f7d
+index 0000000..35bb7ff
--- /dev/null
+++ b/man/man8/certmaster_selinux.8
-@@ -0,0 +1,206 @@
-+.TH "certmaster_selinux" "8" "certmaster" "dwalsh at redhat.com" "certmaster SELinux Policy documentation"
+@@ -0,0 +1,208 @@
++.TH "certmaster_selinux" "8" "12-10-19" "certmaster" "SELinux Policy documentation for certmaster"
+.SH "NAME"
+certmaster_selinux \- Security Enhanced Linux Policy for the certmaster processes
+.SH "DESCRIPTION"
@@ -9739,17 +9610,19 @@ index 0000000..f8b1f7d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), certmaster(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), certmaster(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/certmonger_selinux.8 b/man/man8/certmonger_selinux.8
new file mode 100644
-index 0000000..70c4b32
+index 0000000..2bb8613
--- /dev/null
+++ b/man/man8/certmonger_selinux.8
-@@ -0,0 +1,172 @@
-+.TH "certmonger_selinux" "8" "certmonger" "dwalsh at redhat.com" "certmonger SELinux Policy documentation"
+@@ -0,0 +1,182 @@
++.TH "certmonger_selinux" "8" "12-10-19" "certmonger" "SELinux Policy documentation for certmonger"
+.SH "NAME"
+certmonger_selinux \- Security Enhanced Linux Policy for the certmonger processes
+.SH "DESCRIPTION"
@@ -9886,6 +9759,14 @@ index 0000000..70c4b32
+ /etc/dirsrv(/.*)?
+.br
+
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -9917,17 +9798,19 @@ index 0000000..70c4b32
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), certmonger(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), certmonger(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/certwatch_selinux.8 b/man/man8/certwatch_selinux.8
new file mode 100644
-index 0000000..2a9b5ac
+index 0000000..f4b85db
--- /dev/null
+++ b/man/man8/certwatch_selinux.8
-@@ -0,0 +1,94 @@
-+.TH "certwatch_selinux" "8" "certwatch" "dwalsh at redhat.com" "certwatch SELinux Policy documentation"
+@@ -0,0 +1,96 @@
++.TH "certwatch_selinux" "8" "12-10-19" "certwatch" "SELinux Policy documentation for certwatch"
+.SH "NAME"
+certwatch_selinux \- Security Enhanced Linux Policy for the certwatch processes
+.SH "DESCRIPTION"
@@ -10017,17 +9900,19 @@ index 0000000..2a9b5ac
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), certwatch(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), certwatch(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/cfengine_execd_selinux.8 b/man/man8/cfengine_execd_selinux.8
new file mode 100644
-index 0000000..216cdf2
+index 0000000..149661e
--- /dev/null
+++ b/man/man8/cfengine_execd_selinux.8
-@@ -0,0 +1,115 @@
-+.TH "cfengine_execd_selinux" "8" "cfengine_execd" "dwalsh at redhat.com" "cfengine_execd SELinux Policy documentation"
+@@ -0,0 +1,117 @@
++.TH "cfengine_execd_selinux" "8" "12-10-19" "cfengine_execd" "SELinux Policy documentation for cfengine_execd"
+.SH "NAME"
+cfengine_execd_selinux \- Security Enhanced Linux Policy for the cfengine_execd processes
+.SH "DESCRIPTION"
@@ -10137,19 +10022,21 @@ index 0000000..216cdf2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cfengine_execd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cfengine_execd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, cfengine_monitord_selinux(8), cfengine_serverd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/cfengine_monitord_selinux.8 b/man/man8/cfengine_monitord_selinux.8
new file mode 100644
-index 0000000..3cd407f
+index 0000000..d57aeb3
--- /dev/null
+++ b/man/man8/cfengine_monitord_selinux.8
-@@ -0,0 +1,115 @@
-+.TH "cfengine_monitord_selinux" "8" "cfengine_monitord" "dwalsh at redhat.com" "cfengine_monitord SELinux Policy documentation"
+@@ -0,0 +1,117 @@
++.TH "cfengine_monitord_selinux" "8" "12-10-19" "cfengine_monitord" "SELinux Policy documentation for cfengine_monitord"
+.SH "NAME"
+cfengine_monitord_selinux \- Security Enhanced Linux Policy for the cfengine_monitord processes
+.SH "DESCRIPTION"
@@ -10259,19 +10146,21 @@ index 0000000..3cd407f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cfengine_monitord(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cfengine_monitord(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, cfengine_execd_selinux(8), cfengine_serverd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/cfengine_serverd_selinux.8 b/man/man8/cfengine_serverd_selinux.8
new file mode 100644
-index 0000000..acf05c6
+index 0000000..d8d7c7d
--- /dev/null
+++ b/man/man8/cfengine_serverd_selinux.8
-@@ -0,0 +1,115 @@
-+.TH "cfengine_serverd_selinux" "8" "cfengine_serverd" "dwalsh at redhat.com" "cfengine_serverd SELinux Policy documentation"
+@@ -0,0 +1,117 @@
++.TH "cfengine_serverd_selinux" "8" "12-10-19" "cfengine_serverd" "SELinux Policy documentation for cfengine_serverd"
+.SH "NAME"
+cfengine_serverd_selinux \- Security Enhanced Linux Policy for the cfengine_serverd processes
+.SH "DESCRIPTION"
@@ -10381,19 +10270,21 @@ index 0000000..acf05c6
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cfengine_serverd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cfengine_serverd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, cfengine_execd_selinux(8), cfengine_monitord_selinux(8)
\ No newline at end of file
diff --git a/man/man8/cgclear_selinux.8 b/man/man8/cgclear_selinux.8
new file mode 100644
-index 0000000..7ec11e9
+index 0000000..07468b6
--- /dev/null
+++ b/man/man8/cgclear_selinux.8
-@@ -0,0 +1,100 @@
-+.TH "cgclear_selinux" "8" "cgclear" "dwalsh at redhat.com" "cgclear SELinux Policy documentation"
+@@ -0,0 +1,112 @@
++.TH "cgclear_selinux" "8" "12-10-19" "cgclear" "SELinux Policy documentation for cgclear"
+.SH "NAME"
+cgclear_selinux \- Security Enhanced Linux Policy for the cgclear processes
+.SH "DESCRIPTION"
@@ -10448,10 +10339,6 @@ index 0000000..7ec11e9
+
+- Set files with the cgclear_exec_t type, if you want to transition an executable to the cgclear_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/cgclear, /usr/sbin/cgclear
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -10474,6 +10361,20 @@ index 0000000..7ec11e9
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the cgclear_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the cgclear_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -10489,17 +10390,19 @@ index 0000000..7ec11e9
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cgclear(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cgclear(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/cgconfig_selinux.8 b/man/man8/cgconfig_selinux.8
new file mode 100644
-index 0000000..74979e8
+index 0000000..91c1954
--- /dev/null
+++ b/man/man8/cgconfig_selinux.8
-@@ -0,0 +1,134 @@
-+.TH "cgconfig_selinux" "8" "cgconfig" "dwalsh at redhat.com" "cgconfig SELinux Policy documentation"
+@@ -0,0 +1,128 @@
++.TH "cgconfig_selinux" "8" "12-10-19" "cgconfig" "SELinux Policy documentation for cgconfig"
+.SH "NAME"
+cgconfig_selinux \- Security Enhanced Linux Policy for the cgconfig processes
+.SH "DESCRIPTION"
@@ -10517,7 +10420,7 @@ index 0000000..74979e8
+
+The cgconfig_t SELinux type can be entered via the "cgconfig_exec_t" file type. The default entrypoint paths for the cgconfig_t domain are the following:"
+
-+/usr/sbin/cgconfigparser, /sbin/cgconfigparser
++/sbin/cgconfigparser, /usr/sbin/cgconfigparser
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -10554,10 +10457,6 @@ index 0000000..74979e8
+
+- Set files with the cgconfig_etc_t type, if you want to store cgconfig files in the /etc directories.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/sysconfig/cgconfig, /etc/cgconfig.conf
+
+.EX
+.PP
@@ -10566,10 +10465,6 @@ index 0000000..74979e8
+
+- Set files with the cgconfig_exec_t type, if you want to transition an executable to the cgconfig_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/cgconfigparser, /sbin/cgconfigparser
+
+.EX
+.PP
@@ -10629,17 +10524,19 @@ index 0000000..74979e8
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cgconfig(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cgconfig(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/cgred_selinux.8 b/man/man8/cgred_selinux.8
new file mode 100644
-index 0000000..f79cbab
+index 0000000..b0b26bd
--- /dev/null
+++ b/man/man8/cgred_selinux.8
-@@ -0,0 +1,150 @@
-+.TH "cgred_selinux" "8" "cgred" "dwalsh at redhat.com" "cgred SELinux Policy documentation"
+@@ -0,0 +1,148 @@
++.TH "cgred_selinux" "8" "12-10-19" "cgred" "SELinux Policy documentation for cgred"
+.SH "NAME"
+cgred_selinux \- Security Enhanced Linux Policy for the cgred processes
+.SH "DESCRIPTION"
@@ -10694,10 +10591,6 @@ index 0000000..f79cbab
+
+- Set files with the cgred_exec_t type, if you want to transition an executable to the cgred_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/cgrulesengd, /usr/sbin/cgrulesengd
+
+.EX
+.PP
@@ -10785,17 +10678,19 @@ index 0000000..f79cbab
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cgred(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cgred(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/checkpc_selinux.8 b/man/man8/checkpc_selinux.8
new file mode 100644
-index 0000000..32205e6
+index 0000000..43fef74
--- /dev/null
+++ b/man/man8/checkpc_selinux.8
-@@ -0,0 +1,110 @@
-+.TH "checkpc_selinux" "8" "checkpc" "dwalsh at redhat.com" "checkpc SELinux Policy documentation"
+@@ -0,0 +1,112 @@
++.TH "checkpc_selinux" "8" "12-10-19" "checkpc" "SELinux Policy documentation for checkpc"
+.SH "NAME"
+checkpc_selinux \- Security Enhanced Linux Policy for the checkpc processes
+.SH "DESCRIPTION"
@@ -10901,17 +10796,19 @@ index 0000000..32205e6
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), checkpc(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), checkpc(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/checkpolicy_selinux.8 b/man/man8/checkpolicy_selinux.8
new file mode 100644
-index 0000000..a6da919
+index 0000000..a25f0ad
--- /dev/null
+++ b/man/man8/checkpolicy_selinux.8
-@@ -0,0 +1,100 @@
-+.TH "checkpolicy_selinux" "8" "checkpolicy" "dwalsh at redhat.com" "checkpolicy SELinux Policy documentation"
+@@ -0,0 +1,102 @@
++.TH "checkpolicy_selinux" "8" "12-10-19" "checkpolicy" "SELinux Policy documentation for checkpolicy"
+.SH "NAME"
+checkpolicy_selinux \- Security Enhanced Linux Policy for the checkpolicy processes
+.SH "DESCRIPTION"
@@ -11007,17 +10904,19 @@ index 0000000..a6da919
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), checkpolicy(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), checkpolicy(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/chfn_selinux.8 b/man/man8/chfn_selinux.8
new file mode 100644
-index 0000000..3738d8e
+index 0000000..47d1da2
--- /dev/null
+++ b/man/man8/chfn_selinux.8
@@ -0,0 +1,190 @@
-+.TH "chfn_selinux" "8" "chfn" "dwalsh at redhat.com" "chfn SELinux Policy documentation"
++.TH "chfn_selinux" "8" "12-10-19" "chfn" "SELinux Policy documentation for chfn"
+.SH "NAME"
+chfn_selinux \- Security Enhanced Linux Policy for the chfn processes
+.SH "DESCRIPTION"
@@ -11072,10 +10971,6 @@ index 0000000..3738d8e
+
+- Set files with the chfn_exec_t type, if you want to transition an executable to the chfn_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/chfn, /usr/bin/chsh
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -11107,6 +11002,8 @@ index 0000000..3738d8e
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -11203,17 +11100,19 @@ index 0000000..3738d8e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), chfn(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), chfn(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/chkpwd_selinux.8 b/man/man8/chkpwd_selinux.8
new file mode 100644
-index 0000000..3e0db2e
+index 0000000..e2d2736
--- /dev/null
+++ b/man/man8/chkpwd_selinux.8
-@@ -0,0 +1,106 @@
-+.TH "chkpwd_selinux" "8" "chkpwd" "dwalsh at redhat.com" "chkpwd SELinux Policy documentation"
+@@ -0,0 +1,100 @@
++.TH "chkpwd_selinux" "8" "12-10-19" "chkpwd" "SELinux Policy documentation for chkpwd"
+.SH "NAME"
+chkpwd_selinux \- Security Enhanced Linux Policy for the chkpwd processes
+.SH "DESCRIPTION"
@@ -11231,7 +11130,7 @@ index 0000000..3e0db2e
+
+The chkpwd_t SELinux type can be entered via the "chkpwd_exec_t" file type. The default entrypoint paths for the chkpwd_t domain are the following:"
+
-+/sbin/unix_verify, /sbin/unix_chkpwd, /usr/sbin/unix_verify, /usr/sbin/validate, /usr/sbin/unix_chkpwd
++/sbin/unix_chkpwd, /sbin/unix_verify, /usr/sbin/validate, /usr/sbin/unix_chkpwd, /usr/sbin/unix_verify
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -11268,10 +11167,6 @@ index 0000000..3e0db2e
+
+- Set files with the chkpwd_exec_t type, if you want to transition an executable to the chkpwd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/unix_verify, /sbin/unix_chkpwd, /usr/sbin/unix_verify, /usr/sbin/validate, /usr/sbin/unix_chkpwd
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -11280,10 +11175,6 @@ index 0000000..3e0db2e
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type chkpwd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -11315,17 +11206,19 @@ index 0000000..3e0db2e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), chkpwd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), chkpwd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/chrome_sandbox_nacl_selinux.8 b/man/man8/chrome_sandbox_nacl_selinux.8
new file mode 100644
-index 0000000..4f141ab
+index 0000000..f491ecd
--- /dev/null
+++ b/man/man8/chrome_sandbox_nacl_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "chrome_sandbox_nacl_selinux" "8" "chrome_sandbox_nacl" "dwalsh at redhat.com" "chrome_sandbox_nacl SELinux Policy documentation"
+@@ -0,0 +1,95 @@
++.TH "chrome_sandbox_nacl_selinux" "8" "12-10-19" "chrome_sandbox_nacl" "SELinux Policy documentation for chrome_sandbox_nacl"
+.SH "NAME"
+chrome_sandbox_nacl_selinux \- Security Enhanced Linux Policy for the chrome_sandbox_nacl processes
+.SH "DESCRIPTION"
@@ -11341,9 +11234,9 @@ index 0000000..4f141ab
+
+.SH "ENTRYPOINTS"
+
-+The chrome_sandbox_nacl_t SELinux type can be entered via the "chrome_sandbox_nacl_exec_t,bin_t" file types. The default entrypoint paths for the chrome_sandbox_nacl_t domain are the following:"
++The chrome_sandbox_nacl_t SELinux type can be entered via the "bin_t,chrome_sandbox_nacl_exec_t" file types. The default entrypoint paths for the chrome_sandbox_nacl_t domain are the following:"
+
-+/usr/lib/chromium-browser/nacl_helper_bootstrap, /opt/google/chrome/nacl_helper_bootstrap, /etc/ppp/ip-up\..*, /usr/lib/vmware-tools/(s)?bin32(/.*)?, /usr/lib/virtualbox/VBoxManage, /usr/lib/.*/scripts(/.*)?, /etc/ppp/ip-down\..*, /usr/share/system-config-netboot/system-config-netboot\.py, /usr/share/shorewall-perl(/.*)?, /usr/Brother(/.*)?, /usr/share/doc/ghc/html/libraries/gen_contents_index, /usr/lib/mailman.*/mail(/.*)?, /usr/lib/[^/]*thunderbird[^/]*/open-browser\.sh, /usr/share/cluster/ocf-shellfuncs, /bin, /usr/lib/.*/program(/.*)?, /usr/lib/security/pam_krb5/pam_krb5_storetmp, /usr/share/apr-0/build/libtool, /usr/lib/pm-utils(/.*)?, /etc/sysconfig/network-scripts/net.*, /usr/share/system-config-language/system-config-language, /usr/lib/vte/gnome-pty-helper, /etc/lxdm/Pre.*, /usr/lib/xulrunner[^/]*/crashreporter, /usr/lib/nagios/plugins(/.*)?, /usr/share/PackageKit/helpers(/.*)?, /usr/share/e16/misc(/.*)?, /usr/lib/fence(/.*)?, /etc/sysconfig/network-scripts/init.*,
/usr/lib/xulrunner[^/]*/updater, /etc/mcelog/cache-error-trigger, /usr/share/system-config-mouse/system-config-mouse, /usr/share/system-config-netboot/pxeos\.py, /usr/share/cluster/.*\.sh, /usr/lib/udev/devices/MAKEDEV, /usr/lib/nfs-utils/scripts(/.*)?, /usr/share/mc/extfs/.*, /emul/ia32-linux/usr(/.*)?/sbin(/.*)?, /var/qmail/rc, /var/mailman.*/bin(/.*)?, /usr/share/system-config-nfs/system-config-nfs\.py, /sbin, /usr/share/texmf/web2c/mktexupd, /usr/lib/readahead(/.*)?, /usr/lib/gimp/.*/plug-ins(/.*)?, /usr/lib/xen/bin(/.*)?, /usr/share/Modules/init(/.*)?, /var/qmail/bin, /opt/google/talkplugin(/.*)?, /etc/profile.d(/.*)?, /usr/share/hwbrowser/hwbrowser, /usr/share/dayplanner/dayplanner, /usr/lib/nspluginwrapper/np.*, /usr/share/printconf/util/print\.py, /usr/lib/[^/]*/run-mozilla\.sh, /usr/linuxprinter/filters(/.*)?, /usr/share/system-config-network/neat-control\.py, /usr/lib/[^/]*/mozilla-xremote-client, /usr/share/hal/scripts(/.*)?, /usr/lib/[^/]*thunderbird[^/]*/thunder
bird, /usr/share/system-config-selinux/polgen\.py, /usr/lib(.*/)?sbin(/.*)?, /lib/udev/devices/MAKEDEV, /etc/vmware-tools(/.*)?, /etc/PackageKit/events(/.*)?, /usr/share/denyhosts/plugins(/.*)?, /usr/share/sectool/.*\.py, /etc/pki/tls/certs/make-dummy-cert, /usr/lib/rpm/rpmd, /usr/lib/tuned/.*/.*\.sh, /usr/share/cluster/svclib_nfslock, /usr/libexec(/.*)?, /usr/share/system-config-nfs/nfs-export\.py, /usr/share/apr-0/build/[^/]+\.sh, /opt/OpenPrinting-Gutenprint/cups/lib/filter(/.*)?, /bin/mountpoint, /usr/share/rhn/rhn_applet/needed-packages\.py, /lib/security/pam_krb5(/.*)?, /emul/ia32-linux/usr/libexec(/.*)?, /usr/lib/rpm/rpmk, /etc/apcupsd/commok, /usr/lib/oracle/xe/apps(/.*)?, /usr/share/clamav/freshclam-sleep, /usr/lib/mediawiki/math/texvc.*, /etc/ConsoleKit/run-seat\.d(/.*)?, /usr/lib/xfce4(/.*)?, /usr/share/system-config-services/system-config-services, /opt/(.*/)?libexec(/.*)?, /emul/ia32-linux/usr(/.*)?/Bin(/.*)?, /usr/lib/debug/sbin(/.*)?, /etc/sysconfig/libvirtd,
/etc/cron.weekly(/.*)?, /usr/lib/ccache/bin(/.*)?, /sbin/.*, /var/lib/asterisk/agi-bin(/.*)?, /usr/lib/[^/]*thunderbird[^/]*/thunderbird-bin, /usr/lib/yp/.+, /usr/share/wicd/daemon(/.*)?, /etc/ppp/ipv6-up\..*, /etc/acpi/actions(/.*)?, /etc/sysconfig/network-scripts/ifdown.*, /usr/share/cluster/SAPDatabase, /usr/share/system-config-soundcard/system-config-soundcard, /usr/lib/udev/scsi_id, /etc/pm/power\.d(/.*)?, /usr/share/system-config-services/gui\.py, /etc/lxdm/Xsession, /usr/lib/cyrus-imapd/.*, /usr/sbin/insmod_ksymoops_clean, /etc/cipe/ip-down.*, /usr/share/PackageKit/pk-upgrade-distro\.sh, /usr/share/shorewall/compiler\.pl, /usr/share/pydict/pydict\.py, /dev/MAKEDEV, /usr/share/shorewall-shell(/.*)?, /emul/ia32-linux/bin(/.*)?, /root/bin(/.*)?, /usr/lib/xfce4/session/balou-export-theme, /usr/share/system-config-selinux/system-config-selinux\.py, /etc/ppp/ipv6-down\..*, /usr/share/pwlib/make/ptlib-config, /usr/lib/ConsoleKit/scripts(/.*)?, /opt/(.*/)?bin(/.*)?, /etc/init
\.d/functions, /lib/readahead(/.*)?, /etc/apcupsd/apccontrol, /usr/share/system-config-samba/system-config-samba\.py, /usr/lib/misc/sftp-server, /etc/apcupsd/onbattery, /usr/lib/qt.*/bin(/.*)?, /usr/share/cvs/contrib/rcs2log, /usr/lib/debug/usr/sbin(/.*)?, /usr/share/system-config-keyboard/system-config-keyboard, /usr/share/fedora-usermgmt/wrapper, /usr/lib/thunderbird.*/mozilla-xremote-client, /usr/share/ssl/misc(/.*)?, /etc/apcupsd/changeme, /etc/apcupsd/offbattery, /etc/apcupsd/commfailure, /etc/sysconfig/readonly-root, /etc/cron.monthly(/.*)?, /var/ftp/bin(/.*)?, /usr/lib/xfce4/xfwm4/helper-dialog, /usr/lib/iscan/network, /usr/share/shorewall-lite(/.*)?, /usr/Printer(/.*)?, /usr/share/authconfig/authconfig-gtk\.py, /usr/share/system-config-rootpassword/system-config-rootpassword, /usr/lib/news/bin(/.*)?, /usr/share/system-config-lvm/system-config-lvm\.py, /usr/share/system-config-netboot/pxeboot\.py, /etc/auto\.[^/]*, /usr/Brother/(.*/)?inf/brprintconf.*, /etc/apcupsd/ma
sterconnect, /etc/avahi/.*\.action, /usr/lib/netsaint/plugins(/.*)?, /usr/share/authconfig/authconfig-tui\.py, /usr/share/system-config-securitylevel/system-config-securitylevel\.py, /usr/lib/xfce4/exo-1/exo-helper-1, /usr/lib/dracut(/.*)?, /usr/share/kde4/apps/kajongg/kajongg.py, /usr/share/hal/device-manager/hal-device-manager, /usr/share/selinux/devel/policygentool, /etc/mail/make, /usr/lib/debug/usr/libexec(/.*)?, /opt/gutenprint/cups/lib/filter(/.*)?, /usr/libexec/openssh/sftp-server, /usr/lib/ruby/gems/.*/agents(/.*)?, /usr/lib/bluetooth(/.*)?, /usr/lib/chromium-browser(/.*)?, /etc/sysconfig/init, /usr/share/system-logviewer/system-logviewer\.py, /emul/ia32-linux/usr(/.*)?/bin(/.*)?, /usr/lib/wicd/monitor\.py, /etc/pki/tls/misc(/.*)?, /etc/cron.hourly(/.*)?, /etc/xen/qemu-ifup, /usr/share/system-config-services/serviceconf\.py, /usr/share/tucan.*/tucan.py, /usr/lib/portage/bin(/.*)?, /etc/lxdm/LoginReady, /etc/mcelog/triggers(/.*)?, /usr/share/texmf/web2c/mktexnam, /et
c/gdm/XKeepsCrashing[^/]*, /usr/lib/apt/methods.+, /etc/rc\.d/init\.d/functions, /usr/lib/xfce4/exo-1/exo-compose-mail-1, /etc/kde/shutdown(/.*)?, /usr/lib/cups(/.*)?, /usr/share/gedit-2/plugins/externaltools/tools(/.*)?, /usr/share/gnucash/finance-quote-helper, /etc/cron.daily(/.*)?, /usr/share/gitolite/hooks/gitolite-admin/post-update, /usr/lib/rpm/rpmv, /etc/ConsoleKit/run-session\.d(/.*)?, /etc/munin/plugins(/.*)?, /usr/share/clamav/clamd-gen, /etc/lxdm/Post.*, /usr/lib/xulrunner[^/]*/xulrunner[^/]*, /etc/hotplug/.*agent, /usr/lib/emacsen-common/.*, /usr/lib/jvm/java(.*/)bin(/.*), /etc/sysconfig/network-scripts/ifup.*, /usr/lib/xfce4/xfconf/xfconfd, /usr/lib/MailScanner(/.*)?, /usr/share/vhostmd/scripts(/.*)?, /usr/share/ajaxterm/qweb.py.*, /usr/share/switchdesk/switchdesk-gui\.py, /usr/lib/ipsec/.*, /usr/share/turboprint/lib(/.*)?, /usr/sbin/mkfs\.cramfs, /var/qmail/bin(/.*)?, /etc/sysconfig/crond, /usr/share/hplip/[^/]*, /lib/security/pam_krb5/pam_krb5_storetmp, /usr/s
hare/debconf/.+, /usr/share/shorewall/configpath, /usr/bin/pingus.*, /etc/hotplug/hotplug\.functions, /usr/lib/mailman.*/bin(/.*)?, /usr/share/texmf/web2c/mktexdir, /usr/share/gnucash/finance-quote-check, /etc/redhat-lsb(/.*)?, /usr/X11R6/lib/X11/xkb/xkbcomp, /etc/gdm/[^/]+, /opt/google/chrome(/.*)?, /usr/lib/tumbler-[^/]*/tumblerd, /usr/lib/dpkg/.+, /usr/share/sandbox/sandboxX.sh, /etc/cipe/ip-up.*, /usr/lib/udev/[^/]*, /usr/bin/mountpoint, /lib/udev/scsi_id, /bin/.*, /emul/ia32-linux/sbin(/.*)?, /var/lib/iscan/interpreter, /etc/dhcp/dhclient\.d(/.*)?, /etc/racoon/scripts(/.*)?, /opt/(.*/)?sbin(/.*)?, /usr/share/shorewall6-lite(/.*)?, /usr/share/spamassassin/sa-update\.cron, /usr/share/rhn/rhn_applet/applet\.py, /etc/X11/xdm/TakeConsole, /usr/(.*/)?sbin(/.*)?, /etc/X11/xinit(/.*)?, /usr/share/shorewall/getparams, /usr/share/cluster/checkquorum, /etc/X11/xdm/GiveConsole, /usr/lib/xfce4/session/xfsm-shutdown-helper, /lib/upstart(/.*)?, /etc/pm/sleep\.d(/.*)?, /etc/gdm/[^/]+/.
*, /usr/share/system-config-httpd/system-config-httpd, /usr/lib/upstart(/.*)?, /usr/lib/pgsql/test/regress/.*\.sh, /usr/share/system-config-users/system-config-users, /etc/mgetty\+sendfax/new_fax, /usr/lib/debug/bin(/.*)?, /usr/lib/debug/usr/bin(/.*)?, /etc/hotplug/.*rc, /usr/lib/courier(/.*)?, /etc/X11/xdm/Xsetup_0, /etc/netplug\.d(/.*)?, /usr/Brother/(.*/)?inf/setup.*, /usr/lib/xfce4/session/balou-install-theme, /usr/(.*/)?bin(/.*)?, /usr/(.*/)?Bin(/.*)?, /etc/xen/scripts(/.*)?, /usr/share/smolt/client(/.*)?, /usr/bin, /etc/sysconfig/netconsole, /usr/share/system-config-network(/netconfig)?/[^/]+\.py, /usr/lib/xfce4/panel/migrate, /usr/share/ajaxterm/ajaxterm.py.*, /sbin/mkfs\.cramfs, /usr/share/authconfig/authconfig\.py, /usr/share/system-config-date/system-config-date\.py, /usr/share/virtualbox/.*\.sh, /etc/apcupsd/mastertimeout, /usr/lib/ruby/gems(/.*)?/helper-scripts(/.*)?, /usr/share/texmf/texconfig/tcfmgr, /etc/kde/env(/.*)?, /usr/lib/rpm/rpmq, /sbin/insmod_ksymoops_
clean, /usr/lib/xfce4/panel/wrapper, /usr/share/system-config-printer/applet\.py, /etc/hotplug\.d/default/default.*, /usr/lib(.*/)?bin(/.*)?, /usr/share/gitolite/hooks/common/update, /usr/lib/ConsoleKit/run-session\.d(/.*)?, /usr/lib/sftp-server, /usr/share/system-config-display/system-config-display, /lib/udev/[^/]*, /usr/share/cluster/fence_scsi_check\.pl, /usr/share/denyhosts/scripts(/.*)?, /usr/share/createrepo(/.*)?, /usr/lib/yaboot/addnote, /usr/lib/vmware-tools/(s)?bin64(/.*)?, /usr/share/cluster/SAPInstance
++/bin/.*, /opt/(.*/)?bin(/.*)?, /usr/(.*/)?Bin(/.*)?, /usr/(.*/)?bin(/.*)?, /usr/(.*/)?sbin(/.*)?, /opt/(.*/)?sbin(/.*)?, /opt/(.*/)?libexec(/.*)?, /sbin/.*, /usr/lib(.*/)?bin(/.*)?, /usr/lib(.*/)?sbin(/.*)?, /etc/gdm/[^/]+, /root/bin(/.*)?, /etc/gdm/[^/]+/.*, /etc/cron.daily(/.*)?, /etc/cron.weekly(/.*)?, /etc/cron.hourly(/.*)?, /etc/cron.monthly(/.*)?, /usr/lib/.*/scripts(/.*)?, /usr/lib/.*/program(/.*)?, /usr/lib/[^/]*/run-mozilla\.sh, /usr/lib/[^/]*/mozilla-xremote-client, /usr/lib/[^/]*thunderbird[^/]*/thunderbird, /usr/lib/[^/]*thunderbird[^/]*/thunderbird-bin, /usr/lib/[^/]*thunderbird[^/]*/open-browser\.sh, /lib/udev/[^/]*, /etc/auto\.[^/]*, /etc/avahi/.*\.action, /usr/lib/qt.*/bin(/.*)?, /usr/lib/yp/.+, /var/ftp/bin(/.*)?, /usr/Brother(/.*)?, /usr/Printer(/.*)?, /usr/libexec(/.*)?, /lib/upstart(/.*)?, /etc/kde/env(/.*)?, /etc/profile.d(/.*)?, /var/mailman.*/bin(/.*)?, /etc/lxdm/Pre.*, /etc/hotplug/.*rc, /usr/lib/cups(/.*)?, /etc/hotplug/.*agent, /usr/Brother/(.*/)?i
nf/setup.*, /usr/Brother/(.*/)?inf/brprintconf.*, /usr/lib/dpkg/.+, /etc/lxdm/Post.*, /usr/lib/udev/[^/]*, /var/qmail/bin(/.*)?, /usr/lib/xfce4(/.*)?, /usr/lib/fence(/.*)?, /etc/X11/xinit(/.*)?, /lib/readahead(/.*)?, /etc/netplug\.d(/.*)?, /usr/lib/gimp/.*/plug-ins(/.*)?, /usr/lib/ipsec/.*, /etc/ppp/ip-up\..*, /usr/bin/pingus.*, /etc/cipe/ip-up.*, /usr/lib/dracut(/.*)?, /etc/pm/power\.d(/.*)?, /etc/pm/sleep\.d(/.*)?, /etc/redhat-lsb(/.*)?, /usr/lib/tuned/.*/.*\.sh, /usr/lib/xen/bin(/.*)?, /usr/lib/upstart(/.*)?, /usr/lib/courier(/.*)?, /etc/xen/scripts(/.*)?, /usr/share/tucan.*/tucan.py, /usr/lib/mailman.*/bin(/.*)?, /usr/lib/mailman.*/mail(/.*)?, /etc/ppp/ipv6-up\..*, /etc/ppp/ip-down\..*, /etc/cipe/ip-down.*, /usr/share/hplip/[^/]*, /usr/lib/news/bin(/.*)?, /usr/lib/pm-utils(/.*)?, /etc/vmware-tools(/.*)?, /etc/kde/shutdown(/.*)?, /etc/acpi/actions(/.*)?, /etc/pki/tls/misc(/.*)?, /usr/lib/jvm/java(.*/)bin(/.*), /usr/lib/tumbler-[^/]*/tumblerd, /usr/lib/readahead(/.*)?, /op
t/google/chrome(/.*)?, /etc/munin/plugins(/.*)?, /usr/lib/bluetooth(/.*)?, /usr/lib/debug/bin(/.*)?, /usr/lib/xulrunner[^/]*/updater, /usr/lib/xulrunner[^/]*/crashreporter, /usr/lib/xulrunner[^/]*/xulrunner[^/]*, /usr/lib/ruby/gems(/.*)?/helper-scripts(/.*)?, /usr/share/debconf/.+, /etc/ppp/ipv6-down\..*, /usr/share/cluster/.*\.sh, /usr/share/sectool/.*\.py, /usr/share/ssl/misc(/.*)?, /usr/share/e16/misc(/.*)?, /usr/lib/ccache/bin(/.*)?, /etc/racoon/scripts(/.*)?, /usr/lib/debug/sbin(/.*)?, /usr/lib/ruby/gems/.*/agents(/.*)?, /usr/share/mc/extfs/.*, /usr/lib/apt/methods.+, /usr/lib/portage/bin(/.*)?, /usr/lib/MailScanner(/.*)?, /etc/mcelog/triggers(/.*)?, /etc/dhcp/dhclient\.d(/.*)?, /emul/ia32-linux/bin(/.*)?, /emul/ia32-linux/usr(/.*)?/bin(/.*)?, /emul/ia32-linux/usr(/.*)?/Bin(/.*)?, /emul/ia32-linux/usr(/.*)?/sbin(/.*)?, /usr/lib/thunderbird.*/mozilla-xremote-client, /usr/lib/cyrus-imapd/.*, /usr/share/createrepo(/.*)?, /emul/ia32-linux/sbin(/.*)?, /usr/share/virtualbox/.
*\.sh, /usr/share/hal/scripts(/.*)?, /usr/share/wicd/daemon(/.*)?, /lib/security/pam_krb5(/.*)?, /opt/google/talkplugin(/.*)?, /etc/PackageKit/events(/.*)?, /usr/lib/debug/usr/bin(/.*)?, /usr/lib/vmware-tools/(s)?bin32(/.*)?, /usr/lib/vmware-tools/(s)?bin64(/.*)?, /etc/gdm/XKeepsCrashing[^/]*, /usr/lib/oracle/xe/apps(/.*)?, /usr/share/Modules/init(/.*)?, /usr/share/smolt/client(/.*)?, /usr/lib/nagios/plugins(/.*)?, /usr/lib/debug/usr/sbin(/.*)?, /usr/share/apr-0/build/[^/]+\.sh, /usr/lib/emacsen-common/.*, /usr/share/ajaxterm/qweb.py.*, /var/lib/asterisk/agi-bin(/.*)?, /usr/share/shorewall-perl(/.*)?, /usr/share/shorewall-lite(/.*)?, /usr/linuxprinter/filters(/.*)?, /usr/lib/netsaint/plugins(/.*)?, /usr/lib/chromium-browser(/.*)?, /usr/share/turboprint/lib(/.*)?, /usr/lib/nfs-utils/scripts(/.*)?, /usr/share/shorewall-shell(/.*)?, /usr/share/shorewall6-lite(/.*)?, /usr/share/vhostmd/scripts(/.*)?, /usr/lib/debug/usr/libexec(/.*)?, /etc/ConsoleKit/run-seat\.d(/.*)?, /usr/lib/n
spluginwrapper/np.*, /usr/share/sandbox/sandboxX.sh, /usr/lib/ConsoleKit/scripts(/.*)?, /usr/share/ajaxterm/ajaxterm.py.*, /usr/lib/pgsql/test/regress/.*\.sh, /usr/share/denyhosts/plugins(/.*)?, /usr/share/denyhosts/scripts(/.*)?, /emul/ia32-linux/usr/libexec(/.*)?, /usr/lib/mediawiki/math/texvc.*, /usr/share/PackageKit/helpers(/.*)?, /etc/ConsoleKit/run-session\.d(/.*)?, /etc/hotplug\.d/default/default.*, /usr/lib/systemd/system-sleep/(.*)?, /opt/gutenprint/cups/lib/filter(/.*)?, /usr/share/system-config-network(/netconfig)?/[^/]+\.py, /usr/lib/ConsoleKit/run-session\.d(/.*)?, /etc/sysconfig/network-scripts/net.*, /etc/sysconfig/network-scripts/ifup.*, /etc/sysconfig/network-scripts/init.*, /usr/share/kde4/apps/kajongg/kajongg.py, /etc/sysconfig/network-scripts/ifdown.*, /opt/OpenPrinting-Gutenprint/cups/lib/filter(/.*)?, /usr/share/gedit-2/plugins/externaltools/tools(/.*)?, /bin, /sbin, /usr/bin, /dev/MAKEDEV, /var/qmail/rc, /var/qmail/bin, /etc/mail/make, /bin/mountpoint,
/usr/lib/rpm/rpmv, /usr/lib/rpm/rpmk, /usr/lib/rpm/rpmq, /usr/lib/rpm/rpmd, /lib/udev/scsi_id, /sbin/mkfs\.cramfs, /etc/xen/qemu-ifup, /etc/lxdm/Xsession, /etc/sysconfig/init, /usr/bin/mountpoint, /etc/apcupsd/commok, /usr/lib/sftp-server, /etc/sysconfig/crond, /etc/lxdm/LoginReady, /usr/sbin/mkfs\.cramfs, /usr/lib/udev/scsi_id, /etc/X11/xdm/Xsetup_0, /etc/init\.d/functions, /etc/apcupsd/changeme, /usr/lib/iscan/network, /etc/apcupsd/onbattery, /usr/lib/yaboot/addnote, /etc/sysconfig/libvirtd, /etc/apcupsd/apccontrol, /etc/apcupsd/offbattery, /usr/lib/wicd/monitor\.py, /etc/X11/xdm/TakeConsole, /etc/X11/xdm/GiveConsole, /etc/apcupsd/commfailure, /usr/lib/misc/sftp-server, /etc/sysconfig/netconsole, /lib/udev/devices/MAKEDEV, /var/lib/iscan/interpreter, /etc/rc\.d/init\.d/functions, /etc/apcupsd/masterconnect, /etc/apcupsd/mastertimeout, /usr/share/pydict/pydict\.py, /usr/share/clamav/clamd-gen, /sbin/insmod_ksymoops_clean, /etc/mgetty\+sendfax/new_fax, /usr/lib/xfce4/panel/
migrate, /usr/lib/xfce4/panel/wrapper, /etc/sysconfig/readonly-root, /usr/lib/udev/devices/MAKEDEV, /usr/lib/vte/gnome-pty-helper, /usr/lib/xfce4/xfconf/xfconfd, /usr/share/hwbrowser/hwbrowser, /usr/share/cvs/contrib/rcs2log, /usr/X11R6/lib/X11/xkb/xkbcomp, /usr/lib/virtualbox/VBoxManage, /usr/share/cluster/checkquorum, /usr/share/shorewall/getparams, /usr/share/apr-0/build/libtool, /usr/share/cluster/SAPDatabase, /usr/share/cluster/SAPInstance, /etc/hotplug/hotplug\.functions, /usr/share/texmf/web2c/mktexdir, /usr/share/texmf/web2c/mktexupd, /usr/share/texmf/web2c/mktexnam, /usr/share/shorewall/configpath, /usr/sbin/insmod_ksymoops_clean, /etc/mcelog/cache-error-trigger, /usr/share/shorewall/compiler\.pl, /usr/share/dayplanner/dayplanner, /usr/libexec/openssh/sftp-server, /usr/share/texmf/texconfig/tcfmgr, /usr/share/clamav/freshclam-sleep, /usr/share/cluster/ocf-shellfuncs, /usr/share/cluster/svclib_nfslock, /usr/lib/xfce4/exo-1/exo-helper-1, /usr/share/pwlib/make/ptlib-co
nfig, /usr/share/fedora-usermgmt/wrapper, /usr/share/printconf/util/print\.py, /usr/lib/xfce4/xfwm4/helper-dialog, /etc/pki/tls/certs/make-dummy-cert, /usr/share/rhn/rhn_applet/applet\.py, /usr/share/authconfig/authconfig\.py, /usr/share/spamassassin/sa-update\.cron, /usr/share/gnucash/finance-quote-check, /usr/share/cluster/fence_scsi_check\.pl, /usr/share/selinux/devel/policygentool, /usr/share/switchdesk/switchdesk-gui\.py, /usr/share/authconfig/authconfig-gtk\.py, /usr/share/authconfig/authconfig-tui\.py, /usr/share/gitolite/hooks/common/update, /usr/share/gnucash/finance-quote-helper, /usr/lib/xfce4/exo-1/exo-compose-mail-1, /usr/share/system-config-services/gui\.py, /lib/security/pam_krb5/pam_krb5_storetmp, /usr/share/system-config-netboot/pxeos\.py, /usr/lib/xfce4/session/balou-export-theme, /usr/share/system-config-nfs/nfs-export\.py, /usr/share/system-config-printer/applet\.py, /usr/share/system-config-selinux/polgen\.py, /usr/share/PackageKit/pk-upgrade-distro\.sh,
/usr/lib/xfce4/session/balou-install-theme, /usr/share/system-config-netboot/pxeboot\.py, /usr/lib/xfce4/session/xfsm-shutdown-helper, /usr/share/rhn/rhn_applet/needed-packages\.py, /usr/lib/security/pam_krb5/pam_krb5_storetmp, /usr/share/system-logviewer/system-logviewer\.py, /usr/share/system-config-network/neat-control\.py, /usr/share/system-config-services/serviceconf\.py, /usr/share/hal/device-manager/hal-device-manager, /usr/share/system-config-lvm/system-config-lvm\.py, /usr/share/system-config-nfs/system-config-nfs\.py, /usr/share/system-config-httpd/system-config-httpd, /usr/share/system-config-mouse/system-config-mouse, /usr/share/system-config-users/system-config-users, /usr/share/system-config-date/system-config-date\.py, /usr/share/doc/ghc/html/libraries/gen_contents_index, /usr/share/gitolite/hooks/gitolite-admin/post-update, /usr/share/system-config-samba/system-config-samba\.py, /usr/share/system-config-display/system-config-display, /usr/share/system-config
-keyboard/system-config-keyboard, /usr/share/system-config-language/system-config-language, /usr/share/system-config-services/system-config-services, /usr/share/system-config-selinux/system-config-selinux\.py, /usr/share/system-config-netboot/system-config-netboot\.py, /usr/share/system-config-soundcard/system-config-soundcard, /usr/share/system-config-rootpassword/system-config-rootpassword, /usr/share/system-config-securitylevel/system-config-securitylevel\.py, /opt/google/chrome/nacl_helper_bootstrap, /usr/lib/chromium-browser/nacl_helper_bootstrap
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -11380,10 +11273,6 @@ index 0000000..4f141ab
+
+- Set files with the chrome_sandbox_nacl_exec_t type, if you want to transition an executable to the chrome_sandbox_nacl_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/chromium-browser/nacl_helper_bootstrap, /opt/google/chrome/nacl_helper_bootstrap
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -11417,19 +11306,21 @@ index 0000000..4f141ab
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), chrome_sandbox_nacl(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), chrome_sandbox_nacl(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, chrome_sandbox_selinux(8), chrome_sandbox_selinux(8)
\ No newline at end of file
diff --git a/man/man8/chrome_sandbox_selinux.8 b/man/man8/chrome_sandbox_selinux.8
new file mode 100644
-index 0000000..da5d245
+index 0000000..ddcb1aa
--- /dev/null
+++ b/man/man8/chrome_sandbox_selinux.8
-@@ -0,0 +1,203 @@
-+.TH "chrome_sandbox_selinux" "8" "chrome_sandbox" "dwalsh at redhat.com" "chrome_sandbox SELinux Policy documentation"
+@@ -0,0 +1,204 @@
++.TH "chrome_sandbox_selinux" "8" "12-10-19" "chrome_sandbox" "SELinux Policy documentation for chrome_sandbox"
+.SH "NAME"
+chrome_sandbox_selinux \- Security Enhanced Linux Policy for the chrome_sandbox processes
+.SH "DESCRIPTION"
@@ -11447,7 +11338,7 @@ index 0000000..da5d245
+
+The chrome_sandbox_t SELinux type can be entered via the "chrome_sandbox_exec_t" file type. The default entrypoint paths for the chrome_sandbox_t domain are the following:"
+
-+/usr/lib/chromium-browser/chrome-sandbox, /opt/google/chrome/chrome-sandbox
++/opt/google/chrome/chrome-sandbox, /usr/lib/chromium-browser/chrome-sandbox
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -11477,6 +11368,13 @@ index 0000000..da5d245
+.B setsebool -P unconfined_chrome_sandbox_transition 1
+.EE
+
++.PP
++If you want to allow unconfined users to transition to the chrome sandbox domains when running chrome-sandbox, you must turn on the unconfined_chrome_sandbox_transition boolean.
++
++.EX
++.B setsebool -P unconfined_chrome_sandbox_transition 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -11495,10 +11393,6 @@ index 0000000..da5d245
+
+- Set files with the chrome_sandbox_exec_t type, if you want to transition an executable to the chrome_sandbox_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/chromium-browser/chrome-sandbox, /opt/google/chrome/chrome-sandbox
+
+.EX
+.PP
@@ -11507,10 +11401,6 @@ index 0000000..da5d245
+
+- Set files with the chrome_sandbox_nacl_exec_t type, if you want to transition an executable to the chrome_sandbox_nacl_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/chromium-browser/nacl_helper_bootstrap, /opt/google/chrome/nacl_helper_bootstrap
+
+.EX
+.PP
@@ -11627,19 +11517,21 @@ index 0000000..da5d245
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), chrome_sandbox(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), chrome_sandbox(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), chrome_sandbox_nacl_selinux(8)
\ No newline at end of file
diff --git a/man/man8/chronyd_selinux.8 b/man/man8/chronyd_selinux.8
new file mode 100644
-index 0000000..b31012f
+index 0000000..9d6c6d5
--- /dev/null
+++ b/man/man8/chronyd_selinux.8
-@@ -0,0 +1,218 @@
-+.TH "chronyd_selinux" "8" "chronyd" "dwalsh at redhat.com" "chronyd SELinux Policy documentation"
+@@ -0,0 +1,216 @@
++.TH "chronyd_selinux" "8" "12-10-19" "chronyd" "SELinux Policy documentation for chronyd"
+.SH "NAME"
+chronyd_selinux \- Security Enhanced Linux Policy for the chronyd processes
+.SH "DESCRIPTION"
@@ -11750,10 +11642,6 @@ index 0000000..b31012f
+
+- Set files with the chronyd_var_run_t type, if you want to store the chronyd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/chronyd(/.*), /var/run/chronyd\.sock, /var/run/chronyd\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -11853,17 +11741,19 @@ index 0000000..b31012f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), chronyd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), chronyd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ciped_selinux.8 b/man/man8/ciped_selinux.8
new file mode 100644
-index 0000000..f437b07
+index 0000000..f030675
--- /dev/null
+++ b/man/man8/ciped_selinux.8
-@@ -0,0 +1,88 @@
-+.TH "ciped_selinux" "8" "ciped" "dwalsh at redhat.com" "ciped SELinux Policy documentation"
+@@ -0,0 +1,86 @@
++.TH "ciped_selinux" "8" "12-10-19" "ciped" "SELinux Policy documentation for ciped"
+.SH "NAME"
+ciped_selinux \- Security Enhanced Linux Policy for the ciped processes
+.SH "DESCRIPTION"
@@ -11926,10 +11816,6 @@ index 0000000..f437b07
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type ciped_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -11947,17 +11833,19 @@ index 0000000..f437b07
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ciped(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ciped(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/clamd_selinux.8 b/man/man8/clamd_selinux.8
new file mode 100644
-index 0000000..19ccf7e
+index 0000000..ae55892
--- /dev/null
+++ b/man/man8/clamd_selinux.8
-@@ -0,0 +1,265 @@
-+.TH "clamd_selinux" "8" "clamd" "dwalsh at redhat.com" "clamd SELinux Policy documentation"
+@@ -0,0 +1,284 @@
++.TH "clamd_selinux" "8" "12-10-19" "clamd" "SELinux Policy documentation for clamd"
+.SH "NAME"
+clamd_selinux \- Security Enhanced Linux Policy for the clamd processes
+.SH "DESCRIPTION"
@@ -11999,10 +11887,10 @@ index 0000000..19ccf7e
+
+
+.PP
-+If you want to allow clamscan to read user content, you must turn on the clamscan_read_user_content boolean.
++If you want to allow clamd to use JIT compiler, you must turn on the clamd_use_jit boolean.
+
+.EX
-+.B setsebool -P clamscan_read_user_content 1
++.B setsebool -P clamd_use_jit 1
+.EE
+
+.PP
@@ -12013,12 +11901,33 @@ index 0000000..19ccf7e
+.EE
+
+.PP
++If you want to allow clamscan to read user content, you must turn on the clamscan_read_user_content boolean.
++
++.EX
++.B setsebool -P clamscan_read_user_content 1
++.EE
++
++.PP
+If you want to allow clamd to use JIT compiler, you must turn on the clamd_use_jit boolean.
+
+.EX
+.B setsebool -P clamd_use_jit 1
+.EE
+
++.PP
++If you want to allow clamscan to non security files on a system, you must turn on the clamscan_can_scan_system boolean.
++
++.EX
++.B setsebool -P clamscan_can_scan_system 1
++.EE
++
++.PP
++If you want to allow clamscan to read user content, you must turn on the clamscan_read_user_content boolean.
++
++.EX
++.B setsebool -P clamscan_read_user_content 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -12045,10 +11954,6 @@ index 0000000..19ccf7e
+
+- Set files with the clamd_exec_t type, if you want to transition an executable to the clamd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/clamd, /usr/sbin/clamav-milter
+
+.EX
+.PP
@@ -12081,10 +11986,6 @@ index 0000000..19ccf7e
+
+- Set files with the clamd_var_lib_t type, if you want to store the clamd files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/clamd.*, /var/clamav(/.*)?, /var/lib/clamav(/.*)?
+
+.EX
+.PP
@@ -12093,10 +11994,6 @@ index 0000000..19ccf7e
+
+- Set files with the clamd_var_log_t type, if you want to treat the data as clamd var log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/clamav.*, /var/log/clamd.*
+
+.EX
+.PP
@@ -12105,10 +12002,6 @@ index 0000000..19ccf7e
+
+- Set files with the clamd_var_run_t type, if you want to store the clamd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/amavis(d)?/clamd\.pid, /var/run/clamd.*, /var/run/clamav.*, /var/spool/MailScanner(/.*)?, /var/spool/amavisd/clamd\.sock
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -12145,6 +12038,18 @@ index 0000000..19ccf7e
+The SELinux process type clamd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
++.B amavis_spool_t
++
++ /var/spool/amavisd(/.*)?
++.br
++
++.br
++.B antivirus_db_t
++
++ /var/opt/f-secure(/.*)?
++.br
++
++.br
+.B clamd_tmp_t
+
+
@@ -12217,19 +12122,21 @@ index 0000000..19ccf7e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), clamd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), clamd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), clamscan_selinux(8)
\ No newline at end of file
diff --git a/man/man8/clamscan_selinux.8 b/man/man8/clamscan_selinux.8
new file mode 100644
-index 0000000..d00e41b
+index 0000000..3284eb0
--- /dev/null
+++ b/man/man8/clamscan_selinux.8
-@@ -0,0 +1,142 @@
-+.TH "clamscan_selinux" "8" "clamscan" "dwalsh at redhat.com" "clamscan SELinux Policy documentation"
+@@ -0,0 +1,160 @@
++.TH "clamscan_selinux" "8" "12-10-19" "clamscan" "SELinux Policy documentation for clamscan"
+.SH "NAME"
+clamscan_selinux \- Security Enhanced Linux Policy for the clamscan processes
+.SH "DESCRIPTION"
@@ -12247,7 +12154,7 @@ index 0000000..d00e41b
+
+The clamscan_t SELinux type can be entered via the "clamscan_exec_t" file type. The default entrypoint paths for the clamscan_t domain are the following:"
+
-+/usr/bin/clamdscan, /usr/bin/clamscan
++/usr/bin/clamscan, /usr/bin/clamdscan
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -12271,6 +12178,13 @@ index 0000000..d00e41b
+
+
+.PP
++If you want to allow clamscan to non security files on a system, you must turn on the clamscan_can_scan_system boolean.
++
++.EX
++.B setsebool -P clamscan_can_scan_system 1
++.EE
++
++.PP
+If you want to allow clamscan to read user content, you must turn on the clamscan_read_user_content boolean.
+
+.EX
@@ -12284,6 +12198,13 @@ index 0000000..d00e41b
+.B setsebool -P clamscan_can_scan_system 1
+.EE
+
++.PP
++If you want to allow clamscan to read user content, you must turn on the clamscan_read_user_content boolean.
++
++.EX
++.B setsebool -P clamscan_read_user_content 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -12302,10 +12223,6 @@ index 0000000..d00e41b
+
+- Set files with the clamscan_exec_t type, if you want to transition an executable to the clamscan_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/clamdscan, /usr/bin/clamscan
+
+.EX
+.PP
@@ -12333,6 +12250,12 @@ index 0000000..d00e41b
+.br
+
+.br
++.B antivirus_db_t
++
++ /var/opt/f-secure(/.*)?
++.br
++
++.br
+.B clamd_var_lib_t
+
+ /var/clamav(/.*)?
@@ -12366,19 +12289,21 @@ index 0000000..d00e41b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), clamscan(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), clamscan(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/clogd_selinux.8 b/man/man8/clogd_selinux.8
new file mode 100644
-index 0000000..b2f5de7
+index 0000000..d0b22d5
--- /dev/null
+++ b/man/man8/clogd_selinux.8
-@@ -0,0 +1,114 @@
-+.TH "clogd_selinux" "8" "clogd" "dwalsh at redhat.com" "clogd SELinux Policy documentation"
+@@ -0,0 +1,116 @@
++.TH "clogd_selinux" "8" "12-10-19" "clogd" "SELinux Policy documentation for clogd"
+.SH "NAME"
+clogd_selinux \- Security Enhanced Linux Policy for the clogd processes
+.SH "DESCRIPTION"
@@ -12488,17 +12413,19 @@ index 0000000..b2f5de7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), clogd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), clogd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/clvmd_selinux.8 b/man/man8/clvmd_selinux.8
new file mode 100644
-index 0000000..f8e119b
+index 0000000..53be647
--- /dev/null
+++ b/man/man8/clvmd_selinux.8
-@@ -0,0 +1,140 @@
-+.TH "clvmd_selinux" "8" "clvmd" "dwalsh at redhat.com" "clvmd SELinux Policy documentation"
+@@ -0,0 +1,142 @@
++.TH "clvmd_selinux" "8" "12-10-19" "clvmd" "SELinux Policy documentation for clvmd"
+.SH "NAME"
+clvmd_selinux \- Security Enhanced Linux Policy for the clvmd processes
+.SH "DESCRIPTION"
@@ -12634,17 +12561,19 @@ index 0000000..f8e119b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), clvmd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), clvmd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/cmirrord_selinux.8 b/man/man8/cmirrord_selinux.8
new file mode 100644
-index 0000000..acb70af
+index 0000000..2cc16cc
--- /dev/null
+++ b/man/man8/cmirrord_selinux.8
-@@ -0,0 +1,122 @@
-+.TH "cmirrord_selinux" "8" "cmirrord" "dwalsh at redhat.com" "cmirrord SELinux Policy documentation"
+@@ -0,0 +1,124 @@
++.TH "cmirrord_selinux" "8" "12-10-19" "cmirrord" "SELinux Policy documentation for cmirrord"
+.SH "NAME"
+cmirrord_selinux \- Security Enhanced Linux Policy for the cmirrord processes
+.SH "DESCRIPTION"
@@ -12762,17 +12691,19 @@ index 0000000..acb70af
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cmirrord(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cmirrord(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/cobblerd_selinux.8 b/man/man8/cobblerd_selinux.8
new file mode 100644
-index 0000000..008af88
+index 0000000..68e322e
--- /dev/null
+++ b/man/man8/cobblerd_selinux.8
-@@ -0,0 +1,354 @@
-+.TH "cobblerd_selinux" "8" "cobblerd" "dwalsh at redhat.com" "cobblerd SELinux Policy documentation"
+@@ -0,0 +1,391 @@
++.TH "cobblerd_selinux" "8" "12-10-19" "cobblerd" "SELinux Policy documentation for cobblerd"
+.SH "NAME"
+cobblerd_selinux \- Security Enhanced Linux Policy for the cobblerd processes
+.SH "DESCRIPTION"
@@ -12814,6 +12745,13 @@ index 0000000..008af88
+
+
+.PP
++If you want to allow Cobbler to access nfs file systems, you must turn on the cobbler_use_nfs boolean.
++
++.EX
++.B setsebool -P cobbler_use_nfs 1
++.EE
++
++.PP
+If you want to allow Cobbler to connect to the network using TCP, you must turn on the cobbler_can_network_connect boolean.
+
+.EX
@@ -12821,6 +12759,20 @@ index 0000000..008af88
+.EE
+
+.PP
++If you want to allow HTTPD scripts and modules to connect to cobbler over the network, you must turn on the httpd_can_network_connect_cobbler boolean.
++
++.EX
++.B setsebool -P httpd_can_network_connect_cobbler 1
++.EE
++
++.PP
++If you want to allow Cobbler to access cifs file systems, you must turn on the cobbler_use_cifs boolean.
++
++.EX
++.B setsebool -P cobbler_use_cifs 1
++.EE
++
++.PP
+If you want to allow Cobbler to access nfs file systems, you must turn on the cobbler_use_nfs boolean.
+
+.EX
@@ -12828,6 +12780,13 @@ index 0000000..008af88
+.EE
+
+.PP
++If you want to allow Cobbler to connect to the network using TCP, you must turn on the cobbler_can_network_connect boolean.
++
++.EX
++.B setsebool -P cobbler_can_network_connect 1
++.EE
++
++.PP
+If you want to allow HTTPD scripts and modules to connect to cobbler over the network, you must turn on the httpd_can_network_connect_cobbler boolean.
+
+.EX
@@ -12867,6 +12826,13 @@ index 0000000..008af88
+.B setsebool -P cobbler_anon_write 1
+.EE
+
++.PP
++If you want to allow Cobbler to modify public files used for public file transfer services., you must turn on the cobbler_anon_write boolean.
++
++.EX
++.B setsebool -P cobbler_anon_write 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -13121,19 +13087,21 @@ index 0000000..008af88
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cobblerd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cobblerd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/collectd_selinux.8 b/man/man8/collectd_selinux.8
new file mode 100644
-index 0000000..1eed969
+index 0000000..12545dd
--- /dev/null
+++ b/man/man8/collectd_selinux.8
-@@ -0,0 +1,147 @@
-+.TH "collectd_selinux" "8" "collectd" "dwalsh at redhat.com" "collectd SELinux Policy documentation"
+@@ -0,0 +1,156 @@
++.TH "collectd_selinux" "8" "12-10-19" "collectd" "SELinux Policy documentation for collectd"
+.SH "NAME"
+collectd_selinux \- Security Enhanced Linux Policy for the collectd processes
+.SH "DESCRIPTION"
@@ -13181,6 +13149,13 @@ index 0000000..1eed969
+.B setsebool -P collectd_can_network_connect 1
+.EE
+
++.PP
++If you want to allow collectd to connect to the network using TCP, you must turn on the collectd_can_network_connect boolean.
++
++.EX
++.B setsebool -P collectd_can_network_connect 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -13275,19 +13250,21 @@ index 0000000..1eed969
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), collectd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), collectd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/colord_selinux.8 b/man/man8/colord_selinux.8
new file mode 100644
-index 0000000..fa0dd70
+index 0000000..4d44603
--- /dev/null
+++ b/man/man8/colord_selinux.8
-@@ -0,0 +1,170 @@
-+.TH "colord_selinux" "8" "colord" "dwalsh at redhat.com" "colord SELinux Policy documentation"
+@@ -0,0 +1,164 @@
++.TH "colord_selinux" "8" "12-10-19" "colord" "SELinux Policy documentation for colord"
+.SH "NAME"
+colord_selinux \- Security Enhanced Linux Policy for the colord processes
+.SH "DESCRIPTION"
@@ -13305,7 +13282,7 @@ index 0000000..fa0dd70
+
+The colord_t SELinux type can be entered via the "colord_exec_t" file type. The default entrypoint paths for the colord_t domain are the following:"
+
-+/usr/libexec/colord-sane, /usr/libexec/colord
++/usr/libexec/colord, /usr/libexec/colord-sane
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -13342,10 +13319,6 @@ index 0000000..fa0dd70
+
+- Set files with the colord_exec_t type, if you want to transition an executable to the colord_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/colord-sane, /usr/libexec/colord
+
+.EX
+.PP
@@ -13378,10 +13351,6 @@ index 0000000..fa0dd70
+
+- Set files with the colord_var_lib_t type, if you want to store the colord files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/color(/.*)?, /var/lib/colord(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -13453,17 +13422,19 @@ index 0000000..fa0dd70
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), colord(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), colord(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/comsat_selinux.8 b/man/man8/comsat_selinux.8
new file mode 100644
-index 0000000..b3b1028
+index 0000000..0cd9343
--- /dev/null
+++ b/man/man8/comsat_selinux.8
-@@ -0,0 +1,152 @@
-+.TH "comsat_selinux" "8" "comsat" "dwalsh at redhat.com" "comsat SELinux Policy documentation"
+@@ -0,0 +1,154 @@
++.TH "comsat_selinux" "8" "12-10-19" "comsat" "SELinux Policy documentation for comsat"
+.SH "NAME"
+comsat_selinux \- Security Enhanced Linux Policy for the comsat processes
+.SH "DESCRIPTION"
@@ -13611,17 +13582,19 @@ index 0000000..b3b1028
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), comsat(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), comsat(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/condor_collector_selinux.8 b/man/man8/condor_collector_selinux.8
new file mode 100644
-index 0000000..0c2c684
+index 0000000..3914557
--- /dev/null
+++ b/man/man8/condor_collector_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "condor_collector_selinux" "8" "condor_collector" "dwalsh at redhat.com" "condor_collector SELinux Policy documentation"
+@@ -0,0 +1,133 @@
++.TH "condor_collector_selinux" "8" "12-10-19" "condor_collector" "SELinux Policy documentation for condor_collector"
+.SH "NAME"
+condor_collector_selinux \- Security Enhanced Linux Policy for the condor_collector processes
+.SH "DESCRIPTION"
@@ -13747,19 +13720,21 @@ index 0000000..0c2c684
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), condor_collector(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), condor_collector(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, condor_master_selinux(8), condor_negotiator_selinux(8), condor_procd_selinux(8), condor_schedd_selinux(8), condor_startd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/condor_master_selinux.8 b/man/man8/condor_master_selinux.8
new file mode 100644
-index 0000000..7833cff
+index 0000000..809a87c
--- /dev/null
+++ b/man/man8/condor_master_selinux.8
-@@ -0,0 +1,117 @@
-+.TH "condor_master_selinux" "8" "condor_master" "dwalsh at redhat.com" "condor_master SELinux Policy documentation"
+@@ -0,0 +1,119 @@
++.TH "condor_master_selinux" "8" "12-10-19" "condor_master" "SELinux Policy documentation for condor_master"
+.SH "NAME"
+condor_master_selinux \- Security Enhanced Linux Policy for the condor_master processes
+.SH "DESCRIPTION"
@@ -13871,19 +13846,21 @@ index 0000000..7833cff
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), condor_master(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), condor_master(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, condor_collector_selinux(8), condor_negotiator_selinux(8), condor_procd_selinux(8), condor_schedd_selinux(8), condor_startd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/condor_negotiator_selinux.8 b/man/man8/condor_negotiator_selinux.8
new file mode 100644
-index 0000000..f3b5156
+index 0000000..7f09c41
--- /dev/null
+++ b/man/man8/condor_negotiator_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "condor_negotiator_selinux" "8" "condor_negotiator" "dwalsh at redhat.com" "condor_negotiator SELinux Policy documentation"
+@@ -0,0 +1,133 @@
++.TH "condor_negotiator_selinux" "8" "12-10-19" "condor_negotiator" "SELinux Policy documentation for condor_negotiator"
+.SH "NAME"
+condor_negotiator_selinux \- Security Enhanced Linux Policy for the condor_negotiator processes
+.SH "DESCRIPTION"
@@ -14009,19 +13986,21 @@ index 0000000..f3b5156
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), condor_negotiator(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), condor_negotiator(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, condor_collector_selinux(8), condor_master_selinux(8), condor_procd_selinux(8), condor_schedd_selinux(8), condor_startd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/condor_procd_selinux.8 b/man/man8/condor_procd_selinux.8
new file mode 100644
-index 0000000..6171951
+index 0000000..630c5a0
--- /dev/null
+++ b/man/man8/condor_procd_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "condor_procd_selinux" "8" "condor_procd" "dwalsh at redhat.com" "condor_procd SELinux Policy documentation"
+@@ -0,0 +1,133 @@
++.TH "condor_procd_selinux" "8" "12-10-19" "condor_procd" "SELinux Policy documentation for condor_procd"
+.SH "NAME"
+condor_procd_selinux \- Security Enhanced Linux Policy for the condor_procd processes
+.SH "DESCRIPTION"
@@ -14147,19 +14126,21 @@ index 0000000..6171951
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), condor_procd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), condor_procd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, condor_collector_selinux(8), condor_master_selinux(8), condor_negotiator_selinux(8), condor_schedd_selinux(8), condor_startd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/condor_schedd_selinux.8 b/man/man8/condor_schedd_selinux.8
new file mode 100644
-index 0000000..be0d967
+index 0000000..c1f7f6c
--- /dev/null
+++ b/man/man8/condor_schedd_selinux.8
-@@ -0,0 +1,143 @@
-+.TH "condor_schedd_selinux" "8" "condor_schedd" "dwalsh at redhat.com" "condor_schedd SELinux Policy documentation"
+@@ -0,0 +1,145 @@
++.TH "condor_schedd_selinux" "8" "12-10-19" "condor_schedd" "SELinux Policy documentation for condor_schedd"
+.SH "NAME"
+condor_schedd_selinux \- Security Enhanced Linux Policy for the condor_schedd processes
+.SH "DESCRIPTION"
@@ -14297,19 +14278,21 @@ index 0000000..be0d967
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), condor_schedd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), condor_schedd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, condor_collector_selinux(8), condor_master_selinux(8), condor_negotiator_selinux(8), condor_procd_selinux(8), condor_startd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/condor_startd_selinux.8 b/man/man8/condor_startd_selinux.8
new file mode 100644
-index 0000000..f4bf12b
+index 0000000..827ca88
--- /dev/null
+++ b/man/man8/condor_startd_selinux.8
@@ -0,0 +1,189 @@
-+.TH "condor_startd_selinux" "8" "condor_startd" "dwalsh at redhat.com" "condor_startd SELinux Policy documentation"
++.TH "condor_startd_selinux" "8" "12-10-19" "condor_startd" "SELinux Policy documentation for condor_startd"
+.SH "NAME"
+condor_startd_selinux \- Security Enhanced Linux Policy for the condor_startd processes
+.SH "DESCRIPTION"
@@ -14327,7 +14310,7 @@ index 0000000..f4bf12b
+
+The condor_startd_t SELinux type can be entered via the "condor_startd_exec_t" file type. The default entrypoint paths for the condor_startd_t domain are the following:"
+
-+/usr/sbin/condor_starter, /usr/sbin/condor_startd
++/usr/sbin/condor_startd, /usr/sbin/condor_starter
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -14364,10 +14347,6 @@ index 0000000..f4bf12b
+
+- Set files with the condor_startd_exec_t type, if you want to transition an executable to the condor_startd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/condor_starter, /usr/sbin/condor_startd
+
+.EX
+.PP
@@ -14437,6 +14416,8 @@ index 0000000..f4bf12b
+
+ /root/\.ssh(/.*)?
+.br
++ /var/lib/openshift/[^/]+/\.ssh(/.*)?
++.br
+ /var/lib/amanda/\.ssh(/.*)?
+.br
+ /var/lib/stickshift/[^/]+/\.ssh(/.*)?
@@ -14493,19 +14474,21 @@ index 0000000..f4bf12b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), condor_startd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), condor_startd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, condor_collector_selinux(8), condor_master_selinux(8), condor_negotiator_selinux(8), condor_procd_selinux(8), condor_schedd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/consolekit_selinux.8 b/man/man8/consolekit_selinux.8
new file mode 100644
-index 0000000..f3129b1
+index 0000000..42ffc30
--- /dev/null
+++ b/man/man8/consolekit_selinux.8
-@@ -0,0 +1,214 @@
-+.TH "consolekit_selinux" "8" "consolekit" "dwalsh at redhat.com" "consolekit SELinux Policy documentation"
+@@ -0,0 +1,212 @@
++.TH "consolekit_selinux" "8" "12-10-19" "consolekit" "SELinux Policy documentation for consolekit"
+.SH "NAME"
+consolekit_selinux \- Security Enhanced Linux Policy for the consolekit processes
+.SH "DESCRIPTION"
@@ -14592,10 +14575,6 @@ index 0000000..f3129b1
+
+- Set files with the consolekit_var_run_t type, if you want to store the consolekit files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/console-kit-daemon\.pid, /var/run/ConsoleKit(/.*)?, /var/run/consolekit\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -14715,17 +14694,19 @@ index 0000000..f3129b1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), consolekit(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), consolekit(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/consoletype_selinux.8 b/man/man8/consoletype_selinux.8
new file mode 100644
-index 0000000..cab921c
+index 0000000..21079c8
--- /dev/null
+++ b/man/man8/consoletype_selinux.8
-@@ -0,0 +1,96 @@
-+.TH "consoletype_selinux" "8" "consoletype" "dwalsh at redhat.com" "consoletype SELinux Policy documentation"
+@@ -0,0 +1,94 @@
++.TH "consoletype_selinux" "8" "12-10-19" "consoletype" "SELinux Policy documentation for consoletype"
+.SH "NAME"
+consoletype_selinux \- Security Enhanced Linux Policy for the consoletype processes
+.SH "DESCRIPTION"
@@ -14743,7 +14724,7 @@ index 0000000..cab921c
+
+The consoletype_t SELinux type can be entered via the "consoletype_exec_t" file type. The default entrypoint paths for the consoletype_t domain are the following:"
+
-+/usr/sbin/consoletype, /sbin/consoletype
++/sbin/consoletype, /usr/sbin/consoletype
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -14780,10 +14761,6 @@ index 0000000..cab921c
+
+- Set files with the consoletype_exec_t type, if you want to transition an executable to the consoletype_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/consoletype, /sbin/consoletype
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -14817,17 +14794,19 @@ index 0000000..cab921c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), consoletype(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), consoletype(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/corosync_selinux.8 b/man/man8/corosync_selinux.8
new file mode 100644
-index 0000000..b4e5a70
+index 0000000..e7ad80b
--- /dev/null
+++ b/man/man8/corosync_selinux.8
-@@ -0,0 +1,276 @@
-+.TH "corosync_selinux" "8" "corosync" "dwalsh at redhat.com" "corosync SELinux Policy documentation"
+@@ -0,0 +1,270 @@
++.TH "corosync_selinux" "8" "12-10-19" "corosync" "SELinux Policy documentation for corosync"
+.SH "NAME"
+corosync_selinux \- Security Enhanced Linux Policy for the corosync processes
+.SH "DESCRIPTION"
@@ -14845,7 +14824,7 @@ index 0000000..b4e5a70
+
+The corosync_t SELinux type can be entered via the "corosync_exec_t" file type. The default entrypoint paths for the corosync_t domain are the following:"
+
-+/usr/sbin/ccs_tool, /usr/sbin/corosync, /usr/sbin/corosync-notifyd, /usr/sbin/cman_tool
++/usr/sbin/corosync, /usr/sbin/ccs_tool, /usr/sbin/cman_tool, /usr/sbin/corosync-notifyd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -14882,10 +14861,6 @@ index 0000000..b4e5a70
+
+- Set files with the corosync_exec_t type, if you want to transition an executable to the corosync_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/ccs_tool, /usr/sbin/corosync, /usr/sbin/corosync-notifyd, /usr/sbin/cman_tool
+
+.EX
+.PP
@@ -14942,10 +14917,6 @@ index 0000000..b4e5a70
+
+- Set files with the corosync_var_run_t type, if you want to store the corosync files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/rsctmp(/.*)?, /var/run/corosync\.pid, /var/run/cman_.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -15099,17 +15070,19 @@ index 0000000..b4e5a70
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), corosync(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), corosync(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/couchdb_selinux.8 b/man/man8/couchdb_selinux.8
new file mode 100644
-index 0000000..0c7a670
+index 0000000..7a2aec2
--- /dev/null
+++ b/man/man8/couchdb_selinux.8
-@@ -0,0 +1,200 @@
-+.TH "couchdb_selinux" "8" "couchdb" "dwalsh at redhat.com" "couchdb SELinux Policy documentation"
+@@ -0,0 +1,202 @@
++.TH "couchdb_selinux" "8" "12-10-19" "couchdb" "SELinux Policy documentation for couchdb"
+.SH "NAME"
+couchdb_selinux \- Security Enhanced Linux Policy for the couchdb processes
+.SH "DESCRIPTION"
@@ -15305,17 +15278,19 @@ index 0000000..0c7a670
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), couchdb(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), couchdb(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/courier_authdaemon_selinux.8 b/man/man8/courier_authdaemon_selinux.8
new file mode 100644
-index 0000000..f9dbba1
+index 0000000..bb4a426
--- /dev/null
+++ b/man/man8/courier_authdaemon_selinux.8
-@@ -0,0 +1,139 @@
-+.TH "courier_authdaemon_selinux" "8" "courier_authdaemon" "dwalsh at redhat.com" "courier_authdaemon SELinux Policy documentation"
+@@ -0,0 +1,137 @@
++.TH "courier_authdaemon_selinux" "8" "12-10-19" "courier_authdaemon" "SELinux Policy documentation for courier_authdaemon"
+.SH "NAME"
+courier_authdaemon_selinux \- Security Enhanced Linux Policy for the courier_authdaemon processes
+.SH "DESCRIPTION"
@@ -15333,7 +15308,7 @@ index 0000000..f9dbba1
+
+The courier_authdaemon_t SELinux type can be entered via the "courier_authdaemon_exec_t" file type. The default entrypoint paths for the courier_authdaemon_t domain are the following:"
+
-+/usr/sbin/authdaemond, /usr/lib/courier/authlib/.*
++/usr/lib/courier/authlib/.*, /usr/sbin/authdaemond
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -15370,10 +15345,6 @@ index 0000000..f9dbba1
+
+- Set files with the courier_authdaemon_exec_t type, if you want to transition an executable to the courier_authdaemon_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/authdaemond, /usr/lib/courier/authlib/.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -15449,19 +15420,21 @@ index 0000000..f9dbba1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), courier_authdaemon(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), courier_authdaemon(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, courier_pcp_selinux(8), courier_pop_selinux(8), courier_sqwebmail_selinux(8), courier_tcpd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/courier_pcp_selinux.8 b/man/man8/courier_pcp_selinux.8
new file mode 100644
-index 0000000..6d77b62
+index 0000000..521d18e
--- /dev/null
+++ b/man/man8/courier_pcp_selinux.8
-@@ -0,0 +1,95 @@
-+.TH "courier_pcp_selinux" "8" "courier_pcp" "dwalsh at redhat.com" "courier_pcp SELinux Policy documentation"
+@@ -0,0 +1,97 @@
++.TH "courier_pcp_selinux" "8" "12-10-19" "courier_pcp" "SELinux Policy documentation for courier_pcp"
+.SH "NAME"
+courier_pcp_selinux \- Security Enhanced Linux Policy for the courier_pcp processes
+.SH "DESCRIPTION"
@@ -15551,19 +15524,21 @@ index 0000000..6d77b62
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), courier_pcp(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), courier_pcp(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, courier_authdaemon_selinux(8), courier_pop_selinux(8), courier_sqwebmail_selinux(8), courier_tcpd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/courier_pop_selinux.8 b/man/man8/courier_pop_selinux.8
new file mode 100644
-index 0000000..96e857a
+index 0000000..bc0ebbc
--- /dev/null
+++ b/man/man8/courier_pop_selinux.8
-@@ -0,0 +1,109 @@
-+.TH "courier_pop_selinux" "8" "courier_pop" "dwalsh at redhat.com" "courier_pop SELinux Policy documentation"
+@@ -0,0 +1,107 @@
++.TH "courier_pop_selinux" "8" "12-10-19" "courier_pop" "SELinux Policy documentation for courier_pop"
+.SH "NAME"
+courier_pop_selinux \- Security Enhanced Linux Policy for the courier_pop processes
+.SH "DESCRIPTION"
@@ -15581,7 +15556,7 @@ index 0000000..96e857a
+
+The courier_pop_t SELinux type can be entered via the "courier_pop_exec_t" file type. The default entrypoint paths for the courier_pop_t domain are the following:"
+
-+/usr/lib/courier/imapd, /usr/lib/courier/courier/courierpop.*, /usr/lib/courier/pop3d, /usr/lib/courier/courier/imaplogin, /usr/bin/imapd
++/usr/lib/courier/courier/courierpop.*, /usr/bin/imapd, /usr/lib/courier/imapd, /usr/lib/courier/pop3d, /usr/lib/courier/courier/imaplogin
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -15618,10 +15593,6 @@ index 0000000..96e857a
+
+- Set files with the courier_pop_exec_t type, if you want to transition an executable to the courier_pop_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/courier/imapd, /usr/lib/courier/courier/courierpop.*, /usr/lib/courier/pop3d, /usr/lib/courier/courier/imaplogin, /usr/bin/imapd
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -15667,19 +15638,21 @@ index 0000000..96e857a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), courier_pop(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), courier_pop(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, courier_authdaemon_selinux(8), courier_pcp_selinux(8), courier_sqwebmail_selinux(8), courier_tcpd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/courier_sqwebmail_selinux.8 b/man/man8/courier_sqwebmail_selinux.8
new file mode 100644
-index 0000000..0e6c094
+index 0000000..96d0d56
--- /dev/null
+++ b/man/man8/courier_sqwebmail_selinux.8
-@@ -0,0 +1,95 @@
-+.TH "courier_sqwebmail_selinux" "8" "courier_sqwebmail" "dwalsh at redhat.com" "courier_sqwebmail SELinux Policy documentation"
+@@ -0,0 +1,97 @@
++.TH "courier_sqwebmail_selinux" "8" "12-10-19" "courier_sqwebmail" "SELinux Policy documentation for courier_sqwebmail"
+.SH "NAME"
+courier_sqwebmail_selinux \- Security Enhanced Linux Policy for the courier_sqwebmail processes
+.SH "DESCRIPTION"
@@ -15769,19 +15742,21 @@ index 0000000..0e6c094
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), courier_sqwebmail(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), courier_sqwebmail(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, courier_authdaemon_selinux(8), courier_pcp_selinux(8), courier_pop_selinux(8), courier_tcpd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/courier_tcpd_selinux.8 b/man/man8/courier_tcpd_selinux.8
new file mode 100644
-index 0000000..29f69f1
+index 0000000..e8aff03
--- /dev/null
+++ b/man/man8/courier_tcpd_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "courier_tcpd_selinux" "8" "courier_tcpd" "dwalsh at redhat.com" "courier_tcpd SELinux Policy documentation"
+@@ -0,0 +1,105 @@
++.TH "courier_tcpd_selinux" "8" "12-10-19" "courier_tcpd" "SELinux Policy documentation for courier_tcpd"
+.SH "NAME"
+courier_tcpd_selinux \- Security Enhanced Linux Policy for the courier_tcpd processes
+.SH "DESCRIPTION"
@@ -15879,19 +15854,21 @@ index 0000000..29f69f1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), courier_tcpd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), courier_tcpd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, courier_authdaemon_selinux(8), courier_pcp_selinux(8), courier_pop_selinux(8), courier_sqwebmail_selinux(8)
\ No newline at end of file
diff --git a/man/man8/cpucontrol_selinux.8 b/man/man8/cpucontrol_selinux.8
new file mode 100644
-index 0000000..141c803
+index 0000000..24ee8bc
--- /dev/null
+++ b/man/man8/cpucontrol_selinux.8
-@@ -0,0 +1,100 @@
-+.TH "cpucontrol_selinux" "8" "cpucontrol" "dwalsh at redhat.com" "cpucontrol SELinux Policy documentation"
+@@ -0,0 +1,94 @@
++.TH "cpucontrol_selinux" "8" "12-10-19" "cpucontrol" "SELinux Policy documentation for cpucontrol"
+.SH "NAME"
+cpucontrol_selinux \- Security Enhanced Linux Policy for the cpucontrol processes
+.SH "DESCRIPTION"
@@ -15954,10 +15931,6 @@ index 0000000..141c803
+
+- Set files with the cpucontrol_exec_t type, if you want to transition an executable to the cpucontrol_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/microcode_ctl, /usr/sbin/microcode_ctl
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -15966,10 +15939,6 @@ index 0000000..141c803
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type cpucontrol_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -15987,17 +15956,19 @@ index 0000000..141c803
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cpucontrol(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cpucontrol(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/cpufreqselector_selinux.8 b/man/man8/cpufreqselector_selinux.8
new file mode 100644
-index 0000000..e0e5950
+index 0000000..70beb94
--- /dev/null
+++ b/man/man8/cpufreqselector_selinux.8
-@@ -0,0 +1,94 @@
-+.TH "cpufreqselector_selinux" "8" "cpufreqselector" "dwalsh at redhat.com" "cpufreqselector SELinux Policy documentation"
+@@ -0,0 +1,96 @@
++.TH "cpufreqselector_selinux" "8" "12-10-19" "cpufreqselector" "SELinux Policy documentation for cpufreqselector"
+.SH "NAME"
+cpufreqselector_selinux \- Security Enhanced Linux Policy for the cpufreqselector processes
+.SH "DESCRIPTION"
@@ -16087,17 +16058,19 @@ index 0000000..e0e5950
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cpufreqselector(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cpufreqselector(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/cpuspeed_selinux.8 b/man/man8/cpuspeed_selinux.8
new file mode 100644
-index 0000000..130c2d7
+index 0000000..0d8c452
--- /dev/null
+++ b/man/man8/cpuspeed_selinux.8
-@@ -0,0 +1,112 @@
-+.TH "cpuspeed_selinux" "8" "cpuspeed" "dwalsh at redhat.com" "cpuspeed SELinux Policy documentation"
+@@ -0,0 +1,110 @@
++.TH "cpuspeed_selinux" "8" "12-10-19" "cpuspeed" "SELinux Policy documentation for cpuspeed"
+.SH "NAME"
+cpuspeed_selinux \- Security Enhanced Linux Policy for the cpuspeed processes
+.SH "DESCRIPTION"
@@ -16115,7 +16088,7 @@ index 0000000..130c2d7
+
+The cpuspeed_t SELinux type can be entered via the "cpuspeed_exec_t" file type. The default entrypoint paths for the cpuspeed_t domain are the following:"
+
-+/usr/sbin/cpuspeed, /usr/sbin/powernowd, /usr/sbin/cpufreqd
++/usr/sbin/cpufreqd, /usr/sbin/cpuspeed, /usr/sbin/powernowd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -16152,10 +16125,6 @@ index 0000000..130c2d7
+
+- Set files with the cpuspeed_exec_t type, if you want to transition an executable to the cpuspeed_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/cpuspeed, /usr/sbin/powernowd, /usr/sbin/cpufreqd
+
+.EX
+.PP
@@ -16205,17 +16174,19 @@ index 0000000..130c2d7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cpuspeed(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cpuspeed(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/crack_selinux.8 b/man/man8/crack_selinux.8
new file mode 100644
-index 0000000..4b3aa2f
+index 0000000..d90fbd7
--- /dev/null
+++ b/man/man8/crack_selinux.8
-@@ -0,0 +1,126 @@
-+.TH "crack_selinux" "8" "crack" "dwalsh at redhat.com" "crack SELinux Policy documentation"
+@@ -0,0 +1,120 @@
++.TH "crack_selinux" "8" "12-10-19" "crack" "SELinux Policy documentation for crack"
+.SH "NAME"
+crack_selinux \- Security Enhanced Linux Policy for the crack processes
+.SH "DESCRIPTION"
@@ -16233,7 +16204,7 @@ index 0000000..4b3aa2f
+
+The crack_t SELinux type can be entered via the "crack_exec_t" file type. The default entrypoint paths for the crack_t domain are the following:"
+
-+/usr/sbin/cracklib-[a-z]*, /usr/sbin/crack_[a-z]*
++/usr/sbin/crack_[a-z]*, /usr/sbin/cracklib-[a-z]*
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -16270,10 +16241,6 @@ index 0000000..4b3aa2f
+
+- Set files with the crack_db_t type, if you want to treat the files as crack database content.
+
-+.br
-+.TP 5
-+Paths:
-+/var/cache/cracklib(/.*)?, /usr/share/cracklib(/.*)?, /usr/lib/cracklib_dict.*
+
+.EX
+.PP
@@ -16282,10 +16249,6 @@ index 0000000..4b3aa2f
+
+- Set files with the crack_exec_t type, if you want to transition an executable to the crack_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/cracklib-[a-z]*, /usr/sbin/crack_[a-z]*
+
+.EX
+.PP
@@ -16337,17 +16300,19 @@ index 0000000..4b3aa2f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), crack(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), crack(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/crond_selinux.8 b/man/man8/crond_selinux.8
new file mode 100644
-index 0000000..9c37542
+index 0000000..ec1235d
--- /dev/null
+++ b/man/man8/crond_selinux.8
-@@ -0,0 +1,306 @@
-+.TH "crond_selinux" "8" "crond" "dwalsh at redhat.com" "crond SELinux Policy documentation"
+@@ -0,0 +1,310 @@
++.TH "crond_selinux" "8" "12-10-19" "crond" "SELinux Policy documentation for crond"
+.SH "NAME"
+crond_selinux \- Security Enhanced Linux Policy for the crond processes
+.SH "DESCRIPTION"
@@ -16365,7 +16330,7 @@ index 0000000..9c37542
+
+The crond_t SELinux type can be entered via the "crond_exec_t" file type. The default entrypoint paths for the crond_t domain are the following:"
+
-+/usr/sbin/fcron, /usr/sbin/cron(d)?, /usr/sbin/atd
++/usr/sbin/cron(d)?, /usr/sbin/atd, /usr/sbin/fcron
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -16402,6 +16367,20 @@ index 0000000..9c37542
+.B setsebool -P cron_can_relabel 1
+.EE
+
++.PP
++If you want to enable extra rules in the cron domain to support fcron, you must turn on the fcron_crond boolean.
++
++.EX
++.B setsebool -P fcron_crond 1
++.EE
++
++.PP
++If you want to allow system cron jobs to relabel filesystem for restoring file contexts, you must turn on the cron_can_relabel boolean.
++
++.EX
++.B setsebool -P cron_can_relabel 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -16420,10 +16399,6 @@ index 0000000..9c37542
+
+- Set files with the crond_exec_t type, if you want to transition an executable to the crond_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/fcron, /usr/sbin/cron(d)?, /usr/sbin/atd
+
+.EX
+.PP
@@ -16448,10 +16423,6 @@ index 0000000..9c37542
+
+- Set files with the crond_unit_file_t type, if you want to treat the files as crond unit content.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/systemd/system/crond.*, /usr/lib/systemd/system/atd.*
+
+.EX
+.PP
@@ -16460,10 +16431,6 @@ index 0000000..9c37542
+
+- Set files with the crond_var_run_t type, if you want to store the crond files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/crond?\.pid, /var/run/.*cron.*, /var/run/fcron\.pid, /var/run/crond?\.reboot, /var/run/fcron\.fifo, /var/run/atd\.pid, /var/run/anacron\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -16648,19 +16615,21 @@ index 0000000..9c37542
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), crond(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), crond(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), crontab_selinux(8)
\ No newline at end of file
diff --git a/man/man8/crontab_selinux.8 b/man/man8/crontab_selinux.8
new file mode 100644
-index 0000000..57f2c5b
+index 0000000..28aa369
--- /dev/null
+++ b/man/man8/crontab_selinux.8
-@@ -0,0 +1,192 @@
-+.TH "crontab_selinux" "8" "crontab" "dwalsh at redhat.com" "crontab SELinux Policy documentation"
+@@ -0,0 +1,190 @@
++.TH "crontab_selinux" "8" "12-10-19" "crontab" "SELinux Policy documentation for crontab"
+.SH "NAME"
+crontab_selinux \- Security Enhanced Linux Policy for the crontab processes
+.SH "DESCRIPTION"
@@ -16678,7 +16647,7 @@ index 0000000..57f2c5b
+
+The crontab_t SELinux type can be entered via the "crontab_exec_t" file type. The default entrypoint paths for the crontab_t domain are the following:"
+
-+/usr/bin/(f)?crontab, /usr/sbin/fcronsighup, /usr/bin/at
++/usr/bin/(f)?crontab, /usr/bin/at, /usr/sbin/fcronsighup
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -16715,10 +16684,6 @@ index 0000000..57f2c5b
+
+- Set files with the crontab_exec_t type, if you want to transition an executable to the crontab_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/(f)?crontab, /usr/sbin/fcronsighup, /usr/bin/at
+
+.EX
+.PP
@@ -16848,17 +16813,19 @@ index 0000000..57f2c5b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), crontab(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), crontab(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ctdbd_selinux.8 b/man/man8/ctdbd_selinux.8
new file mode 100644
-index 0000000..255ab0a
+index 0000000..d517648
--- /dev/null
+++ b/man/man8/ctdbd_selinux.8
-@@ -0,0 +1,220 @@
-+.TH "ctdbd_selinux" "8" "ctdbd" "dwalsh at redhat.com" "ctdbd SELinux Policy documentation"
+@@ -0,0 +1,232 @@
++.TH "ctdbd_selinux" "8" "12-10-19" "ctdbd" "SELinux Policy documentation for ctdbd"
+.SH "NAME"
+ctdbd_selinux \- Security Enhanced Linux Policy for the ctdbd processes
+.SH "DESCRIPTION"
@@ -16953,10 +16920,6 @@ index 0000000..255ab0a
+
+- Set files with the ctdbd_var_lib_t type, if you want to store the ctdbd files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/ctdb(/.*)?, /etc/ctdb(/.*)?, /var/lib/ctdbd(/.*)?, /var/ctdbd(/.*)?
+
+.EX
+.PP
@@ -17056,6 +17019,20 @@ index 0000000..255ab0a
+
+.SH NSSWITCH DOMAIN
+
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ctdbd_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the ctdbd_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -17074,17 +17051,19 @@ index 0000000..255ab0a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ctdbd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ctdbd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/cups_pdf_selinux.8 b/man/man8/cups_pdf_selinux.8
new file mode 100644
-index 0000000..19f90ea
+index 0000000..efa83f7
--- /dev/null
+++ b/man/man8/cups_pdf_selinux.8
-@@ -0,0 +1,149 @@
-+.TH "cups_pdf_selinux" "8" "cups_pdf" "dwalsh at redhat.com" "cups_pdf SELinux Policy documentation"
+@@ -0,0 +1,151 @@
++.TH "cups_pdf_selinux" "8" "12-10-19" "cups_pdf" "SELinux Policy documentation for cups_pdf"
+.SH "NAME"
+cups_pdf_selinux \- Security Enhanced Linux Policy for the cups_pdf processes
+.SH "DESCRIPTION"
@@ -17228,19 +17207,21 @@ index 0000000..19f90ea
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cups_pdf(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cups_pdf(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, cupsd_selinux(8), cupsd_config_selinux(8), cupsd_lpd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/cupsd_config_selinux.8 b/man/man8/cupsd_config_selinux.8
new file mode 100644
-index 0000000..a1afd7f
+index 0000000..2aef2f9
--- /dev/null
+++ b/man/man8/cupsd_config_selinux.8
@@ -0,0 +1,207 @@
-+.TH "cupsd_config_selinux" "8" "cupsd_config" "dwalsh at redhat.com" "cupsd_config SELinux Policy documentation"
++.TH "cupsd_config_selinux" "8" "12-10-19" "cupsd_config" "SELinux Policy documentation for cupsd_config"
+.SH "NAME"
+cupsd_config_selinux \- Security Enhanced Linux Policy for the cupsd_config processes
+.SH "DESCRIPTION"
@@ -17258,7 +17239,7 @@ index 0000000..a1afd7f
+
+The cupsd_config_t SELinux type can be entered via the "cupsd_config_exec_t" file type. The default entrypoint paths for the cupsd_config_t domain are the following:"
+
-+/usr/sbin/printconf-backend, /usr/sbin/hal_lpadmin, /usr/lib/udev/udev-configure-printer, /usr/libexec/cups-pk-helper-mechanism, /usr/bin/cups-config-daemon, /usr/libexec/hal_lpadmin, /lib/udev/udev-configure-printer
++/usr/sbin/hal_lpadmin, /usr/libexec/hal_lpadmin, /usr/bin/cups-config-daemon, /usr/sbin/printconf-backend, /lib/udev/udev-configure-printer, /usr/lib/udev/udev-configure-printer, /usr/libexec/cups-pk-helper-mechanism
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -17295,10 +17276,6 @@ index 0000000..a1afd7f
+
+- Set files with the cupsd_config_exec_t type, if you want to transition an executable to the cupsd_config_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/printconf-backend, /usr/sbin/hal_lpadmin, /usr/lib/udev/udev-configure-printer, /usr/libexec/cups-pk-helper-mechanism, /usr/bin/cups-config-daemon, /usr/libexec/hal_lpadmin, /lib/udev/udev-configure-printer
+
+.EX
+.PP
@@ -17362,6 +17339,8 @@ index 0000000..a1afd7f
+.br
+ /etc/cups/certs/.*
+.br
++ /etc/opt/Brother/(.*/)?inf(/.*)?
++.br
+ /etc/cups/lpoptions.*
+.br
+ /var/cache/foomatic(/.*)?
@@ -17442,19 +17421,21 @@ index 0000000..a1afd7f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cupsd_config(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cupsd_config(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, cupsd_selinux(8), cupsd_selinux(8), cupsd_lpd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/cupsd_lpd_selinux.8 b/man/man8/cupsd_lpd_selinux.8
new file mode 100644
-index 0000000..3f1d5b7
+index 0000000..e53c5c9
--- /dev/null
+++ b/man/man8/cupsd_lpd_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "cupsd_lpd_selinux" "8" "cupsd_lpd" "dwalsh at redhat.com" "cupsd_lpd SELinux Policy documentation"
+@@ -0,0 +1,129 @@
++.TH "cupsd_lpd_selinux" "8" "12-10-19" "cupsd_lpd" "SELinux Policy documentation for cupsd_lpd"
+.SH "NAME"
+cupsd_lpd_selinux \- Security Enhanced Linux Policy for the cupsd_lpd processes
+.SH "DESCRIPTION"
@@ -17576,19 +17557,21 @@ index 0000000..3f1d5b7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cupsd_lpd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cupsd_lpd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, cupsd_selinux(8), cupsd_selinux(8), cupsd_config_selinux(8)
\ No newline at end of file
diff --git a/man/man8/cupsd_selinux.8 b/man/man8/cupsd_selinux.8
new file mode 100644
-index 0000000..4b2650a
+index 0000000..d4f4e5b
--- /dev/null
+++ b/man/man8/cupsd_selinux.8
-@@ -0,0 +1,401 @@
-+.TH "cupsd_selinux" "8" "cupsd" "dwalsh at redhat.com" "cupsd SELinux Policy documentation"
+@@ -0,0 +1,387 @@
++.TH "cupsd_selinux" "8" "12-10-19" "cupsd" "SELinux Policy documentation for cupsd"
+.SH "NAME"
+cupsd_selinux \- Security Enhanced Linux Policy for the cupsd processes
+.SH "DESCRIPTION"
@@ -17643,10 +17626,6 @@ index 0000000..4b2650a
+
+- Set files with the cupsd_config_exec_t type, if you want to transition an executable to the cupsd_config_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/printconf-backend, /usr/sbin/hal_lpadmin, /usr/lib/udev/udev-configure-printer, /usr/libexec/cups-pk-helper-mechanism, /usr/bin/cups-config-daemon, /usr/libexec/hal_lpadmin, /lib/udev/udev-configure-printer
+
+.EX
+.PP
@@ -17663,10 +17642,6 @@ index 0000000..4b2650a
+
+- Set files with the cupsd_etc_t type, if you want to store cupsd files in the /etc directories.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/cups(/.*)?, /etc/cups(/.*)?
+
+.EX
+.PP
@@ -17707,10 +17682,6 @@ index 0000000..4b2650a
+
+- Set files with the cupsd_log_t type, if you want to treat the data as cupsd log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/cups(/.*)?, /var/log/turboprint.*, /usr/Brother/fax/.*\.log.*
+
+.EX
+.PP
@@ -17743,10 +17714,6 @@ index 0000000..4b2650a
+
+- Set files with the cupsd_rw_etc_t type, if you want to store cupsd rw files in the /etc directories.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/cups/lpoptions.*, /usr/local/linuxprinter/ppd(/.*)?, /usr/Brother/(.*/)?inf(/.*)?, /opt/brother/Printers(.*/)?inf(/.*)?, /etc/cups/subscriptions.*, /etc/cups/classes\.conf.*, /usr/lib/bjlib(/.*)?, /etc/cups/ppd(/.*)?, /opt/gutenprint/ppds(/.*)?, /etc/printcap.*, /var/lib/iscan(/.*)?, /etc/alchemist/namespace/printconf(/.*)?, /var/lib/cups/certs, /etc/cups/ppds\.dat, /etc/cups/certs, /etc/cups/certs/.*, /etc/cups/printers\.conf.*, /var/lib/cups/certs/.*, /var/cache/foomatic(/.*)?, /var/cache/alchemist/printconf.*, /etc/cups/cupsd\.conf.*, /usr/Printer/(.*/)?inf(/.*)?, /var/cache/cups(/.*)?, /usr/share/foomatic/db/oldprinterids
+
+.EX
+.PP
@@ -17771,10 +17738,6 @@ index 0000000..4b2650a
+
+- Set files with the cupsd_var_run_t type, if you want to store the cupsd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/ccpd(/.*)?, /var/ekpd(/.*)?, /var/turboprint(/.*)?, /var/run/cups(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -17826,6 +17789,8 @@ index 0000000..4b2650a
+.br
+ /etc/cups/certs/.*
+.br
++ /etc/opt/Brother/(.*/)?inf(/.*)?
++.br
+ /etc/cups/lpoptions.*
+.br
+ /var/cache/foomatic(/.*)?
@@ -17894,6 +17859,8 @@ index 0000000..4b2650a
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -17984,19 +17951,21 @@ index 0000000..4b2650a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cupsd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cupsd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, cups_pdf_selinux(8), cupsd_config_selinux(8), cupsd_lpd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/cvs_selinux.8 b/man/man8/cvs_selinux.8
new file mode 100644
-index 0000000..83bc267
+index 0000000..802558f
--- /dev/null
+++ b/man/man8/cvs_selinux.8
-@@ -0,0 +1,231 @@
-+.TH "cvs_selinux" "8" "cvs" "dwalsh at redhat.com" "cvs SELinux Policy documentation"
+@@ -0,0 +1,236 @@
++.TH "cvs_selinux" "8" "12-10-19" "cvs" "SELinux Policy documentation for cvs"
+.SH "NAME"
+cvs_selinux \- Security Enhanced Linux Policy for the cvs processes
+.SH "DESCRIPTION"
@@ -18044,6 +18013,13 @@ index 0000000..83bc267
+.B setsebool -P cvs_read_shadow 1
+.EE
+
++.PP
++If you want to allow cvs daemon to read shadow, you must turn on the cvs_read_shadow boolean.
++
++.EX
++.B setsebool -P cvs_read_shadow 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -18062,10 +18038,6 @@ index 0000000..83bc267
+
+- Set files with the cvs_data_t type, if you want to treat the files as cvs content.
+
-+.br
-+.TP 5
-+Paths:
-+/opt/cvs(/.*)?, /var/cvs(/.*)?
+
+.EX
+.PP
@@ -18222,19 +18194,21 @@ index 0000000..83bc267
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cvs(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cvs(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/cyphesis_selinux.8 b/man/man8/cyphesis_selinux.8
new file mode 100644
-index 0000000..2dc2eef
+index 0000000..cbacb17
--- /dev/null
+++ b/man/man8/cyphesis_selinux.8
-@@ -0,0 +1,152 @@
-+.TH "cyphesis_selinux" "8" "cyphesis" "dwalsh at redhat.com" "cyphesis SELinux Policy documentation"
+@@ -0,0 +1,154 @@
++.TH "cyphesis_selinux" "8" "12-10-19" "cyphesis" "SELinux Policy documentation for cyphesis"
+.SH "NAME"
+cyphesis_selinux \- Security Enhanced Linux Policy for the cyphesis processes
+.SH "DESCRIPTION"
@@ -18382,17 +18356,19 @@ index 0000000..2dc2eef
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cyphesis(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cyphesis(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/cyrus_selinux.8 b/man/man8/cyrus_selinux.8
new file mode 100644
-index 0000000..1a18766
+index 0000000..d868f1c
--- /dev/null
+++ b/man/man8/cyrus_selinux.8
-@@ -0,0 +1,176 @@
-+.TH "cyrus_selinux" "8" "cyrus" "dwalsh at redhat.com" "cyrus SELinux Policy documentation"
+@@ -0,0 +1,170 @@
++.TH "cyrus_selinux" "8" "12-10-19" "cyrus" "SELinux Policy documentation for cyrus"
+.SH "NAME"
+cyrus_selinux \- Security Enhanced Linux Policy for the cyrus processes
+.SH "DESCRIPTION"
@@ -18410,7 +18386,7 @@ index 0000000..1a18766
+
+The cyrus_t SELinux type can be entered via the "cyrus_exec_t" file type. The default entrypoint paths for the cyrus_t domain are the following:"
+
-+/usr/lib/cyrus-imapd/cyrus-master, /usr/lib/cyrus/master
++/usr/lib/cyrus/master, /usr/lib/cyrus-imapd/cyrus-master
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -18447,10 +18423,6 @@ index 0000000..1a18766
+
+- Set files with the cyrus_exec_t type, if you want to transition an executable to the cyrus_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/cyrus-imapd/cyrus-master, /usr/lib/cyrus/master
+
+.EX
+.PP
@@ -18483,10 +18455,6 @@ index 0000000..1a18766
+
+- Set files with the cyrus_var_lib_t type, if you want to store the cyrus files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/imap(/.*)?, /var/lib/imap(/.*)?
+
+.EX
+.PP
@@ -18564,16 +18532,18 @@ index 0000000..1a18766
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), cyrus(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), cyrus(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/dbadm_selinux.8 b/man/man8/dbadm_selinux.8
new file mode 100644
-index 0000000..64bb7e5
+index 0000000..3fc5256
--- /dev/null
+++ b/man/man8/dbadm_selinux.8
-@@ -0,0 +1,202 @@
+@@ -0,0 +1,225 @@
+.TH "dbadm_selinux" "8" "dbadm" "mgrepl at redhat.com" "dbadm SELinux Policy documentation"
+.SH "NAME"
+dbadm_r \- \fBDatabase administrator role\fP - Security Enhanced Linux Policy
@@ -18621,6 +18591,13 @@ index 0000000..64bb7e5
+
+
+.PP
++If you want to allow database admins to execute DML statement, you must turn on the postgresql_selinux_unconfined_dbadm boolean.
++
++.EX
++.B setsebool -P postgresql_selinux_unconfined_dbadm 1
++.EE
++
++.PP
+If you want to allow dbadm to manage files in users home directories, you must turn on the dbadm_manage_user_files boolean.
+
+.EX
@@ -18628,6 +18605,13 @@ index 0000000..64bb7e5
+.EE
+
+.PP
++If you want to allow dbadm to read files in users home directories, you must turn on the dbadm_read_user_files boolean.
++
++.EX
++.B setsebool -P dbadm_read_user_files 1
++.EE
++
++.PP
+If you want to allow database admins to execute DML statement, you must turn on the postgresql_selinux_unconfined_dbadm boolean.
+
+.EX
@@ -18635,6 +18619,13 @@ index 0000000..64bb7e5
+.EE
+
+.PP
++If you want to allow dbadm to manage files in users home directories, you must turn on the dbadm_manage_user_files boolean.
++
++.EX
++.B setsebool -P dbadm_manage_user_files 1
++.EE
++
++.PP
+If you want to allow dbadm to read files in users home directories, you must turn on the dbadm_read_user_files boolean.
+
+.EX
@@ -18771,19 +18762,21 @@ index 0000000..64bb7e5
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dbadm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dbadm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/dbskkd_selinux.8 b/man/man8/dbskkd_selinux.8
new file mode 100644
-index 0000000..a464792
+index 0000000..6f1234e
--- /dev/null
+++ b/man/man8/dbskkd_selinux.8
-@@ -0,0 +1,152 @@
-+.TH "dbskkd_selinux" "8" "dbskkd" "dwalsh at redhat.com" "dbskkd SELinux Policy documentation"
+@@ -0,0 +1,154 @@
++.TH "dbskkd_selinux" "8" "12-10-19" "dbskkd" "SELinux Policy documentation for dbskkd"
+.SH "NAME"
+dbskkd_selinux \- Security Enhanced Linux Policy for the dbskkd processes
+.SH "DESCRIPTION"
@@ -18931,17 +18924,19 @@ index 0000000..a464792
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dbskkd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dbskkd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/dcc_client_selinux.8 b/man/man8/dcc_client_selinux.8
new file mode 100644
-index 0000000..50527e4
+index 0000000..ac0662c
--- /dev/null
+++ b/man/man8/dcc_client_selinux.8
-@@ -0,0 +1,149 @@
-+.TH "dcc_client_selinux" "8" "dcc_client" "dwalsh at redhat.com" "dcc_client SELinux Policy documentation"
+@@ -0,0 +1,147 @@
++.TH "dcc_client_selinux" "8" "12-10-19" "dcc_client" "SELinux Policy documentation for dcc_client"
+.SH "NAME"
+dcc_client_selinux \- Security Enhanced Linux Policy for the dcc_client processes
+.SH "DESCRIPTION"
@@ -19004,10 +18999,6 @@ index 0000000..50527e4
+
+- Set files with the dcc_client_map_t type, if you want to treat the files as dcc client map data.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/dcc/map, /etc/dcc/map, /var/run/dcc/map, /var/dcc/map
+
+.EX
+.PP
@@ -19085,19 +19076,21 @@ index 0000000..50527e4
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dcc_client(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dcc_client(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, dcc_dbclean_selinux(8), dccd_selinux(8), dccifd_selinux(8), dccm_selinux(8)
\ No newline at end of file
diff --git a/man/man8/dcc_dbclean_selinux.8 b/man/man8/dcc_dbclean_selinux.8
new file mode 100644
-index 0000000..7003318
+index 0000000..61dcf85
--- /dev/null
+++ b/man/man8/dcc_dbclean_selinux.8
-@@ -0,0 +1,137 @@
-+.TH "dcc_dbclean_selinux" "8" "dcc_dbclean" "dwalsh at redhat.com" "dcc_dbclean SELinux Policy documentation"
+@@ -0,0 +1,139 @@
++.TH "dcc_dbclean_selinux" "8" "12-10-19" "dcc_dbclean" "SELinux Policy documentation for dcc_dbclean"
+.SH "NAME"
+dcc_dbclean_selinux \- Security Enhanced Linux Policy for the dcc_dbclean processes
+.SH "DESCRIPTION"
@@ -19229,19 +19222,21 @@ index 0000000..7003318
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dcc_dbclean(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dcc_dbclean(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, dcc_client_selinux(8), dccd_selinux(8), dccifd_selinux(8), dccm_selinux(8)
\ No newline at end of file
diff --git a/man/man8/dccd_selinux.8 b/man/man8/dccd_selinux.8
new file mode 100644
-index 0000000..5581ca6
+index 0000000..68ac570
--- /dev/null
+++ b/man/man8/dccd_selinux.8
-@@ -0,0 +1,188 @@
-+.TH "dccd_selinux" "8" "dccd" "dwalsh at redhat.com" "dccd SELinux Policy documentation"
+@@ -0,0 +1,190 @@
++.TH "dccd_selinux" "8" "12-10-19" "dccd" "SELinux Policy documentation for dccd"
+.SH "NAME"
+dccd_selinux \- Security Enhanced Linux Policy for the dccd processes
+.SH "DESCRIPTION"
@@ -19424,19 +19419,21 @@ index 0000000..5581ca6
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dccd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dccd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, dcc_client_selinux(8), dcc_dbclean_selinux(8), dccifd_selinux(8), dccm_selinux(8)
\ No newline at end of file
diff --git a/man/man8/dccifd_selinux.8 b/man/man8/dccifd_selinux.8
new file mode 100644
-index 0000000..a504eed
+index 0000000..d5820cd
--- /dev/null
+++ b/man/man8/dccifd_selinux.8
-@@ -0,0 +1,156 @@
-+.TH "dccifd_selinux" "8" "dccifd" "dwalsh at redhat.com" "dccifd SELinux Policy documentation"
+@@ -0,0 +1,154 @@
++.TH "dccifd_selinux" "8" "12-10-19" "dccifd" "SELinux Policy documentation for dccifd"
+.SH "NAME"
+dccifd_selinux \- Security Enhanced Linux Policy for the dccifd processes
+.SH "DESCRIPTION"
@@ -19507,10 +19504,6 @@ index 0000000..a504eed
+
+- Set files with the dccifd_var_run_t type, if you want to store the dccifd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/dcc/dccifd, /var/run/dcc/dccifd
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -19588,17 +19581,19 @@ index 0000000..a504eed
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dccifd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dccifd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/dccm_selinux.8 b/man/man8/dccm_selinux.8
new file mode 100644
-index 0000000..00c7ca1
+index 0000000..8920c95
--- /dev/null
+++ b/man/man8/dccm_selinux.8
-@@ -0,0 +1,176 @@
-+.TH "dccm_selinux" "8" "dccm" "dwalsh at redhat.com" "dccm SELinux Policy documentation"
+@@ -0,0 +1,178 @@
++.TH "dccm_selinux" "8" "12-10-19" "dccm" "SELinux Policy documentation for dccm"
+.SH "NAME"
+dccm_selinux \- Security Enhanced Linux Policy for the dccm processes
+.SH "DESCRIPTION"
@@ -19770,17 +19765,19 @@ index 0000000..00c7ca1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dccm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dccm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/dcerpcd_selinux.8 b/man/man8/dcerpcd_selinux.8
new file mode 100644
-index 0000000..e300fa2
+index 0000000..93e83ff
--- /dev/null
+++ b/man/man8/dcerpcd_selinux.8
-@@ -0,0 +1,122 @@
-+.TH "dcerpcd_selinux" "8" "dcerpcd" "dwalsh at redhat.com" "dcerpcd SELinux Policy documentation"
+@@ -0,0 +1,124 @@
++.TH "dcerpcd_selinux" "8" "12-10-19" "dcerpcd" "SELinux Policy documentation for dcerpcd"
+.SH "NAME"
+dcerpcd_selinux \- Security Enhanced Linux Policy for the dcerpcd processes
+.SH "DESCRIPTION"
@@ -19898,17 +19895,19 @@ index 0000000..e300fa2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dcerpcd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dcerpcd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ddclient_selinux.8 b/man/man8/ddclient_selinux.8
new file mode 100644
-index 0000000..1c9cf3f
+index 0000000..19c1f5a
--- /dev/null
+++ b/man/man8/ddclient_selinux.8
-@@ -0,0 +1,186 @@
-+.TH "ddclient_selinux" "8" "ddclient" "dwalsh at redhat.com" "ddclient SELinux Policy documentation"
+@@ -0,0 +1,176 @@
++.TH "ddclient_selinux" "8" "12-10-19" "ddclient" "SELinux Policy documentation for ddclient"
+.SH "NAME"
+ddclient_selinux \- Security Enhanced Linux Policy for the ddclient processes
+.SH "DESCRIPTION"
@@ -19926,7 +19925,7 @@ index 0000000..1c9cf3f
+
+The ddclient_t SELinux type can be entered via the "ddclient_exec_t" file type. The default entrypoint paths for the ddclient_t domain are the following:"
+
-+/usr/sbin/ddclient, /usr/sbin/ddtcd
++/usr/sbin/ddtcd, /usr/sbin/ddclient
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -19963,10 +19962,6 @@ index 0000000..1c9cf3f
+
+- Set files with the ddclient_etc_t type, if you want to store ddclient files in the /etc directories.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/ddclient\.conf, /etc/ddtcd\.conf
+
+.EX
+.PP
@@ -19975,10 +19970,6 @@ index 0000000..1c9cf3f
+
+- Set files with the ddclient_exec_t type, if you want to transition an executable to the ddclient_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/ddclient, /usr/sbin/ddtcd
+
+.EX
+.PP
@@ -20019,10 +20010,6 @@ index 0000000..1c9cf3f
+
+- Set files with the ddclient_var_run_t type, if you want to store the ddclient files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/ddtcd\.pid, /var/run/ddclient\.pid
+
+.EX
+.PP
@@ -20090,17 +20077,19 @@ index 0000000..1c9cf3f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ddclient(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ddclient(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/deltacloudd_selinux.8 b/man/man8/deltacloudd_selinux.8
new file mode 100644
-index 0000000..bcd6f38
+index 0000000..d11d0be
--- /dev/null
+++ b/man/man8/deltacloudd_selinux.8
-@@ -0,0 +1,140 @@
-+.TH "deltacloudd_selinux" "8" "deltacloudd" "dwalsh at redhat.com" "deltacloudd SELinux Policy documentation"
+@@ -0,0 +1,142 @@
++.TH "deltacloudd_selinux" "8" "12-10-19" "deltacloudd" "SELinux Policy documentation for deltacloudd"
+.SH "NAME"
+deltacloudd_selinux \- Security Enhanced Linux Policy for the deltacloudd processes
+.SH "DESCRIPTION"
@@ -20236,17 +20225,19 @@ index 0000000..bcd6f38
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), deltacloudd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), deltacloudd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/denyhosts_selinux.8 b/man/man8/denyhosts_selinux.8
new file mode 100644
-index 0000000..da569e2
+index 0000000..2fe0f10
--- /dev/null
+++ b/man/man8/denyhosts_selinux.8
-@@ -0,0 +1,172 @@
-+.TH "denyhosts_selinux" "8" "denyhosts" "dwalsh at redhat.com" "denyhosts SELinux Policy documentation"
+@@ -0,0 +1,174 @@
++.TH "denyhosts_selinux" "8" "12-10-19" "denyhosts" "SELinux Policy documentation for denyhosts"
+.SH "NAME"
+denyhosts_selinux \- Security Enhanced Linux Policy for the denyhosts processes
+.SH "DESCRIPTION"
@@ -20414,17 +20405,19 @@ index 0000000..da569e2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), denyhosts(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), denyhosts(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/depmod_selinux.8 b/man/man8/depmod_selinux.8
new file mode 100644
-index 0000000..b711c99
+index 0000000..fb84b0c
--- /dev/null
+++ b/man/man8/depmod_selinux.8
-@@ -0,0 +1,114 @@
-+.TH "depmod_selinux" "8" "depmod" "dwalsh at redhat.com" "depmod SELinux Policy documentation"
+@@ -0,0 +1,112 @@
++.TH "depmod_selinux" "8" "12-10-19" "depmod" "SELinux Policy documentation for depmod"
+.SH "NAME"
+depmod_selinux \- Security Enhanced Linux Policy for the depmod processes
+.SH "DESCRIPTION"
@@ -20479,10 +20472,6 @@ index 0000000..b711c99
+
+- Set files with the depmod_exec_t type, if you want to transition an executable to the depmod_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/depmod.*, /usr/sbin/depmod.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -20534,17 +20523,19 @@ index 0000000..b711c99
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), depmod(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), depmod(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/devicekit_disk_selinux.8 b/man/man8/devicekit_disk_selinux.8
new file mode 100644
-index 0000000..303afff
+index 0000000..26e7dba
--- /dev/null
+++ b/man/man8/devicekit_disk_selinux.8
-@@ -0,0 +1,165 @@
-+.TH "devicekit_disk_selinux" "8" "devicekit_disk" "dwalsh at redhat.com" "devicekit_disk SELinux Policy documentation"
+@@ -0,0 +1,163 @@
++.TH "devicekit_disk_selinux" "8" "12-10-19" "devicekit_disk" "SELinux Policy documentation for devicekit_disk"
+.SH "NAME"
+devicekit_disk_selinux \- Security Enhanced Linux Policy for the devicekit_disk processes
+.SH "DESCRIPTION"
@@ -20562,7 +20553,7 @@ index 0000000..303afff
+
+The devicekit_disk_t SELinux type can be entered via the "devicekit_disk_exec_t" file type. The default entrypoint paths for the devicekit_disk_t domain are the following:"
+
-+/usr/lib/udisks/udisks-daemon, /usr/lib/udev/udisks-part-id, /usr/libexec/devkit-disks-daemon, /lib/udisks2/udisksd, /usr/lib/udisks2/udisksd, /lib/udev/udisks-part-id, /usr/libexec/udisks-daemon
++/lib/udisks2/udisksd, /lib/udev/udisks-part-id, /usr/lib/udisks2/udisksd, /usr/libexec/udisks-daemon, /usr/lib/udev/udisks-part-id, /usr/lib/udisks/udisks-daemon, /usr/libexec/devkit-disks-daemon
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -20599,10 +20590,6 @@ index 0000000..303afff
+
+- Set files with the devicekit_disk_exec_t type, if you want to transition an executable to the devicekit_disk_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/udisks/udisks-daemon, /usr/lib/udev/udisks-part-id, /usr/libexec/devkit-disks-daemon, /lib/udisks2/udisksd, /usr/lib/udisks2/udisksd, /lib/udev/udisks-part-id, /usr/libexec/udisks-daemon
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -20704,19 +20691,21 @@ index 0000000..303afff
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), devicekit_disk(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), devicekit_disk(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, devicekit_selinux(8), devicekit_selinux(8), devicekit_power_selinux(8)
\ No newline at end of file
diff --git a/man/man8/devicekit_power_selinux.8 b/man/man8/devicekit_power_selinux.8
new file mode 100644
-index 0000000..f836d9f
+index 0000000..a60f52a
--- /dev/null
+++ b/man/man8/devicekit_power_selinux.8
-@@ -0,0 +1,195 @@
-+.TH "devicekit_power_selinux" "8" "devicekit_power" "dwalsh at redhat.com" "devicekit_power SELinux Policy documentation"
+@@ -0,0 +1,193 @@
++.TH "devicekit_power_selinux" "8" "12-10-19" "devicekit_power" "SELinux Policy documentation for devicekit_power"
+.SH "NAME"
+devicekit_power_selinux \- Security Enhanced Linux Policy for the devicekit_power processes
+.SH "DESCRIPTION"
@@ -20771,10 +20760,6 @@ index 0000000..f836d9f
+
+- Set files with the devicekit_power_exec_t type, if you want to transition an executable to the devicekit_power_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/upowerd, /usr/libexec/devkit-power-daemon
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -20906,19 +20891,21 @@ index 0000000..f836d9f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), devicekit_power(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), devicekit_power(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, devicekit_selinux(8), devicekit_selinux(8), devicekit_disk_selinux(8)
\ No newline at end of file
diff --git a/man/man8/devicekit_selinux.8 b/man/man8/devicekit_selinux.8
new file mode 100644
-index 0000000..872ca17
+index 0000000..b4c4180
--- /dev/null
+++ b/man/man8/devicekit_selinux.8
-@@ -0,0 +1,185 @@
-+.TH "devicekit_selinux" "8" "devicekit" "dwalsh at redhat.com" "devicekit SELinux Policy documentation"
+@@ -0,0 +1,167 @@
++.TH "devicekit_selinux" "8" "12-10-19" "devicekit" "SELinux Policy documentation for devicekit"
+.SH "NAME"
+devicekit_selinux \- Security Enhanced Linux Policy for the devicekit processes
+.SH "DESCRIPTION"
@@ -20973,10 +20960,6 @@ index 0000000..872ca17
+
+- Set files with the devicekit_disk_exec_t type, if you want to transition an executable to the devicekit_disk_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/udisks/udisks-daemon, /usr/lib/udev/udisks-part-id, /usr/libexec/devkit-disks-daemon, /lib/udisks2/udisksd, /usr/lib/udisks2/udisksd, /lib/udev/udisks-part-id, /usr/libexec/udisks-daemon
+
+.EX
+.PP
@@ -20993,10 +20976,6 @@ index 0000000..872ca17
+
+- Set files with the devicekit_power_exec_t type, if you want to transition an executable to the devicekit_power_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/upowerd, /usr/libexec/devkit-power-daemon
+
+.EX
+.PP
@@ -21013,10 +20992,6 @@ index 0000000..872ca17
+
+- Set files with the devicekit_var_lib_t type, if you want to store the devicekit files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/udisks.*, /var/lib/DeviceKit-.*, /var/lib/upower(/.*)?
+
+.EX
+.PP
@@ -21025,10 +21000,6 @@ index 0000000..872ca17
+
+- Set files with the devicekit_var_log_t type, if you want to treat the data as devicekit var log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/pm-suspend\.log.*, /var/log/pm-powersave\.log.*
+
+.EX
+.PP
@@ -21037,10 +21008,6 @@ index 0000000..872ca17
+
+- Set files with the devicekit_var_run_t type, if you want to store the devicekit files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/upower(/.*)?, /var/run/udisks.*, /var/run/devkit(/.*)?, /var/run/DeviceKit-disks(/.*)?, /var/run/pm-utils(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -21098,19 +21065,21 @@ index 0000000..872ca17
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), devicekit(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), devicekit(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, devicekit_disk_selinux(8), devicekit_power_selinux(8)
\ No newline at end of file
diff --git a/man/man8/dhcpc_selinux.8 b/man/man8/dhcpc_selinux.8
new file mode 100644
-index 0000000..eb94d27
+index 0000000..40f66b2
--- /dev/null
+++ b/man/man8/dhcpc_selinux.8
-@@ -0,0 +1,259 @@
-+.TH "dhcpc_selinux" "8" "dhcpc" "dwalsh at redhat.com" "dhcpc SELinux Policy documentation"
+@@ -0,0 +1,256 @@
++.TH "dhcpc_selinux" "8" "12-10-19" "dhcpc" "SELinux Policy documentation for dhcpc"
+.SH "NAME"
+dhcpc_selinux \- Security Enhanced Linux Policy for the dhcpc processes
+.SH "DESCRIPTION"
@@ -21128,7 +21097,7 @@ index 0000000..eb94d27
+
+The dhcpc_t SELinux type can be entered via the "dhcpc_exec_t" file type. The default entrypoint paths for the dhcpc_t domain are the following:"
+
-+/usr/sbin/dhcpcd, /sbin/dhcpcd, /usr/sbin/pump, /sbin/dhclient.*, /usr/sbin/dhclient.*, /sbin/pump, /usr/sbin/dhcdbd, /sbin/dhcdbd
++/sbin/dhclient.*, /usr/sbin/dhclient.*, /sbin/pump, /sbin/dhcdbd, /sbin/dhcpcd, /usr/sbin/pump, /usr/sbin/dhcdbd, /usr/sbin/dhcpcd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -21158,6 +21127,13 @@ index 0000000..eb94d27
+.B setsebool -P dhcpc_exec_iptables 1
+.EE
+
++.PP
++If you want to allow dhcpc client applications to execute iptables commands, you must turn on the dhcpc_exec_iptables boolean.
++
++.EX
++.B setsebool -P dhcpc_exec_iptables 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -21176,10 +21152,6 @@ index 0000000..eb94d27
+
+- Set files with the dhcpc_exec_t type, if you want to transition an executable to the dhcpc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/dhcpcd, /sbin/dhcpcd, /usr/sbin/pump, /sbin/dhclient.*, /usr/sbin/dhclient.*, /sbin/pump, /usr/sbin/dhcdbd, /sbin/dhcdbd
+
+.EX
+.PP
@@ -21196,10 +21168,6 @@ index 0000000..eb94d27
+
+- Set files with the dhcpc_state_t type, if you want to treat the files as dhcpc state data.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/dhclient(/.*)?, /var/lib/dhcp3?/dhclient.*, /var/lib/wifiroamd(/.*)?, /var/lib/dhcpcd(/.*)?
+
+.EX
+.PP
@@ -21216,10 +21184,6 @@ index 0000000..eb94d27
+
+- Set files with the dhcpc_var_run_t type, if you want to store the dhcpc files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/dhclient.*, /var/run/dhcpcd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -21364,19 +21328,21 @@ index 0000000..eb94d27
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dhcpc(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dhcpc(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/dhcpd_selinux.8 b/man/man8/dhcpd_selinux.8
new file mode 100644
-index 0000000..0dd932c
+index 0000000..b3f99c5
--- /dev/null
+++ b/man/man8/dhcpd_selinux.8
-@@ -0,0 +1,227 @@
-+.TH "dhcpd_selinux" "8" "dhcpd" "dwalsh at redhat.com" "dhcpd SELinux Policy documentation"
+@@ -0,0 +1,239 @@
++.TH "dhcpd_selinux" "8" "12-10-19" "dhcpd" "SELinux Policy documentation for dhcpd"
+.SH "NAME"
+dhcpd_selinux \- Security Enhanced Linux Policy for the dhcpd processes
+.SH "DESCRIPTION"
@@ -21418,6 +21384,13 @@ index 0000000..0dd932c
+
+
+.PP
++If you want to allow DHCP daemon to use LDAP backends, you must turn on the dhcpd_use_ldap boolean.
++
++.EX
++.B setsebool -P dhcpd_use_ldap 1
++.EE
++
++.PP
+If you want to allow dhcpc client applications to execute iptables commands, you must turn on the dhcpc_exec_iptables boolean.
+
+.EX
@@ -21431,6 +21404,13 @@ index 0000000..0dd932c
+.B setsebool -P dhcpd_use_ldap 1
+.EE
+
++.PP
++If you want to allow dhcpc client applications to execute iptables commands, you must turn on the dhcpc_exec_iptables boolean.
++
++.EX
++.B setsebool -P dhcpc_exec_iptables 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -21465,10 +21445,6 @@ index 0000000..0dd932c
+
+- Set files with the dhcpd_state_t type, if you want to treat the files as dhcpd state data.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/dhcp(3)?/dhcpd\.leases.*, /var/lib/dhcpd(/.*)?
+
+.EX
+.PP
@@ -21598,19 +21574,21 @@ index 0000000..0dd932c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dhcpd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dhcpd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), dhcpc_selinux(8)
\ No newline at end of file
diff --git a/man/man8/dictd_selinux.8 b/man/man8/dictd_selinux.8
new file mode 100644
-index 0000000..6f506fc
+index 0000000..5adc311
--- /dev/null
+++ b/man/man8/dictd_selinux.8
-@@ -0,0 +1,166 @@
-+.TH "dictd_selinux" "8" "dictd" "dwalsh at redhat.com" "dictd SELinux Policy documentation"
+@@ -0,0 +1,168 @@
++.TH "dictd_selinux" "8" "12-10-19" "dictd" "SELinux Policy documentation for dictd"
+.SH "NAME"
+dictd_selinux \- Security Enhanced Linux Policy for the dictd processes
+.SH "DESCRIPTION"
@@ -21772,17 +21750,19 @@ index 0000000..6f506fc
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dictd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dictd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/dirsrv_selinux.8 b/man/man8/dirsrv_selinux.8
new file mode 100644
-index 0000000..ff87d92
+index 0000000..edc0973
--- /dev/null
+++ b/man/man8/dirsrv_selinux.8
-@@ -0,0 +1,341 @@
-+.TH "dirsrv_selinux" "8" "dirsrv" "dwalsh at redhat.com" "dirsrv SELinux Policy documentation"
+@@ -0,0 +1,333 @@
++.TH "dirsrv_selinux" "8" "12-10-19" "dirsrv" "SELinux Policy documentation for dirsrv"
+.SH "NAME"
+dirsrv_selinux \- Security Enhanced Linux Policy for the dirsrv processes
+.SH "DESCRIPTION"
@@ -21933,10 +21913,6 @@ index 0000000..ff87d92
+
+- Set files with the dirsrvadmin_config_t type, if you want to treat the files as dirsrvadmin configuration data, usually stored under the /etc directory.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/dirsrv/admin-serv(/.*)?, /etc/dirsrv/dsgw(/.*)?
+
+.EX
+.PP
@@ -21945,10 +21921,6 @@ index 0000000..ff87d92
+
+- Set files with the dirsrvadmin_exec_t type, if you want to transition an executable to the dirsrvadmin_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/start-ds-admin, /usr/sbin/stop-ds-admin, /usr/sbin/restart-ds-admin
+
+.EX
+.PP
@@ -21973,10 +21945,6 @@ index 0000000..ff87d92
+
+- Set files with the dirsrvadmin_unconfined_script_exec_t type, if you want to transition an executable to the dirsrvadmin_unconfined_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/dirsrv/cgi-bin/ds_remove, /usr/lib/dirsrv/cgi-bin/ds_create
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -22046,6 +22014,8 @@ index 0000000..ff87d92
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -22118,19 +22088,21 @@ index 0000000..ff87d92
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dirsrv(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dirsrv(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, dirsrv_snmp_selinux(8), dirsrvadmin_selinux(8), dirsrvadmin_unconfined_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/dirsrv_snmp_selinux.8 b/man/man8/dirsrv_snmp_selinux.8
new file mode 100644
-index 0000000..d5a7482
+index 0000000..31827a0
--- /dev/null
+++ b/man/man8/dirsrv_snmp_selinux.8
-@@ -0,0 +1,135 @@
-+.TH "dirsrv_snmp_selinux" "8" "dirsrv_snmp" "dwalsh at redhat.com" "dirsrv_snmp SELinux Policy documentation"
+@@ -0,0 +1,137 @@
++.TH "dirsrv_snmp_selinux" "8" "12-10-19" "dirsrv_snmp" "SELinux Policy documentation for dirsrv_snmp"
+.SH "NAME"
+dirsrv_snmp_selinux \- Security Enhanced Linux Policy for the dirsrv_snmp processes
+.SH "DESCRIPTION"
@@ -22260,19 +22232,21 @@ index 0000000..d5a7482
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dirsrv_snmp(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dirsrv_snmp(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, dirsrv_selinux(8), dirsrv_selinux(8), dirsrvadmin_selinux(8), dirsrvadmin_unconfined_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/dirsrvadmin_selinux.8 b/man/man8/dirsrvadmin_selinux.8
new file mode 100644
-index 0000000..c5e75de
+index 0000000..a543979
--- /dev/null
+++ b/man/man8/dirsrvadmin_selinux.8
-@@ -0,0 +1,137 @@
-+.TH "dirsrvadmin_selinux" "8" "dirsrvadmin" "dwalsh at redhat.com" "dirsrvadmin SELinux Policy documentation"
+@@ -0,0 +1,127 @@
++.TH "dirsrvadmin_selinux" "8" "12-10-19" "dirsrvadmin" "SELinux Policy documentation for dirsrvadmin"
+.SH "NAME"
+dirsrvadmin_selinux \- Security Enhanced Linux Policy for the dirsrvadmin processes
+.SH "DESCRIPTION"
@@ -22290,7 +22264,7 @@ index 0000000..c5e75de
+
+The dirsrvadmin_t SELinux type can be entered via the "shell_exec_t,dirsrvadmin_exec_t" file types. The default entrypoint paths for the dirsrvadmin_t domain are the following:"
+
-+/usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /usr/sbin/start-ds-admin, /usr/sbin/stop-ds-admin, /usr/sbin/restart-ds-admin
++/bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /usr/sbin/stop-ds-admin, /usr/sbin/start-ds-admin, /usr/sbin/restart-ds-admin
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -22327,10 +22301,6 @@ index 0000000..c5e75de
+
+- Set files with the dirsrvadmin_config_t type, if you want to treat the files as dirsrvadmin configuration data, usually stored under the /etc directory.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/dirsrv/admin-serv(/.*)?, /etc/dirsrv/dsgw(/.*)?
+
+.EX
+.PP
@@ -22339,10 +22309,6 @@ index 0000000..c5e75de
+
+- Set files with the dirsrvadmin_exec_t type, if you want to transition an executable to the dirsrvadmin_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/start-ds-admin, /usr/sbin/stop-ds-admin, /usr/sbin/restart-ds-admin
+
+.EX
+.PP
@@ -22367,10 +22333,6 @@ index 0000000..c5e75de
+
+- Set files with the dirsrvadmin_unconfined_script_exec_t type, if you want to transition an executable to the dirsrvadmin_unconfined_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/dirsrv/cgi-bin/ds_remove, /usr/lib/dirsrv/cgi-bin/ds_create
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -22404,19 +22366,21 @@ index 0000000..c5e75de
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dirsrvadmin(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dirsrvadmin(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, dirsrv_selinux(8), dirsrvadmin_unconfined_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/dirsrvadmin_unconfined_script_selinux.8 b/man/man8/dirsrvadmin_unconfined_script_selinux.8
new file mode 100644
-index 0000000..86e465e
+index 0000000..0196a82
--- /dev/null
+++ b/man/man8/dirsrvadmin_unconfined_script_selinux.8
-@@ -0,0 +1,129 @@
-+.TH "dirsrvadmin_unconfined_script_selinux" "8" "dirsrvadmin_unconfined_script" "dwalsh at redhat.com" "dirsrvadmin_unconfined_script SELinux Policy documentation"
+@@ -0,0 +1,127 @@
++.TH "dirsrvadmin_unconfined_script_selinux" "8" "12-10-19" "dirsrvadmin_unconfined_script" "SELinux Policy documentation for dirsrvadmin_unconfined_script"
+.SH "NAME"
+dirsrvadmin_unconfined_script_selinux \- Security Enhanced Linux Policy for the dirsrvadmin_unconfined_script processes
+.SH "DESCRIPTION"
@@ -22432,9 +22396,9 @@ index 0000000..86e465e
+
+.SH "ENTRYPOINTS"
+
-+The dirsrvadmin_unconfined_script_t SELinux type can be entered via the "shell_exec_t,dirsrvadmin_unconfined_script_exec_t" file types. The default entrypoint paths for the dirsrvadmin_unconfined_script_t domain are the following:"
++The dirsrvadmin_unconfined_script_t SELinux type can be entered via the "dirsrvadmin_unconfined_script_exec_t,shell_exec_t" file types. The default entrypoint paths for the dirsrvadmin_unconfined_script_t domain are the following:"
+
-+/usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /usr/lib/dirsrv/cgi-bin/ds_remove, /usr/lib/dirsrv/cgi-bin/ds_create
++/usr/lib/dirsrv/cgi-bin/ds_create, /usr/lib/dirsrv/cgi-bin/ds_remove, /bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -22471,10 +22435,6 @@ index 0000000..86e465e
+
+- Set files with the dirsrvadmin_unconfined_script_exec_t type, if you want to transition an executable to the dirsrvadmin_unconfined_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/dirsrv/cgi-bin/ds_remove, /usr/lib/dirsrv/cgi-bin/ds_create
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -22540,19 +22500,21 @@ index 0000000..86e465e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dirsrvadmin_unconfined_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dirsrvadmin_unconfined_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, dirsrv_selinux(8), dirsrvadmin_selinux(8), dirsrvadmin_selinux(8)
\ No newline at end of file
diff --git a/man/man8/disk_munin_plugin_selinux.8 b/man/man8/disk_munin_plugin_selinux.8
new file mode 100644
-index 0000000..906629c
+index 0000000..0d7ad51
--- /dev/null
+++ b/man/man8/disk_munin_plugin_selinux.8
-@@ -0,0 +1,116 @@
-+.TH "disk_munin_plugin_selinux" "8" "disk_munin_plugin" "dwalsh at redhat.com" "disk_munin_plugin SELinux Policy documentation"
+@@ -0,0 +1,114 @@
++.TH "disk_munin_plugin_selinux" "8" "12-10-19" "disk_munin_plugin" "SELinux Policy documentation for disk_munin_plugin"
+.SH "NAME"
+disk_munin_plugin_selinux \- Security Enhanced Linux Policy for the disk_munin_plugin processes
+.SH "DESCRIPTION"
@@ -22570,7 +22532,7 @@ index 0000000..906629c
+
+The disk_munin_plugin_t SELinux type can be entered via the "disk_munin_plugin_exec_t" file type. The default entrypoint paths for the disk_munin_plugin_t domain are the following:"
+
-+/usr/share/munin/plugins/diskstat.*, /usr/share/munin/plugins/hddtemp.*, /usr/share/munin/plugins/smart_.*, /usr/share/munin/plugins/df.*
++/usr/share/munin/plugins/df.*, /usr/share/munin/plugins/smart_.*, /usr/share/munin/plugins/hddtemp.*, /usr/share/munin/plugins/diskstat.*
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -22607,10 +22569,6 @@ index 0000000..906629c
+
+- Set files with the disk_munin_plugin_exec_t type, if you want to transition an executable to the disk_munin_plugin_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/munin/plugins/diskstat.*, /usr/share/munin/plugins/hddtemp.*, /usr/share/munin/plugins/smart_.*, /usr/share/munin/plugins/df.*
+
+.EX
+.PP
@@ -22664,17 +22622,19 @@ index 0000000..906629c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), disk_munin_plugin(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), disk_munin_plugin(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/dkim_milter_selinux.8 b/man/man8/dkim_milter_selinux.8
new file mode 100644
-index 0000000..2c9adcc
+index 0000000..d337d76
--- /dev/null
+++ b/man/man8/dkim_milter_selinux.8
-@@ -0,0 +1,130 @@
-+.TH "dkim_milter_selinux" "8" "dkim_milter" "dwalsh at redhat.com" "dkim_milter SELinux Policy documentation"
+@@ -0,0 +1,128 @@
++.TH "dkim_milter_selinux" "8" "12-10-19" "dkim_milter" "SELinux Policy documentation for dkim_milter"
+.SH "NAME"
+dkim_milter_selinux \- Security Enhanced Linux Policy for the dkim_milter processes
+.SH "DESCRIPTION"
@@ -22729,10 +22689,6 @@ index 0000000..2c9adcc
+
+- Set files with the dkim_milter_data_t type, if you want to treat the files as dkim milter content.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/dkim-milter(/.*)?, /var/run/dkim-milter(/.*)?
+
+.EX
+.PP
@@ -22800,17 +22756,19 @@ index 0000000..2c9adcc
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dkim_milter(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dkim_milter(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/dlm_controld_selinux.8 b/man/man8/dlm_controld_selinux.8
new file mode 100644
-index 0000000..850ab58
+index 0000000..1767191
--- /dev/null
+++ b/man/man8/dlm_controld_selinux.8
-@@ -0,0 +1,166 @@
-+.TH "dlm_controld_selinux" "8" "dlm_controld" "dwalsh at redhat.com" "dlm_controld SELinux Policy documentation"
+@@ -0,0 +1,168 @@
++.TH "dlm_controld_selinux" "8" "12-10-19" "dlm_controld" "SELinux Policy documentation for dlm_controld"
+.SH "NAME"
+dlm_controld_selinux \- Security Enhanced Linux Policy for the dlm_controld processes
+.SH "DESCRIPTION"
@@ -22972,17 +22930,19 @@ index 0000000..850ab58
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dlm_controld(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dlm_controld(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/dmesg_selinux.8 b/man/man8/dmesg_selinux.8
new file mode 100644
-index 0000000..e0d8833
+index 0000000..b948f37
--- /dev/null
+++ b/man/man8/dmesg_selinux.8
-@@ -0,0 +1,154 @@
-+.TH "dmesg_selinux" "8" "dmesg" "dwalsh at redhat.com" "dmesg SELinux Policy documentation"
+@@ -0,0 +1,136 @@
++.TH "dmesg_selinux" "8" "12-10-19" "dmesg" "SELinux Policy documentation for dmesg"
+.SH "NAME"
+dmesg_selinux \- Security Enhanced Linux Policy for the dmesg processes
+.SH "DESCRIPTION"
@@ -23000,7 +22960,7 @@ index 0000000..e0d8833
+
+The dmesg_t SELinux type can be entered via the "dmesg_exec_t" file type. The default entrypoint paths for the dmesg_t domain are the following:"
+
-+/usr/bin/dmesg, /bin/dmesg
++/bin/dmesg, /usr/bin/dmesg
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -23037,10 +22997,6 @@ index 0000000..e0d8833
+
+- Set files with the dmesg_exec_t type, if you want to transition an executable to the dmesg_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/dmesg, /bin/dmesg
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -23054,18 +23010,6 @@ index 0000000..e0d8833
+The SELinux process type dmesg_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.B abrt_var_run_t
-+
-+ /var/run/abrt(/.*)?
-+.br
-+ /var/run/abrtd?\.lock
-+.br
-+ /var/run/abrtd?\.socket
-+.br
-+ /var/run/abrt\.pid
-+.br
-+
-+.br
+.B var_log_t
+
+ /var/log/.*
@@ -23108,12 +23052,8 @@ index 0000000..e0d8833
+.br
+ /var/log/syslog
+.br
-+ /var/log/boot\.log
-+.br
+ /var/named/chroot/var/log
+.br
-+ /var/spool/plymouth/boot\.log
-+.br
+
+.SH NSSWITCH DOMAIN
+
@@ -23132,17 +23072,19 @@ index 0000000..e0d8833
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dmesg(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dmesg(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/dmidecode_selinux.8 b/man/man8/dmidecode_selinux.8
new file mode 100644
-index 0000000..5909421
+index 0000000..d904928
--- /dev/null
+++ b/man/man8/dmidecode_selinux.8
-@@ -0,0 +1,92 @@
-+.TH "dmidecode_selinux" "8" "dmidecode" "dwalsh at redhat.com" "dmidecode SELinux Policy documentation"
+@@ -0,0 +1,86 @@
++.TH "dmidecode_selinux" "8" "12-10-19" "dmidecode" "SELinux Policy documentation for dmidecode"
+.SH "NAME"
+dmidecode_selinux \- Security Enhanced Linux Policy for the dmidecode processes
+.SH "DESCRIPTION"
@@ -23160,7 +23102,7 @@ index 0000000..5909421
+
+The dmidecode_t SELinux type can be entered via the "dmidecode_exec_t" file type. The default entrypoint paths for the dmidecode_t domain are the following:"
+
-+/usr/sbin/dmidecode, /usr/sbin/vpddecode, /usr/sbin/ownership
++/usr/sbin/dmidecode, /usr/sbin/ownership, /usr/sbin/vpddecode
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -23197,10 +23139,6 @@ index 0000000..5909421
+
+- Set files with the dmidecode_exec_t type, if you want to transition an executable to the dmidecode_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/dmidecode, /usr/sbin/vpddecode, /usr/sbin/ownership
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -23209,10 +23147,6 @@ index 0000000..5909421
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type dmidecode_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -23230,17 +23164,19 @@ index 0000000..5909421
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dmidecode(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dmidecode(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/dnsmasq_selinux.8 b/man/man8/dnsmasq_selinux.8
new file mode 100644
-index 0000000..f2ad0c0
+index 0000000..6e2278f
--- /dev/null
+++ b/man/man8/dnsmasq_selinux.8
-@@ -0,0 +1,206 @@
-+.TH "dnsmasq_selinux" "8" "dnsmasq" "dwalsh at redhat.com" "dnsmasq SELinux Policy documentation"
+@@ -0,0 +1,200 @@
++.TH "dnsmasq_selinux" "8" "12-10-19" "dnsmasq" "SELinux Policy documentation for dnsmasq"
+.SH "NAME"
+dnsmasq_selinux \- Security Enhanced Linux Policy for the dnsmasq processes
+.SH "DESCRIPTION"
@@ -23319,10 +23255,6 @@ index 0000000..f2ad0c0
+
+- Set files with the dnsmasq_lease_t type, if you want to treat the files as dnsmasq lease data.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/dnsmasq(/.*)?, /var/lib/misc/dnsmasq\.leases
+
+.EX
+.PP
@@ -23347,10 +23279,6 @@ index 0000000..f2ad0c0
+
+- Set files with the dnsmasq_var_run_t type, if you want to store the dnsmasq files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/dnsmasq\.pid, /var/run/libvirt/network(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -23442,17 +23370,19 @@ index 0000000..f2ad0c0
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dnsmasq(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dnsmasq(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/dnssec_trigger_selinux.8 b/man/man8/dnssec_trigger_selinux.8
new file mode 100644
-index 0000000..9f056bb
+index 0000000..c2efe8f
--- /dev/null
+++ b/man/man8/dnssec_trigger_selinux.8
-@@ -0,0 +1,128 @@
-+.TH "dnssec_trigger_selinux" "8" "dnssec_trigger" "dwalsh at redhat.com" "dnssec_trigger SELinux Policy documentation"
+@@ -0,0 +1,130 @@
++.TH "dnssec_trigger_selinux" "8" "12-10-19" "dnssec_trigger" "SELinux Policy documentation for dnssec_trigger"
+.SH "NAME"
+dnssec_trigger_selinux \- Security Enhanced Linux Policy for the dnssec_trigger processes
+.SH "DESCRIPTION"
@@ -23576,17 +23506,19 @@ index 0000000..9f056bb
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dnssec_trigger(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dnssec_trigger(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/dovecot_auth_selinux.8 b/man/man8/dovecot_auth_selinux.8
new file mode 100644
-index 0000000..95cf9f0
+index 0000000..322f0bb
--- /dev/null
+++ b/man/man8/dovecot_auth_selinux.8
-@@ -0,0 +1,157 @@
-+.TH "dovecot_auth_selinux" "8" "dovecot_auth" "dwalsh at redhat.com" "dovecot_auth SELinux Policy documentation"
+@@ -0,0 +1,155 @@
++.TH "dovecot_auth_selinux" "8" "12-10-19" "dovecot_auth" "SELinux Policy documentation for dovecot_auth"
+.SH "NAME"
+dovecot_auth_selinux \- Security Enhanced Linux Policy for the dovecot_auth processes
+.SH "DESCRIPTION"
@@ -23641,10 +23573,6 @@ index 0000000..95cf9f0
+
+- Set files with the dovecot_auth_exec_t type, if you want to transition an executable to the dovecot_auth_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/dovecot/auth, /usr/libexec/dovecot/dovecot-auth
+
+.EX
+.PP
@@ -23738,19 +23666,21 @@ index 0000000..95cf9f0
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dovecot_auth(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dovecot_auth(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, dovecot_selinux(8), dovecot_selinux(8), dovecot_deliver_selinux(8)
\ No newline at end of file
diff --git a/man/man8/dovecot_deliver_selinux.8 b/man/man8/dovecot_deliver_selinux.8
new file mode 100644
-index 0000000..22c1453
+index 0000000..d2ed590
--- /dev/null
+++ b/man/man8/dovecot_deliver_selinux.8
-@@ -0,0 +1,163 @@
-+.TH "dovecot_deliver_selinux" "8" "dovecot_deliver" "dwalsh at redhat.com" "dovecot_deliver SELinux Policy documentation"
+@@ -0,0 +1,157 @@
++.TH "dovecot_deliver_selinux" "8" "12-10-19" "dovecot_deliver" "SELinux Policy documentation for dovecot_deliver"
+.SH "NAME"
+dovecot_deliver_selinux \- Security Enhanced Linux Policy for the dovecot_deliver processes
+.SH "DESCRIPTION"
@@ -23768,7 +23698,7 @@ index 0000000..22c1453
+
+The dovecot_deliver_t SELinux type can be entered via the "dovecot_deliver_exec_t" file type. The default entrypoint paths for the dovecot_deliver_t domain are the following:"
+
-+/usr/libexec/dovecot/dovecot-lda, /usr/libexec/dovecot/deliver
++/usr/libexec/dovecot/deliver, /usr/libexec/dovecot/dovecot-lda
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -23805,10 +23735,6 @@ index 0000000..22c1453
+
+- Set files with the dovecot_deliver_exec_t type, if you want to transition an executable to the dovecot_deliver_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/dovecot/dovecot-lda, /usr/libexec/dovecot/deliver
+
+.EX
+.PP
@@ -23846,6 +23772,12 @@ index 0000000..22c1453
+
+
+.br
++.B dovecot_spool_t
++
++ /var/spool/dovecot(/.*)?
++.br
++
++.br
+.B mail_home_rw_t
+
+ /root/Maildir(/.*)?
@@ -23858,16 +23790,6 @@ index 0000000..22c1453
+.br
+
+.br
-+.B mail_spool_t
-+
-+ /var/mail(/.*)?
-+.br
-+ /var/spool/imap(/.*)?
-+.br
-+ /var/spool/mail(/.*)?
-+.br
-+
-+.br
+.B user_home_t
+
+ /home/[^/]*/.+
@@ -23908,19 +23830,21 @@ index 0000000..22c1453
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dovecot_deliver(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dovecot_deliver(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, dovecot_selinux(8), dovecot_selinux(8), dovecot_auth_selinux(8)
\ No newline at end of file
diff --git a/man/man8/dovecot_selinux.8 b/man/man8/dovecot_selinux.8
new file mode 100644
-index 0000000..c4cc83d
+index 0000000..6930e39
--- /dev/null
+++ b/man/man8/dovecot_selinux.8
-@@ -0,0 +1,337 @@
-+.TH "dovecot_selinux" "8" "dovecot" "dwalsh at redhat.com" "dovecot SELinux Policy documentation"
+@@ -0,0 +1,317 @@
++.TH "dovecot_selinux" "8" "12-10-19" "dovecot" "SELinux Policy documentation for dovecot"
+.SH "NAME"
+dovecot_selinux \- Security Enhanced Linux Policy for the dovecot processes
+.SH "DESCRIPTION"
@@ -23975,10 +23899,6 @@ index 0000000..c4cc83d
+
+- Set files with the dovecot_auth_exec_t type, if you want to transition an executable to the dovecot_auth_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/dovecot/auth, /usr/libexec/dovecot/dovecot-auth
+
+.EX
+.PP
@@ -23995,10 +23915,6 @@ index 0000000..c4cc83d
+
+- Set files with the dovecot_cert_t type, if you want to treat the files as dovecot certificate data.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/ssl/certs/dovecot\.pem, /usr/share/ssl/private/dovecot\.pem, /etc/pki/dovecot(/.*)?
+
+.EX
+.PP
@@ -24007,10 +23923,6 @@ index 0000000..c4cc83d
+
+- Set files with the dovecot_deliver_exec_t type, if you want to transition an executable to the dovecot_deliver_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/dovecot/dovecot-lda, /usr/libexec/dovecot/deliver
+
+.EX
+.PP
@@ -24027,10 +23939,6 @@ index 0000000..c4cc83d
+
+- Set files with the dovecot_etc_t type, if you want to store dovecot files in the /etc directories.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/dovecot\.conf.*, /etc/dovecot(/.*)?
+
+.EX
+.PP
@@ -24087,10 +23995,6 @@ index 0000000..c4cc83d
+
+- Set files with the dovecot_var_lib_t type, if you want to store the dovecot files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/dovecot/login/ssl-parameters.dat, /var/lib/dovecot(/.*)?
+
+.EX
+.PP
@@ -24099,10 +24003,6 @@ index 0000000..c4cc83d
+
+- Set files with the dovecot_var_log_t type, if you want to treat the data as dovecot var log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/dovecot\.log.*, /var/log/dovecot(/.*)?
+
+.EX
+.PP
@@ -24174,6 +24074,8 @@ index 0000000..c4cc83d
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -24252,19 +24154,21 @@ index 0000000..c4cc83d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dovecot(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dovecot(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, dovecot_auth_selinux(8), dovecot_deliver_selinux(8)
\ No newline at end of file
diff --git a/man/man8/drbd_selinux.8 b/man/man8/drbd_selinux.8
new file mode 100644
-index 0000000..9bb875f
+index 0000000..f29bb13
--- /dev/null
+++ b/man/man8/drbd_selinux.8
-@@ -0,0 +1,118 @@
-+.TH "drbd_selinux" "8" "drbd" "dwalsh at redhat.com" "drbd SELinux Policy documentation"
+@@ -0,0 +1,116 @@
++.TH "drbd_selinux" "8" "12-10-19" "drbd" "SELinux Policy documentation for drbd"
+.SH "NAME"
+drbd_selinux \- Security Enhanced Linux Policy for the drbd processes
+.SH "DESCRIPTION"
@@ -24282,7 +24186,7 @@ index 0000000..9bb875f
+
+The drbd_t SELinux type can be entered via the "drbd_exec_t" file type. The default entrypoint paths for the drbd_t domain are the following:"
+
-+/usr/sbin/drbdadm, /sbin/drbdsetup, /sbin/drbdadm, /usr/lib/ocf/resource.\d/linbit/drbd, /usr/sbin/drbdsetup
++/usr/lib/ocf/resource.\d/linbit/drbd, /sbin/drbdadm, /sbin/drbdsetup, /usr/sbin/drbdadm, /usr/sbin/drbdsetup
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -24319,10 +24223,6 @@ index 0000000..9bb875f
+
+- Set files with the drbd_exec_t type, if you want to transition an executable to the drbd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/drbdadm, /sbin/drbdsetup, /sbin/drbdadm, /usr/lib/ocf/resource.\d/linbit/drbd, /usr/sbin/drbdsetup
+
+.EX
+.PP
@@ -24378,17 +24278,19 @@ index 0000000..9bb875f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), drbd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), drbd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/dspam_selinux.8 b/man/man8/dspam_selinux.8
new file mode 100644
-index 0000000..72d2e6c
+index 0000000..d91c9bc
--- /dev/null
+++ b/man/man8/dspam_selinux.8
-@@ -0,0 +1,164 @@
-+.TH "dspam_selinux" "8" "dspam" "dwalsh at redhat.com" "dspam SELinux Policy documentation"
+@@ -0,0 +1,166 @@
++.TH "dspam_selinux" "8" "12-10-19" "dspam" "SELinux Policy documentation for dspam"
+.SH "NAME"
+dspam_selinux \- Security Enhanced Linux Policy for the dspam processes
+.SH "DESCRIPTION"
@@ -24548,17 +24450,19 @@ index 0000000..72d2e6c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), dspam(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), dspam(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/entropyd_selinux.8 b/man/man8/entropyd_selinux.8
new file mode 100644
-index 0000000..2eadb33
+index 0000000..2e11c6b
--- /dev/null
+++ b/man/man8/entropyd_selinux.8
-@@ -0,0 +1,141 @@
-+.TH "entropyd_selinux" "8" "entropyd" "dwalsh at redhat.com" "entropyd SELinux Policy documentation"
+@@ -0,0 +1,142 @@
++.TH "entropyd_selinux" "8" "12-10-19" "entropyd" "SELinux Policy documentation for entropyd"
+.SH "NAME"
+entropyd_selinux \- Security Enhanced Linux Policy for the entropyd processes
+.SH "DESCRIPTION"
@@ -24576,7 +24480,7 @@ index 0000000..2eadb33
+
+The entropyd_t SELinux type can be entered via the "entropyd_exec_t" file type. The default entrypoint paths for the entropyd_t domain are the following:"
+
-+/usr/sbin/audio-entropyd, /usr/sbin/haveged
++/usr/sbin/haveged, /usr/sbin/audio-entropyd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -24606,6 +24510,13 @@ index 0000000..2eadb33
+.B setsebool -P entropyd_use_audio 1
+.EE
+
++.PP
++If you want to allow the use of the audio devices as the source for the entropy feeds, you must turn on the entropyd_use_audio boolean.
++
++.EX
++.B setsebool -P entropyd_use_audio 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -24624,10 +24535,6 @@ index 0000000..2eadb33
+
+- Set files with the entropyd_exec_t type, if you want to transition an executable to the entropyd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/audio-entropyd, /usr/sbin/haveged
+
+.EX
+.PP
@@ -24636,10 +24543,6 @@ index 0000000..2eadb33
+
+- Set files with the entropyd_var_run_t type, if you want to store the entropyd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/audio-entropyd\.pid, /var/run/haveged\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -24694,19 +24597,21 @@ index 0000000..2eadb33
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), entropyd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), entropyd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/eventlogd_selinux.8 b/man/man8/eventlogd_selinux.8
new file mode 100644
-index 0000000..b260cc4
+index 0000000..5ea2ce9
--- /dev/null
+++ b/man/man8/eventlogd_selinux.8
-@@ -0,0 +1,124 @@
-+.TH "eventlogd_selinux" "8" "eventlogd" "dwalsh at redhat.com" "eventlogd SELinux Policy documentation"
+@@ -0,0 +1,126 @@
++.TH "eventlogd_selinux" "8" "12-10-19" "eventlogd" "SELinux Policy documentation for eventlogd"
+.SH "NAME"
+eventlogd_selinux \- Security Enhanced Linux Policy for the eventlogd processes
+.SH "DESCRIPTION"
@@ -24826,17 +24731,19 @@ index 0000000..b260cc4
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), eventlogd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), eventlogd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/evtchnd_selinux.8 b/man/man8/evtchnd_selinux.8
new file mode 100644
-index 0000000..606fe52
+index 0000000..9ce96c0
--- /dev/null
+++ b/man/man8/evtchnd_selinux.8
-@@ -0,0 +1,122 @@
-+.TH "evtchnd_selinux" "8" "evtchnd" "dwalsh at redhat.com" "evtchnd SELinux Policy documentation"
+@@ -0,0 +1,120 @@
++.TH "evtchnd_selinux" "8" "12-10-19" "evtchnd" "SELinux Policy documentation for evtchnd"
+.SH "NAME"
+evtchnd_selinux \- Security Enhanced Linux Policy for the evtchnd processes
+.SH "DESCRIPTION"
@@ -24907,10 +24814,6 @@ index 0000000..606fe52
+
+- Set files with the evtchnd_var_run_t type, if you want to store the evtchnd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/evtchnd, /var/run/evtchnd\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -24954,17 +24857,19 @@ index 0000000..606fe52
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), evtchnd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), evtchnd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/exim_selinux.8 b/man/man8/exim_selinux.8
new file mode 100644
-index 0000000..3184007
+index 0000000..709e3d4
--- /dev/null
+++ b/man/man8/exim_selinux.8
-@@ -0,0 +1,251 @@
-+.TH "exim_selinux" "8" "exim" "dwalsh at redhat.com" "exim SELinux Policy documentation"
+@@ -0,0 +1,270 @@
++.TH "exim_selinux" "8" "12-10-19" "exim" "SELinux Policy documentation for exim"
+.SH "NAME"
+exim_selinux \- Security Enhanced Linux Policy for the exim processes
+.SH "DESCRIPTION"
@@ -24982,7 +24887,7 @@ index 0000000..3184007
+
+The exim_t SELinux type can be entered via the "exim_exec_t" file type. The default entrypoint paths for the exim_t domain are the following:"
+
-+/usr/sbin/exim_tidydb, /usr/sbin/exim[0-9]?
++/usr/sbin/exim[0-9]?, /usr/sbin/exim_tidydb
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -25006,6 +24911,20 @@ index 0000000..3184007
+
+
+.PP
++If you want to allow exim to connect to databases (postgres, mysql), you must turn on the exim_can_connect_db boolean.
++
++.EX
++.B setsebool -P exim_can_connect_db 1
++.EE
++
++.PP
++If you want to allow exim to create, read, write, and delete unprivileged user files, you must turn on the exim_manage_user_files boolean.
++
++.EX
++.B setsebool -P exim_manage_user_files 1
++.EE
++
++.PP
+If you want to allow exim to read unprivileged user files, you must turn on the exim_read_user_files boolean.
+
+.EX
@@ -25026,6 +24945,13 @@ index 0000000..3184007
+.B setsebool -P exim_manage_user_files 1
+.EE
+
++.PP
++If you want to allow exim to read unprivileged user files, you must turn on the exim_read_user_files boolean.
++
++.EX
++.B setsebool -P exim_read_user_files 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -25044,10 +24970,6 @@ index 0000000..3184007
+
+- Set files with the exim_exec_t type, if you want to transition an executable to the exim_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/exim_tidydb, /usr/sbin/exim[0-9]?
+
+.EX
+.PP
@@ -25210,19 +25132,21 @@ index 0000000..3184007
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), exim(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), exim(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/fail2ban_client_selinux.8 b/man/man8/fail2ban_client_selinux.8
new file mode 100644
-index 0000000..8b96263
+index 0000000..6dee7b7
--- /dev/null
+++ b/man/man8/fail2ban_client_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "fail2ban_client_selinux" "8" "fail2ban_client" "dwalsh at redhat.com" "fail2ban_client SELinux Policy documentation"
+@@ -0,0 +1,87 @@
++.TH "fail2ban_client_selinux" "8" "12-10-19" "fail2ban_client" "SELinux Policy documentation for fail2ban_client"
+.SH "NAME"
+fail2ban_client_selinux \- Security Enhanced Linux Policy for the fail2ban_client processes
+.SH "DESCRIPTION"
@@ -25285,10 +25209,6 @@ index 0000000..8b96263
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type fail2ban_client_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -25306,19 +25226,21 @@ index 0000000..8b96263
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), fail2ban_client(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), fail2ban_client(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, fail2ban_selinux(8), fail2ban_selinux(8)
\ No newline at end of file
diff --git a/man/man8/fail2ban_selinux.8 b/man/man8/fail2ban_selinux.8
new file mode 100644
-index 0000000..e244054
+index 0000000..290ec8f
--- /dev/null
+++ b/man/man8/fail2ban_selinux.8
-@@ -0,0 +1,203 @@
-+.TH "fail2ban_selinux" "8" "fail2ban" "dwalsh at redhat.com" "fail2ban SELinux Policy documentation"
+@@ -0,0 +1,201 @@
++.TH "fail2ban_selinux" "8" "12-10-19" "fail2ban" "SELinux Policy documentation for fail2ban"
+.SH "NAME"
+fail2ban_selinux \- Security Enhanced Linux Policy for the fail2ban processes
+.SH "DESCRIPTION"
@@ -25336,7 +25258,7 @@ index 0000000..e244054
+
+The fail2ban_t SELinux type can be entered via the "fail2ban_exec_t" file type. The default entrypoint paths for the fail2ban_t domain are the following:"
+
-+/usr/bin/fail2ban-server, /usr/bin/fail2ban
++/usr/bin/fail2ban, /usr/bin/fail2ban-server
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -25381,10 +25303,6 @@ index 0000000..e244054
+
+- Set files with the fail2ban_exec_t type, if you want to transition an executable to the fail2ban_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/fail2ban-server, /usr/bin/fail2ban
+
+.EX
+.PP
@@ -25516,19 +25434,21 @@ index 0000000..e244054
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), fail2ban(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), fail2ban(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, fail2ban_client_selinux(8)
\ No newline at end of file
diff --git a/man/man8/fcoemon_selinux.8 b/man/man8/fcoemon_selinux.8
new file mode 100644
-index 0000000..458b15e
+index 0000000..80b23ca
--- /dev/null
+++ b/man/man8/fcoemon_selinux.8
-@@ -0,0 +1,108 @@
-+.TH "fcoemon_selinux" "8" "fcoemon" "dwalsh at redhat.com" "fcoemon SELinux Policy documentation"
+@@ -0,0 +1,106 @@
++.TH "fcoemon_selinux" "8" "12-10-19" "fcoemon" "SELinux Policy documentation for fcoemon"
+.SH "NAME"
+fcoemon_selinux \- Security Enhanced Linux Policy for the fcoemon processes
+.SH "DESCRIPTION"
@@ -25591,10 +25511,6 @@ index 0000000..458b15e
+
+- Set files with the fcoemon_var_run_t type, if you want to store the fcoemon files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/fcm(/.*)?, /var/run/fcoemon\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -25632,17 +25548,19 @@ index 0000000..458b15e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), fcoemon(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), fcoemon(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/fenced_selinux.8 b/man/man8/fenced_selinux.8
new file mode 100644
-index 0000000..f6e4386
+index 0000000..9c40723
--- /dev/null
+++ b/man/man8/fenced_selinux.8
-@@ -0,0 +1,222 @@
-+.TH "fenced_selinux" "8" "fenced" "dwalsh at redhat.com" "fenced SELinux Policy documentation"
+@@ -0,0 +1,230 @@
++.TH "fenced_selinux" "8" "12-10-19" "fenced" "SELinux Policy documentation for fenced"
+.SH "NAME"
+fenced_selinux \- Security Enhanced Linux Policy for the fenced processes
+.SH "DESCRIPTION"
@@ -25660,7 +25578,7 @@ index 0000000..f6e4386
+
+The fenced_t SELinux type can be entered via the "fenced_exec_t" file type. The default entrypoint paths for the fenced_t domain are the following:"
+
-+/usr/sbin/fence_tool, /usr/sbin/fence_node, /usr/sbin/fenced
++/usr/sbin/fenced, /usr/sbin/fence_node, /usr/sbin/fence_tool, /usr/sbin/fence_virtd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -25684,6 +25602,13 @@ index 0000000..f6e4386
+
+
+.PP
++If you want to allow fenced domain to connect to the network using TCP, you must turn on the fenced_can_network_connect boolean.
++
++.EX
++.B setsebool -P fenced_can_network_connect 1
++.EE
++
++.PP
+If you want to allow fenced domain to execute ssh, you must turn on the fenced_can_ssh boolean.
+
+.EX
@@ -25697,6 +25622,13 @@ index 0000000..f6e4386
+.B setsebool -P fenced_can_network_connect 1
+.EE
+
++.PP
++If you want to allow fenced domain to execute ssh, you must turn on the fenced_can_ssh boolean.
++
++.EX
++.B setsebool -P fenced_can_ssh 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -25715,10 +25647,6 @@ index 0000000..f6e4386
+
+- Set files with the fenced_exec_t type, if you want to transition an executable to the fenced_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/fence_tool, /usr/sbin/fence_node, /usr/sbin/fenced
+
+.EX
+.PP
@@ -25759,10 +25687,6 @@ index 0000000..f6e4386
+
+- Set files with the fenced_var_run_t type, if you want to store the fenced files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/cluster/fenced_override, /var/run/cluster/fence_scsi.*, /var/run/fenced\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -25804,9 +25728,9 @@ index 0000000..f6e4386
+.br
+.B fenced_var_run_t
+
-+ /var/run/cluster/fence_scsi.*
++ /var/run/fence.*
+.br
-+ /var/run/fenced\.pid
++ /var/run/cluster/fence_scsi.*
+.br
+ /var/run/cluster/fenced_override
+.br
@@ -25859,19 +25783,21 @@ index 0000000..f6e4386
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), fenced(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), fenced(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/fetchmail_selinux.8 b/man/man8/fetchmail_selinux.8
new file mode 100644
-index 0000000..fdc79d0
+index 0000000..48af49a
--- /dev/null
+++ b/man/man8/fetchmail_selinux.8
-@@ -0,0 +1,146 @@
-+.TH "fetchmail_selinux" "8" "fetchmail" "dwalsh at redhat.com" "fetchmail SELinux Policy documentation"
+@@ -0,0 +1,144 @@
++.TH "fetchmail_selinux" "8" "12-10-19" "fetchmail" "SELinux Policy documentation for fetchmail"
+.SH "NAME"
+fetchmail_selinux \- Security Enhanced Linux Policy for the fetchmail processes
+.SH "DESCRIPTION"
@@ -25950,10 +25876,6 @@ index 0000000..fdc79d0
+
+- Set files with the fetchmail_uidl_cache_t type, if you want to store the files under the /var/cache directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/fetchmail(/.*)?, /var/mail/\.fetchmail-UIDL-cache
+
+.EX
+.PP
@@ -26013,17 +25935,19 @@ index 0000000..fdc79d0
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), fetchmail(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), fetchmail(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/fingerd_selinux.8 b/man/man8/fingerd_selinux.8
new file mode 100644
-index 0000000..a9896ce
+index 0000000..a817a0f
--- /dev/null
+++ b/man/man8/fingerd_selinux.8
-@@ -0,0 +1,166 @@
-+.TH "fingerd_selinux" "8" "fingerd" "dwalsh at redhat.com" "fingerd SELinux Policy documentation"
+@@ -0,0 +1,164 @@
++.TH "fingerd_selinux" "8" "12-10-19" "fingerd" "SELinux Policy documentation for fingerd"
+.SH "NAME"
+fingerd_selinux \- Security Enhanced Linux Policy for the fingerd processes
+.SH "DESCRIPTION"
@@ -26041,7 +25965,7 @@ index 0000000..a9896ce
+
+The fingerd_t SELinux type can be entered via the "fingerd_exec_t" file type. The default entrypoint paths for the fingerd_t domain are the following:"
+
-+/etc/cron\.weekly/(c)?fingerd, /usr/sbin/[cef]fingerd, /usr/sbin/in\.fingerd
++/usr/sbin/[cef]fingerd, /etc/cron\.weekly/(c)?fingerd, /usr/sbin/in\.fingerd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -26086,10 +26010,6 @@ index 0000000..a9896ce
+
+- Set files with the fingerd_exec_t type, if you want to transition an executable to the fingerd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/cron\.weekly/(c)?fingerd, /usr/sbin/[cef]fingerd, /usr/sbin/in\.fingerd
+
+.EX
+.PP
@@ -26185,17 +26105,19 @@ index 0000000..a9896ce
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), fingerd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), fingerd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/firewalld_selinux.8 b/man/man8/firewalld_selinux.8
new file mode 100644
-index 0000000..3bc72bd
+index 0000000..e5b64af
--- /dev/null
+++ b/man/man8/firewalld_selinux.8
-@@ -0,0 +1,161 @@
-+.TH "firewalld_selinux" "8" "firewalld" "dwalsh at redhat.com" "firewalld SELinux Policy documentation"
+@@ -0,0 +1,159 @@
++.TH "firewalld_selinux" "8" "12-10-19" "firewalld" "SELinux Policy documentation for firewalld"
+.SH "NAME"
+firewalld_selinux \- Security Enhanced Linux Policy for the firewalld processes
+.SH "DESCRIPTION"
@@ -26290,10 +26212,6 @@ index 0000000..3bc72bd
+
+- Set files with the firewalld_var_run_t type, if you want to store the firewalld files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/firewalld\.pid, /var/run/firewalld(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -26351,19 +26269,21 @@ index 0000000..3bc72bd
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), firewalld(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), firewalld(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, firewallgui_selinux(8)
\ No newline at end of file
diff --git a/man/man8/firewallgui_selinux.8 b/man/man8/firewallgui_selinux.8
new file mode 100644
-index 0000000..04555ba
+index 0000000..d3df6e6
--- /dev/null
+++ b/man/man8/firewallgui_selinux.8
-@@ -0,0 +1,136 @@
-+.TH "firewallgui_selinux" "8" "firewallgui" "dwalsh at redhat.com" "firewallgui SELinux Policy documentation"
+@@ -0,0 +1,138 @@
++.TH "firewallgui_selinux" "8" "12-10-19" "firewallgui" "SELinux Policy documentation for firewallgui"
+.SH "NAME"
+firewallgui_selinux \- Security Enhanced Linux Policy for the firewallgui processes
+.SH "DESCRIPTION"
@@ -26495,17 +26415,19 @@ index 0000000..04555ba
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), firewallgui(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), firewallgui(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/firstboot_selinux.8 b/man/man8/firstboot_selinux.8
new file mode 100644
-index 0000000..d484fe6
+index 0000000..9dc669d
--- /dev/null
+++ b/man/man8/firstboot_selinux.8
-@@ -0,0 +1,106 @@
-+.TH "firstboot_selinux" "8" "firstboot" "dwalsh at redhat.com" "firstboot SELinux Policy documentation"
+@@ -0,0 +1,104 @@
++.TH "firstboot_selinux" "8" "12-10-19" "firstboot" "SELinux Policy documentation for firstboot"
+.SH "NAME"
+firstboot_selinux \- Security Enhanced Linux Policy for the firstboot processes
+.SH "DESCRIPTION"
@@ -26521,9 +26443,9 @@ index 0000000..d484fe6
+
+.SH "ENTRYPOINTS"
+
-+The firstboot_t SELinux type can be entered via the "proc_type,file_type,mtrr_device_t,sysctl_type,filesystem_type,firstboot_exec_t,unlabeled_t" file types. The default entrypoint paths for the firstboot_t domain are the following:"
++The firstboot_t SELinux type can be entered via the "firstboot_exec_t,unlabeled_t,proc_type,file_type,sysctl_type,mtrr_device_t,filesystem_type" file types. The default entrypoint paths for the firstboot_t domain are the following:"
+
-+/dev/cpu/mtrr, /usr/share/firstboot/firstboot\.py, /usr/sbin/firstboot
++/usr/sbin/firstboot, /usr/share/firstboot/firstboot\.py, all files on the system, /dev/cpu/mtrr
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -26568,10 +26490,6 @@ index 0000000..d484fe6
+
+- Set files with the firstboot_exec_t type, if you want to transition an executable to the firstboot_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/firstboot/firstboot\.py, /usr/sbin/firstboot
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -26607,17 +26525,19 @@ index 0000000..d484fe6
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), firstboot(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), firstboot(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/foghorn_selinux.8 b/man/man8/foghorn_selinux.8
new file mode 100644
-index 0000000..92a6e61
+index 0000000..31ba34e
--- /dev/null
+++ b/man/man8/foghorn_selinux.8
-@@ -0,0 +1,144 @@
-+.TH "foghorn_selinux" "8" "foghorn" "dwalsh at redhat.com" "foghorn SELinux Policy documentation"
+@@ -0,0 +1,146 @@
++.TH "foghorn_selinux" "8" "12-10-19" "foghorn" "SELinux Policy documentation for foghorn"
+.SH "NAME"
+foghorn_selinux \- Security Enhanced Linux Policy for the foghorn processes
+.SH "DESCRIPTION"
@@ -26757,17 +26677,19 @@ index 0000000..92a6e61
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), foghorn(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), foghorn(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/fprintd_selinux.8 b/man/man8/fprintd_selinux.8
new file mode 100644
-index 0000000..0edb313
+index 0000000..0b2ea90
--- /dev/null
+++ b/man/man8/fprintd_selinux.8
-@@ -0,0 +1,116 @@
-+.TH "fprintd_selinux" "8" "fprintd" "dwalsh at redhat.com" "fprintd SELinux Policy documentation"
+@@ -0,0 +1,118 @@
++.TH "fprintd_selinux" "8" "12-10-19" "fprintd" "SELinux Policy documentation for fprintd"
+.SH "NAME"
+fprintd_selinux \- Security Enhanced Linux Policy for the fprintd processes
+.SH "DESCRIPTION"
@@ -26879,17 +26801,19 @@ index 0000000..0edb313
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), fprintd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), fprintd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/freshclam_selinux.8 b/man/man8/freshclam_selinux.8
new file mode 100644
-index 0000000..5bb9250
+index 0000000..bcf0fef
--- /dev/null
+++ b/man/man8/freshclam_selinux.8
-@@ -0,0 +1,154 @@
-+.TH "freshclam_selinux" "8" "freshclam" "dwalsh at redhat.com" "freshclam SELinux Policy documentation"
+@@ -0,0 +1,164 @@
++.TH "freshclam_selinux" "8" "12-10-19" "freshclam" "SELinux Policy documentation for freshclam"
+.SH "NAME"
+freshclam_selinux \- Security Enhanced Linux Policy for the freshclam processes
+.SH "DESCRIPTION"
@@ -26952,10 +26876,6 @@ index 0000000..5bb9250
+
+- Set files with the freshclam_var_log_t type, if you want to treat the data as freshclam var log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/clamav/freshclam.*, /var/log/freshclam.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -26969,6 +26889,18 @@ index 0000000..5bb9250
+The SELinux process type freshclam_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
++.B amavis_spool_t
++
++ /var/spool/amavisd(/.*)?
++.br
++
++.br
++.B antivirus_db_t
++
++ /var/opt/f-secure(/.*)?
++.br
++
++.br
+.B clamd_var_lib_t
+
+ /var/clamav(/.*)?
@@ -27039,17 +26971,19 @@ index 0000000..5bb9250
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), freshclam(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), freshclam(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/fsadm_selinux.8 b/man/man8/fsadm_selinux.8
new file mode 100644
-index 0000000..a449e1c
+index 0000000..64b595e
--- /dev/null
+++ b/man/man8/fsadm_selinux.8
-@@ -0,0 +1,260 @@
-+.TH "fsadm_selinux" "8" "fsadm" "dwalsh at redhat.com" "fsadm SELinux Policy documentation"
+@@ -0,0 +1,258 @@
++.TH "fsadm_selinux" "8" "12-10-19" "fsadm" "SELinux Policy documentation for fsadm"
+.SH "NAME"
+fsadm_selinux \- Security Enhanced Linux Policy for the fsadm processes
+.SH "DESCRIPTION"
@@ -27067,7 +27001,7 @@ index 0000000..a449e1c
+
+The fsadm_t SELinux type can be entered via the "fsadm_exec_t" file type. The default entrypoint paths for the fsadm_t domain are the following:"
+
-+/sbin/partx, /usr/sbin/fdisk, /sbin/mkfs.*, /sbin/blockdev, /usr/sbin/sfdisk, /sbin/dumpe2fs, /sbin/mkdosfs, /usr/sbin/mke2fs, /sbin/e4fsck, /usr/sbin/dosfsck, /usr/sbin/blockdev, /sbin/dosfsck, /usr/sbin/lsraid, /usr/bin/partition_uuid, /sbin/raidautorun, /usr/sbin/findfs, /usr/sbin/scsi_info, /sbin/resize.*fs, /usr/sbin/raidstart, /sbin/mkreiserfs, /usr/sbin/raidautorun, /usr/sbin/make_reiser4, /usr/sbin/partx, /usr/sbin/resize.*fs, /usr/sbin/fsck.*, /usr/sbin/dumpe2fs, /usr/sbin/cfdisk, /sbin/tune2fs, /usr/sbin/mkdosfs, /sbin/blkid, /usr/sbin/hdparm, /sbin/make_reiser4, /sbin/dump, /sbin/swapon.*, /usr/sbin/jfs_.*, /usr/bin/scsi_unique_id, /sbin/findfs, /usr/sbin/smartctl, /usr/bin/syslinux, /usr/sbin/blkid, /sbin/losetup.*, /usr/sbin/tune2fs, /usr/lib/systemd/systemd-fsck, /sbin/parted, /sbin/partprobe, /usr/sbin/mkfs.*, /sbin/e2label, /usr/sbin/reiserfs(ck|tune), /sbin/mkraid, /sbin/install-mbr, /sbin/scsi_info, /sbin/mke2fs, /sbin/fsck.*, /usr/sbin/install-mbr, /usr/s
bin/clubufflush, /sbin/jfs_.*, /usr/sbin/mke4fs, /sbin/raidstart, /sbin/lsraid, /usr/sbin/losetup.*, /usr/sbin/mkreiserfs, /usr/sbin/swapon.*, /usr/sbin/e2fsck, /sbin/reiserfs(ck|tune), /usr/sbin/e4fsck, /usr/sbin/dump, /usr/sbin/partprobe, /sbin/fdisk, /sbin/sfdisk, /sbin/e2fsck, /usr/sbin/e2label, /usr/sbin/parted, /usr/bin/raw, /sbin/mke4fs, /sbin/cfdisk, /usr/sbin/mkraid, /sbin/hdparm
++/sbin/fsck.*, /sbin/jfs_.*, /sbin/mkfs.*, /sbin/swapon.*, /sbin/resize.*fs, /sbin/losetup.*, /usr/sbin/fsck.*, /usr/sbin/jfs_.*, /usr/sbin/mkfs.*, /sbin/reiserfs(ck|tune), /usr/sbin/swapon.*, /usr/sbin/resize.*fs, /usr/sbin/losetup.*, /usr/sbin/reiserfs(ck|tune), /sbin/dump, /sbin/blkid, /sbin/fdisk, /sbin/partx, /sbin/cfdisk, /sbin/e2fsck, /sbin/e4fsck, /sbin/findfs, /sbin/hdparm, /sbin/lsraid, /sbin/mke2fs, /sbin/mke4fs, /sbin/mkraid, /sbin/parted, /sbin/sfdisk, /usr/bin/raw, /sbin/dosfsck, /sbin/e2label, /sbin/mkdosfs, /sbin/tune2fs, /sbin/blockdev, /sbin/dumpe2fs, /usr/sbin/dump, /sbin/partprobe, /sbin/raidstart, /sbin/scsi_info, /usr/sbin/blkid, /usr/sbin/fdisk, /usr/sbin/partx, /sbin/mkreiserfs, /usr/sbin/cfdisk, /usr/sbin/e2fsck, /usr/sbin/e4fsck, /usr/sbin/findfs, /usr/sbin/hdparm, /usr/sbin/lsraid, /usr/sbin/mke2fs, /usr/sbin/mke4fs, /usr/sbin/mkraid, /usr/sbin/parted, /usr/sbin/sfdisk, /sbin/install-mbr, /sbin/raidautorun, /usr/bin/syslinux, /usr/sbin/dosfsck, /us
r/sbin/e2label, /usr/sbin/mkdosfs, /usr/sbin/tune2fs, /sbin/make_reiser4, /usr/sbin/blockdev, /usr/sbin/dumpe2fs, /usr/sbin/smartctl, /usr/sbin/partprobe, /usr/sbin/raidstart, /usr/sbin/scsi_info, /usr/sbin/mkreiserfs, /usr/sbin/clubufflush, /usr/sbin/install-mbr, /usr/sbin/raidautorun, /usr/sbin/make_reiser4, /usr/bin/partition_uuid, /usr/bin/scsi_unique_id, /usr/lib/systemd/systemd-fsck
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -27104,10 +27038,6 @@ index 0000000..a449e1c
+
+- Set files with the fsadm_exec_t type, if you want to transition an executable to the fsadm_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/partx, /usr/sbin/fdisk, /sbin/mkfs.*, /sbin/blockdev, /usr/sbin/sfdisk, /sbin/dumpe2fs, /sbin/mkdosfs, /usr/sbin/mke2fs, /sbin/e4fsck, /usr/sbin/dosfsck, /usr/sbin/blockdev, /sbin/dosfsck, /usr/sbin/lsraid, /usr/bin/partition_uuid, /sbin/raidautorun, /usr/sbin/findfs, /usr/sbin/scsi_info, /sbin/resize.*fs, /usr/sbin/raidstart, /sbin/mkreiserfs, /usr/sbin/raidautorun, /usr/sbin/make_reiser4, /usr/sbin/partx, /usr/sbin/resize.*fs, /usr/sbin/fsck.*, /usr/sbin/dumpe2fs, /usr/sbin/cfdisk, /sbin/tune2fs, /usr/sbin/mkdosfs, /sbin/blkid, /usr/sbin/hdparm, /sbin/make_reiser4, /sbin/dump, /sbin/swapon.*, /usr/sbin/jfs_.*, /usr/bin/scsi_unique_id, /sbin/findfs, /usr/sbin/smartctl, /usr/bin/syslinux, /usr/sbin/blkid, /sbin/losetup.*, /usr/sbin/tune2fs, /usr/lib/systemd/systemd-fsck, /sbin/parted, /sbin/partprobe, /usr/sbin/mkfs.*, /sbin/e2label, /usr/sbin/reiserfs(ck|tune), /sbin/mkraid, /sbin/install-mbr, /sbin/scsi_info, /sbin/mke2fs, /sbin/fsck.*, /usr/sbin/install-mbr, /usr/s
bin/clubufflush, /sbin/jfs_.*, /usr/sbin/mke4fs, /sbin/raidstart, /sbin/lsraid, /usr/sbin/losetup.*, /usr/sbin/mkreiserfs, /usr/sbin/swapon.*, /usr/sbin/e2fsck, /sbin/reiserfs(ck|tune), /usr/sbin/e4fsck, /usr/sbin/dump, /usr/sbin/partprobe, /sbin/fdisk, /sbin/sfdisk, /sbin/e2fsck, /usr/sbin/e2label, /usr/sbin/parted, /usr/bin/raw, /sbin/mke4fs, /sbin/cfdisk, /usr/sbin/mkraid, /sbin/hdparm
+
+.EX
+.PP
@@ -27187,10 +27117,10 @@ index 0000000..a449e1c
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -27305,17 +27235,19 @@ index 0000000..a449e1c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), fsadm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), fsadm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/fsdaemon_selinux.8 b/man/man8/fsdaemon_selinux.8
new file mode 100644
-index 0000000..85c17a0
+index 0000000..02c468a
--- /dev/null
+++ b/man/man8/fsdaemon_selinux.8
-@@ -0,0 +1,122 @@
-+.TH "fsdaemon_selinux" "8" "fsdaemon" "dwalsh at redhat.com" "fsdaemon SELinux Policy documentation"
+@@ -0,0 +1,124 @@
++.TH "fsdaemon_selinux" "8" "12-10-19" "fsdaemon" "SELinux Policy documentation for fsdaemon"
+.SH "NAME"
+fsdaemon_selinux \- Security Enhanced Linux Policy for the fsdaemon processes
+.SH "DESCRIPTION"
@@ -27433,17 +27365,19 @@ index 0000000..85c17a0
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), fsdaemon(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), fsdaemon(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ftpd_selinux.8 b/man/man8/ftpd_selinux.8
-index 5bebd82..cc4dd19 100644
+index 5bebd82..5929171 100644
--- a/man/man8/ftpd_selinux.8
+++ b/man/man8/ftpd_selinux.8
-@@ -1,65 +1,493 @@
+@@ -1,65 +1,594 @@
-.TH "ftpd_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "ftpd SELinux policy documentation"
-+.TH "ftpd_selinux" "8" "ftpd" "dwalsh at redhat.com" "ftpd SELinux Policy documentation"
++.TH "ftpd_selinux" "8" "12-10-19" "ftpd" "SELinux Policy documentation for ftpd"
.SH "NAME"
-.PP
-ftpd_selinux \- Security-Enhanced Linux policy for ftp daemons.
@@ -27463,7 +27397,7 @@ index 5bebd82..cc4dd19 100644
+
+The ftpd_t SELinux type can be entered via the "ftpd_exec_t" file type. The default entrypoint paths for the ftpd_t domain are the following:"
+
-+/usr/sbin/ftpwho, /etc/cron\.monthly/proftpd, /usr/sbin/in\.ftpd, /usr/sbin/proftpd, /usr/kerberos/sbin/ftpd, /usr/sbin/muddleftpd, /usr/sbin/vsftpd
++/usr/sbin/ftpwho, /usr/sbin/vsftpd, /usr/sbin/in\.ftpd, /usr/sbin/proftpd, /usr/sbin/muddleftpd, /usr/kerberos/sbin/ftpd, /etc/cron\.monthly/proftpd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
.PP
@@ -27508,10 +27442,10 @@ index 5bebd82..cc4dd19 100644
-SELinux policy is based on least privilege required and may also be customizable by setting a boolean with setsebool.
-.TP
-Allow ftp servers to read and write files with the public_content_rw_t file type.
-+If you want to allow ftp to read and write files in the user home directories, you must turn on the ftp_home_dir boolean.
++If you want to allow ftp servers to use nfs used for public file transfer services, you must turn on the ftpd_use_nfs boolean.
+
+.EX
-+.B setsebool -P ftp_home_dir 1
++.B setsebool -P ftpd_use_nfs 1
+.EE
+
.PP
@@ -27519,10 +27453,10 @@ index 5bebd82..cc4dd19 100644
-setsebool -P allow_ftpd_anon_write on
-.TP
-Allow ftp servers to read or write files in the user home directories.
-+If you want to allow ftp servers to use cifs used for public file transfer services, you must turn on the ftpd_use_cifs boolean.
++If you want to allow httpd to act as a FTP server by listening on the ftp port, you must turn on the httpd_enable_ftp_server boolean.
+
+.EX
-+.B setsebool -P ftpd_use_cifs 1
++.B setsebool -P httpd_enable_ftp_server 1
+.EE
+
.PP
@@ -27530,15 +27464,29 @@ index 5bebd82..cc4dd19 100644
-setsebool -P ftp_home_dir on
-.TP
-Allow ftp servers to read or write all files on the system.
-+If you want to allow internal-sftp to read and write files in the user ssh home directories, you must turn on the sftpd_write_ssh_home boolean.
++If you want to allow ftp servers to use bind to all unreserved ports for passive mode, you must turn on the ftpd_use_passive_mode boolean.
+
+.EX
-+.B setsebool -P sftpd_write_ssh_home 1
++.B setsebool -P ftpd_use_passive_mode 1
+.EE
+
.PP
-.B
-setsebool -P allow_ftpd_full_access on
++If you want to allow httpd to act as a FTP client connecting to the ftp port and ephemeral ports, you must turn on the httpd_can_connect_ftp boolean.
++
++.EX
++.B setsebool -P httpd_can_connect_ftp 1
++.EE
++
++.PP
++If you want to allow ftp to read and write files in the user home directories, you must turn on the ftp_home_dir boolean.
++
++.EX
++.B setsebool -P ftp_home_dir 1
++.EE
++
++.PP
+If you want to allow ftp servers to connect to mysql database ports, you must turn on the ftpd_connect_db boolean.
+
+.EX
@@ -27546,10 +27494,10 @@ index 5bebd82..cc4dd19 100644
+.EE
+
+.PP
-+If you want to allow ftp servers to login to local users and read/write all files on the system, governed by DAC, you must turn on the ftpd_full_access boolean.
++If you want to allow ftp servers to use cifs used for public file transfer services, you must turn on the ftpd_use_cifs boolean.
+
+.EX
-+.B setsebool -P ftpd_full_access 1
++.B setsebool -P ftpd_use_cifs 1
+.EE
+
+.PP
@@ -27560,17 +27508,31 @@ index 5bebd82..cc4dd19 100644
+.EE
+
+.PP
-+If you want to allow httpd to act as a FTP client connecting to the ftp port and ephemeral ports, you must turn on the httpd_can_connect_ftp boolean.
++If you want to allow internal-sftp to read and write files in the user ssh home directories, you must turn on the sftpd_write_ssh_home boolean.
+
+.EX
-+.B setsebool -P httpd_can_connect_ftp 1
++.B setsebool -P sftpd_write_ssh_home 1
+.EE
+
+.PP
-+If you want to allow ftp servers to use bind to all unreserved ports for passive mode, you must turn on the ftpd_use_passive_mode boolean.
++If you want to allow sftp-internal to login to local users and read/write all files on the system, governed by DAC, you must turn on the sftpd_full_access boolean.
+
+.EX
-+.B setsebool -P ftpd_use_passive_mode 1
++.B setsebool -P sftpd_full_access 1
++.EE
++
++.PP
++If you want to allow ftp servers to connect to all ports > 1023, you must turn on the ftpd_connect_all_unreserved boolean.
++
++.EX
++.B setsebool -P ftpd_connect_all_unreserved 1
++.EE
++
++.PP
++If you want to allow ftp servers to login to local users and read/write all files on the system, governed by DAC, you must turn on the ftpd_full_access boolean.
++
++.EX
++.B setsebool -P ftpd_full_access 1
+.EE
+
+.PP
@@ -27581,6 +27543,62 @@ index 5bebd82..cc4dd19 100644
+.EE
+
+.PP
++If you want to allow httpd to act as a FTP server by listening on the ftp port, you must turn on the httpd_enable_ftp_server boolean.
++
++.EX
++.B setsebool -P httpd_enable_ftp_server 1
++.EE
++
++.PP
++If you want to allow ftp servers to use bind to all unreserved ports for passive mode, you must turn on the ftpd_use_passive_mode boolean.
++
++.EX
++.B setsebool -P ftpd_use_passive_mode 1
++.EE
++
++.PP
++If you want to allow httpd to act as a FTP client connecting to the ftp port and ephemeral ports, you must turn on the httpd_can_connect_ftp boolean.
++
++.EX
++.B setsebool -P httpd_can_connect_ftp 1
++.EE
++
++.PP
++If you want to allow ftp to read and write files in the user home directories, you must turn on the ftp_home_dir boolean.
++
++.EX
++.B setsebool -P ftp_home_dir 1
++.EE
++
++.PP
++If you want to allow ftp servers to connect to mysql database ports, you must turn on the ftpd_connect_db boolean.
++
++.EX
++.B setsebool -P ftpd_connect_db 1
++.EE
++
++.PP
++If you want to allow ftp servers to use cifs used for public file transfer services, you must turn on the ftpd_use_cifs boolean.
++
++.EX
++.B setsebool -P ftpd_use_cifs 1
++.EE
++
++.PP
++If you want to allow sftp-internal to read and write files in the user home directories, you must turn on the sftpd_enable_homedirs boolean.
++
++.EX
++.B setsebool -P sftpd_enable_homedirs 1
++.EE
++
++.PP
++If you want to allow internal-sftp to read and write files in the user ssh home directories, you must turn on the sftpd_write_ssh_home boolean.
++
++.EX
++.B setsebool -P sftpd_write_ssh_home 1
++.EE
++
++.PP
+If you want to allow sftp-internal to login to local users and read/write all files on the system, governed by DAC, you must turn on the sftpd_full_access boolean.
+
+.EX
@@ -27595,10 +27613,10 @@ index 5bebd82..cc4dd19 100644
+.EE
+
+.PP
-+If you want to allow httpd to act as a FTP server by listening on the ftp port, you must turn on the httpd_enable_ftp_server boolean.
++If you want to allow ftp servers to login to local users and read/write all files on the system, governed by DAC, you must turn on the ftpd_full_access boolean.
+
+.EX
-+.B setsebool -P httpd_enable_ftp_server 1
++.B setsebool -P ftpd_full_access 1
+.EE
+
+.SH SHARING FILES
@@ -27629,11 +27647,10 @@ index 5bebd82..cc4dd19 100644
+
.PP
-This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-+If you want to allow tftp to modify public files used for public file transfer services., you must turn on the tftp_anon_write boolean.
-
--.SH "SEE ALSO"
++If you want to allow anon internal-sftp to upload files, used for public file transfer services. Directories must be labeled public_content_rw_t., you must turn on the sftpd_anon_write boolean.
++
+.EX
-+.B setsebool -P tftp_anon_write 1
++.B setsebool -P sftpd_anon_write 1
+.EE
+
+.PP
@@ -27644,11 +27661,34 @@ index 5bebd82..cc4dd19 100644
+.EE
+
+.PP
++If you want to allow tftp to modify public files used for public file transfer services., you must turn on the tftp_anon_write boolean.
++
++.EX
++.B setsebool -P tftp_anon_write 1
++.EE
++
++.PP
+If you want to allow anon internal-sftp to upload files, used for public file transfer services. Directories must be labeled public_content_rw_t., you must turn on the sftpd_anon_write boolean.
+
+.EX
+.B setsebool -P sftpd_anon_write 1
+.EE
+
+-.SH "SEE ALSO"
+ .PP
++If you want to allow ftp servers to upload files, used for public file transfer services. Directories must be labeled public_content_rw_t., you must turn on the ftpd_anon_write boolean.
+
+-selinux(8), ftpd(8), setsebool(8), semanage(8), restorecon(8)
++.EX
++.B setsebool -P ftpd_anon_write 1
++.EE
++
++.PP
++If you want to allow tftp to modify public files used for public file transfer services., you must turn on the tftp_anon_write boolean.
++
++.EX
++.B setsebool -P tftp_anon_write 1
++.EE
+
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
@@ -27676,10 +27716,6 @@ index 5bebd82..cc4dd19 100644
+
+- Set files with the ftpd_exec_t type, if you want to transition an executable to the ftpd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/ftpwho, /etc/cron\.monthly/proftpd, /usr/sbin/in\.ftpd, /usr/sbin/proftpd, /usr/kerberos/sbin/ftpd, /usr/sbin/muddleftpd, /usr/sbin/vsftpd
+
+.EX
+.PP
@@ -27688,17 +27724,12 @@ index 5bebd82..cc4dd19 100644
+
+- Set files with the ftpd_initrc_exec_t type, if you want to transition an executable to the ftpd_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/proftpd, /etc/rc\.d/init\.d/vsftpd
+
+.EX
- .PP
++.PP
+.B ftpd_keytab_t
+.EE
-
--selinux(8), ftpd(8), setsebool(8), semanage(8), restorecon(8)
++
+- Set files with the ftpd_keytab_t type, if you want to treat the files as kerberos keytab files.
+
+
@@ -27854,6 +27885,8 @@ index 5bebd82..cc4dd19 100644
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -27974,19 +28007,21 @@ index 5bebd82..cc4dd19 100644
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ftpd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ftpd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), ftpdctl_selinux(8)
\ No newline at end of file
diff --git a/man/man8/ftpdctl_selinux.8 b/man/man8/ftpdctl_selinux.8
new file mode 100644
-index 0000000..8d8bab4
+index 0000000..25e7d12
--- /dev/null
+++ b/man/man8/ftpdctl_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "ftpdctl_selinux" "8" "ftpdctl" "dwalsh at redhat.com" "ftpdctl SELinux Policy documentation"
+@@ -0,0 +1,95 @@
++.TH "ftpdctl_selinux" "8" "12-10-19" "ftpdctl" "SELinux Policy documentation for ftpdctl"
+.SH "NAME"
+ftpdctl_selinux \- Security Enhanced Linux Policy for the ftpdctl processes
+.SH "DESCRIPTION"
@@ -28057,10 +28092,6 @@ index 0000000..8d8bab4
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type ftpdctl_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -28078,19 +28109,21 @@ index 0000000..8d8bab4
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ftpdctl(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ftpdctl(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, ftpd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/games_selinux.8 b/man/man8/games_selinux.8
new file mode 100644
-index 0000000..240f5c5
+index 0000000..0f2f06b
--- /dev/null
+++ b/man/man8/games_selinux.8
-@@ -0,0 +1,184 @@
-+.TH "games_selinux" "8" "games" "dwalsh at redhat.com" "games SELinux Policy documentation"
+@@ -0,0 +1,178 @@
++.TH "games_selinux" "8" "12-10-19" "games" "SELinux Policy documentation for games"
+.SH "NAME"
+games_selinux \- Security Enhanced Linux Policy for the games processes
+.SH "DESCRIPTION"
@@ -28108,7 +28141,7 @@ index 0000000..240f5c5
+
+The games_t SELinux type can be entered via the "games_exec_t" file type. The default entrypoint paths for the games_t domain are the following:"
+
-+/usr/bin/sol, /usr/bin/blackjack, /usr/bin/micq, /usr/bin/gnotski, /usr/bin/katomic, /usr/bin/kshisen, /usr/bin/klickety, /usr/bin/lskat, /usr/bin/atlantik, /usr/bin/ksame, /usr/bin/kgoldrunner, /usr/bin/lskatproc, /usr/bin/gataxx, /usr/bin/Maelstrom, /usr/bin/ksmiletris, /usr/bin/gnotravex, /usr/bin/ksirtet, /usr/bin/kbattleship, /usr/bin/ktuberling, /usr/bin/kenolaba, /usr/bin/kmahjongg, /usr/bin/ksnake, /usr/games/.*, /usr/bin/gnobots2, /usr/bin/civserver.*, /usr/bin/civclient.*, /usr/bin/kbounce, /usr/bin/kwin4, /usr/bin/ktron, /usr/bin/mahjongg, /usr/bin/kbackgammon, /usr/bin/kblackbox, /usr/bin/kjumpingcube, /usr/bin/gnomine, /usr/bin/gnect, /usr/bin/same-gnome, /usr/bin/kasteroids, /usr/bin/ksokoban, /usr/bin/kolf, /usr/bin/konquest, /usr/bin/kreversi, /usr/bin/kpoker, /usr/lib/games(/.*)?, /usr/bin/glines, /usr/bin/kfouleggs, /usr/bin/kmines, /usr/bin/gnibbles, /usr/bin/kspaceduel, /usr/bin/kpat, /usr/bin/iagno, /usr/bin/gtali, /usr/bin/klines, /usr/bin/kwin4proc, /
usr/bin/gnome-stones
++/usr/games/.*, /usr/lib/games(/.*)?, /usr/bin/civclient.*, /usr/bin/civserver.*, /usr/bin/sol, /usr/bin/micq, /usr/bin/kolf, /usr/bin/kpat, /usr/bin/gnect, /usr/bin/gtali, /usr/bin/iagno, /usr/bin/ksame, /usr/bin/ktron, /usr/bin/kwin4, /usr/bin/lskat, /usr/bin/gataxx, /usr/bin/glines, /usr/bin/klines, /usr/bin/kmines, /usr/bin/kpoker, /usr/bin/ksnake, /usr/bin/gnomine, /usr/bin/gnotski, /usr/bin/katomic, /usr/bin/kbounce, /usr/bin/kshisen, /usr/bin/ksirtet, /usr/bin/gnibbles, /usr/bin/gnobots2, /usr/bin/mahjongg, /usr/bin/atlantik, /usr/bin/kenolaba, /usr/bin/klickety, /usr/bin/konquest, /usr/bin/kreversi, /usr/bin/ksokoban, /usr/bin/blackjack, /usr/bin/gnotravex, /usr/bin/kblackbox, /usr/bin/kfouleggs, /usr/bin/kmahjongg, /usr/bin/kwin4proc, /usr/bin/lskatproc, /usr/bin/Maelstrom, /usr/bin/same-gnome, /usr/bin/kasteroids, /usr/bin/ksmiletris, /usr/bin/kspaceduel, /usr/bin/ktuberling, /usr/bin/kbackgammon, /usr/bin/kbattleship, /usr/bin/kgoldrunner, /usr/bin/gnome-stones, /
usr/bin/kjumpingcube
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -28145,10 +28178,6 @@ index 0000000..240f5c5
+
+- Set files with the games_data_t type, if you want to treat the files as games content.
+
-+.br
-+.TP 5
-+Paths:
-+/var/games(/.*)?, /var/lib/games(/.*)?
+
+.EX
+.PP
@@ -28157,10 +28186,6 @@ index 0000000..240f5c5
+
+- Set files with the games_exec_t type, if you want to transition an executable to the games_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/sol, /usr/bin/blackjack, /usr/bin/micq, /usr/bin/gnotski, /usr/bin/katomic, /usr/bin/kshisen, /usr/bin/klickety, /usr/bin/lskat, /usr/bin/atlantik, /usr/bin/ksame, /usr/bin/kgoldrunner, /usr/bin/lskatproc, /usr/bin/gataxx, /usr/bin/Maelstrom, /usr/bin/ksmiletris, /usr/bin/gnotravex, /usr/bin/ksirtet, /usr/bin/kbattleship, /usr/bin/ktuberling, /usr/bin/kenolaba, /usr/bin/kmahjongg, /usr/bin/ksnake, /usr/games/.*, /usr/bin/gnobots2, /usr/bin/civserver.*, /usr/bin/civclient.*, /usr/bin/kbounce, /usr/bin/kwin4, /usr/bin/ktron, /usr/bin/mahjongg, /usr/bin/kbackgammon, /usr/bin/kblackbox, /usr/bin/kjumpingcube, /usr/bin/gnomine, /usr/bin/gnect, /usr/bin/same-gnome, /usr/bin/kasteroids, /usr/bin/ksokoban, /usr/bin/kolf, /usr/bin/konquest, /usr/bin/kreversi, /usr/bin/kpoker, /usr/lib/games(/.*)?, /usr/bin/glines, /usr/bin/kfouleggs, /usr/bin/kmines, /usr/bin/gnibbles, /usr/bin/kspaceduel, /usr/bin/kpat, /usr/bin/iagno, /usr/bin/gtali, /usr/bin/klines, /usr/bin/kwin4proc, /
usr/bin/gnome-stones
+
+.EX
+.PP
@@ -28270,17 +28295,19 @@ index 0000000..240f5c5
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), games(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), games(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/gconfd_selinux.8 b/man/man8/gconfd_selinux.8
new file mode 100644
-index 0000000..6b42a6f
+index 0000000..615258a
--- /dev/null
+++ b/man/man8/gconfd_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "gconfd_selinux" "8" "gconfd" "dwalsh at redhat.com" "gconfd SELinux Policy documentation"
+@@ -0,0 +1,129 @@
++.TH "gconfd_selinux" "8" "12-10-19" "gconfd" "SELinux Policy documentation for gconfd"
+.SH "NAME"
+gconfd_selinux \- Security Enhanced Linux Policy for the gconfd processes
+.SH "DESCRIPTION"
@@ -28402,19 +28429,21 @@ index 0000000..6b42a6f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), gconfd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), gconfd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, gconfdefaultsm_selinux(8)
\ No newline at end of file
diff --git a/man/man8/gconfdefaultsm_selinux.8 b/man/man8/gconfdefaultsm_selinux.8
new file mode 100644
-index 0000000..c6ef666
+index 0000000..6e39eec
--- /dev/null
+++ b/man/man8/gconfdefaultsm_selinux.8
-@@ -0,0 +1,115 @@
-+.TH "gconfdefaultsm_selinux" "8" "gconfdefaultsm" "dwalsh at redhat.com" "gconfdefaultsm SELinux Policy documentation"
+@@ -0,0 +1,117 @@
++.TH "gconfdefaultsm_selinux" "8" "12-10-19" "gconfdefaultsm" "SELinux Policy documentation for gconfdefaultsm"
+.SH "NAME"
+gconfdefaultsm_selinux \- Security Enhanced Linux Policy for the gconfdefaultsm processes
+.SH "DESCRIPTION"
@@ -28524,19 +28553,21 @@ index 0000000..c6ef666
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), gconfdefaultsm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), gconfdefaultsm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, gconfd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/getty_selinux.8 b/man/man8/getty_selinux.8
new file mode 100644
-index 0000000..23e2581
+index 0000000..e5bae09
--- /dev/null
+++ b/man/man8/getty_selinux.8
-@@ -0,0 +1,222 @@
-+.TH "getty_selinux" "8" "getty" "dwalsh at redhat.com" "getty SELinux Policy documentation"
+@@ -0,0 +1,212 @@
++.TH "getty_selinux" "8" "12-10-19" "getty" "SELinux Policy documentation for getty"
+.SH "NAME"
+getty_selinux \- Security Enhanced Linux Policy for the getty processes
+.SH "DESCRIPTION"
@@ -28554,7 +28585,7 @@ index 0000000..23e2581
+
+The getty_t SELinux type can be entered via the "getty_exec_t" file type. The default entrypoint paths for the getty_t domain are the following:"
+
-+/usr/sbin/.*getty, /sbin/.*getty
++/sbin/.*getty, /usr/sbin/.*getty
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -28599,10 +28630,6 @@ index 0000000..23e2581
+
+- Set files with the getty_exec_t type, if you want to transition an executable to the getty_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/.*getty, /sbin/.*getty
+
+.EX
+.PP
@@ -28619,10 +28646,6 @@ index 0000000..23e2581
+
+- Set files with the getty_log_t type, if you want to treat the data as getty log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/mgetty\.log.*, /var/log/vgetty\.log\..*
+
+.EX
+.PP
@@ -28647,10 +28670,6 @@ index 0000000..23e2581
+
+- Set files with the getty_var_run_t type, if you want to store the getty files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/spool/voice(/.*)?, /var/spool/fax(/.*)?, /var/run/mgetty\.pid.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -28754,17 +28773,19 @@ index 0000000..23e2581
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), getty(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), getty(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/gfs_controld_selinux.8 b/man/man8/gfs_controld_selinux.8
new file mode 100644
-index 0000000..7e96a9f
+index 0000000..38603b8
--- /dev/null
+++ b/man/man8/gfs_controld_selinux.8
-@@ -0,0 +1,158 @@
-+.TH "gfs_controld_selinux" "8" "gfs_controld" "dwalsh at redhat.com" "gfs_controld SELinux Policy documentation"
+@@ -0,0 +1,160 @@
++.TH "gfs_controld_selinux" "8" "12-10-19" "gfs_controld" "SELinux Policy documentation for gfs_controld"
+.SH "NAME"
+gfs_controld_selinux \- Security Enhanced Linux Policy for the gfs_controld processes
+.SH "DESCRIPTION"
@@ -28918,10 +28939,12 @@ index 0000000..7e96a9f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), gfs_controld(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), gfs_controld(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/git_selinux.8 b/man/man8/git_selinux.8
deleted file mode 100644
index e9c43b1..0000000
@@ -29039,10 +29062,10 @@ index e9c43b1..0000000
-selinux(8), git(8), chcon(1), semodule(8), setsebool(8)
diff --git a/man/man8/git_shell_selinux.8 b/man/man8/git_shell_selinux.8
new file mode 100644
-index 0000000..f754f4a
+index 0000000..aef4afb
--- /dev/null
+++ b/man/man8/git_shell_selinux.8
-@@ -0,0 +1,131 @@
+@@ -0,0 +1,133 @@
+.TH "git_shell_selinux" "8" "git_shell" "mgrepl at redhat.com" "git_shell SELinux Policy documentation"
+.SH "NAME"
+git_shell_u \- \fBgit_shell user role\fP - Security Enhanced Linux Policy
@@ -29121,7 +29144,7 @@ index 0000000..f754f4a
+
+Execute the following to see the types that the SELinux user git_shell_t can execute without transitioning:
+
-+.B sesearch -A -s git_shell_t -c file -p execute_no_trans
++.B search -A -s git_shell_t -c file -p execute_no_trans
+
+.TP
+
@@ -29129,7 +29152,7 @@ index 0000000..f754f4a
+
+Execute the following to see the types that the SELinux user git_shell_t can execute and transition:
+
-+.B $ sesearch -A -s git_shell_t -c process -p transition
++.B $ search -A -s git_shell_t -c process -p transition
+
+
+.SH "MANAGED FILES"
@@ -29169,19 +29192,21 @@ index 0000000..f754f4a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), git_shell(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), git_shell(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, gitosis_selinux(8)
\ No newline at end of file
diff --git a/man/man8/gitosis_selinux.8 b/man/man8/gitosis_selinux.8
new file mode 100644
-index 0000000..06ffd25
+index 0000000..2a27670
--- /dev/null
+++ b/man/man8/gitosis_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "gitosis_selinux" "8" "gitosis" "dwalsh at redhat.com" "gitosis SELinux Policy documentation"
+@@ -0,0 +1,128 @@
++.TH "gitosis_selinux" "8" "12-10-19" "gitosis" "SELinux Policy documentation for gitosis"
+.SH "NAME"
+gitosis_selinux \- Security Enhanced Linux Policy for the gitosis processes
+.SH "DESCRIPTION"
@@ -29229,6 +29254,13 @@ index 0000000..06ffd25
+.B setsebool -P gitosis_can_sendmail 1
+.EE
+
++.PP
++If you want to allow gitisis daemon to send mail, you must turn on the gitosis_can_sendmail boolean.
++
++.EX
++.B setsebool -P gitosis_can_sendmail 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -29247,10 +29279,6 @@ index 0000000..06ffd25
+
+- Set files with the gitosis_exec_t type, if you want to transition an executable to the gitosis_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/gitosis-serve, /usr/bin/gl-auth-command
+
+.EX
+.PP
@@ -29259,10 +29287,6 @@ index 0000000..06ffd25
+
+- Set files with the gitosis_var_lib_t type, if you want to store the gitosis files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/gitosis(/.*)?, /var/lib/gitolite(3)?(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -29303,19 +29327,21 @@ index 0000000..06ffd25
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), gitosis(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), gitosis(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/glance_api_selinux.8 b/man/man8/glance_api_selinux.8
new file mode 100644
-index 0000000..44a9301
+index 0000000..35b23ec
--- /dev/null
+++ b/man/man8/glance_api_selinux.8
-@@ -0,0 +1,119 @@
-+.TH "glance_api_selinux" "8" "glance_api" "dwalsh at redhat.com" "glance_api SELinux Policy documentation"
+@@ -0,0 +1,121 @@
++.TH "glance_api_selinux" "8" "12-10-19" "glance_api" "SELinux Policy documentation for glance_api"
+.SH "NAME"
+glance_api_selinux \- Security Enhanced Linux Policy for the glance_api processes
+.SH "DESCRIPTION"
@@ -29429,19 +29455,21 @@ index 0000000..44a9301
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), glance_api(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), glance_api(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, glance_registry_selinux(8)
\ No newline at end of file
diff --git a/man/man8/glance_registry_selinux.8 b/man/man8/glance_registry_selinux.8
new file mode 100644
-index 0000000..6d1548f
+index 0000000..2a756ba
--- /dev/null
+++ b/man/man8/glance_registry_selinux.8
-@@ -0,0 +1,155 @@
-+.TH "glance_registry_selinux" "8" "glance_registry" "dwalsh at redhat.com" "glance_registry SELinux Policy documentation"
+@@ -0,0 +1,157 @@
++.TH "glance_registry_selinux" "8" "12-10-19" "glance_registry" "SELinux Policy documentation for glance_registry"
+.SH "NAME"
+glance_registry_selinux \- Security Enhanced Linux Policy for the glance_registry processes
+.SH "DESCRIPTION"
@@ -29591,19 +29619,21 @@ index 0000000..6d1548f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), glance_registry(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), glance_registry(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, glance_api_selinux(8)
\ No newline at end of file
diff --git a/man/man8/glusterd_selinux.8 b/man/man8/glusterd_selinux.8
new file mode 100644
-index 0000000..e3df9df
+index 0000000..bdf341e
--- /dev/null
+++ b/man/man8/glusterd_selinux.8
-@@ -0,0 +1,196 @@
-+.TH "glusterd_selinux" "8" "glusterd" "dwalsh at redhat.com" "glusterd SELinux Policy documentation"
+@@ -0,0 +1,182 @@
++.TH "glusterd_selinux" "8" "12-10-19" "glusterd" "SELinux Policy documentation for glusterd"
+.SH "NAME"
+glusterd_selinux \- Security Enhanced Linux Policy for the glusterd processes
+.SH "DESCRIPTION"
@@ -29658,10 +29688,6 @@ index 0000000..e3df9df
+
+- Set files with the glusterd_etc_t type, if you want to store glusterd files in the /etc directories.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/glusterfs(/.*)?, /etc/glusterd(/.*)?
+
+.EX
+.PP
@@ -29670,10 +29696,6 @@ index 0000000..e3df9df
+
+- Set files with the glusterd_exec_t type, if you want to transition an executable to the glusterd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/opt/glusterfs/[^/]+/sbin/glusterfsd, /usr/sbin/glusterfsd
+
+.EX
+.PP
@@ -29682,10 +29704,6 @@ index 0000000..e3df9df
+
+- Set files with the glusterd_initrc_exec_t type, if you want to transition an executable to the glusterd_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/glusterd, /etc/rc\.d/init\.d/glusterd
+
+.EX
+.PP
@@ -29718,10 +29736,6 @@ index 0000000..e3df9df
+
+- Set files with the glusterd_var_run_t type, if you want to store the glusterd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/glusterd\.pid, /var/run/glusterd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -29795,17 +29809,19 @@ index 0000000..e3df9df
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), glusterd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), glusterd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/gnomeclock_selinux.8 b/man/man8/gnomeclock_selinux.8
new file mode 100644
-index 0000000..34c1785
+index 0000000..5036a7d
--- /dev/null
+++ b/man/man8/gnomeclock_selinux.8
-@@ -0,0 +1,146 @@
-+.TH "gnomeclock_selinux" "8" "gnomeclock" "dwalsh at redhat.com" "gnomeclock SELinux Policy documentation"
+@@ -0,0 +1,144 @@
++.TH "gnomeclock_selinux" "8" "12-10-19" "gnomeclock" "SELinux Policy documentation for gnomeclock"
+.SH "NAME"
+gnomeclock_selinux \- Security Enhanced Linux Policy for the gnomeclock processes
+.SH "DESCRIPTION"
@@ -29823,7 +29839,7 @@ index 0000000..34c1785
+
+The gnomeclock_t SELinux type can be entered via the "gnomeclock_exec_t" file type. The default entrypoint paths for the gnomeclock_t domain are the following:"
+
-+/usr/libexec/gsd-datetime-mechanism, /usr/libexec/kde(3|4)/kcmdatetimehelper, /usr/libexec/gnome-clock-applet-mechanism
++/usr/libexec/kde(3|4)/kcmdatetimehelper, /usr/lib/systemd/systemd-timedated, /usr/libexec/gsd-datetime-mechanism, /usr/libexec/gnome-clock-applet-mechanism
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -29860,10 +29876,6 @@ index 0000000..34c1785
+
+- Set files with the gnomeclock_exec_t type, if you want to transition an executable to the gnomeclock_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/gsd-datetime-mechanism, /usr/libexec/kde(3|4)/kcmdatetimehelper, /usr/libexec/gnome-clock-applet-mechanism
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -29947,17 +29959,19 @@ index 0000000..34c1785
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), gnomeclock(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), gnomeclock(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/gnomesystemmm_selinux.8 b/man/man8/gnomesystemmm_selinux.8
new file mode 100644
-index 0000000..ca0b640
+index 0000000..4d49c0c
--- /dev/null
+++ b/man/man8/gnomesystemmm_selinux.8
-@@ -0,0 +1,98 @@
-+.TH "gnomesystemmm_selinux" "8" "gnomesystemmm" "dwalsh at redhat.com" "gnomesystemmm SELinux Policy documentation"
+@@ -0,0 +1,96 @@
++.TH "gnomesystemmm_selinux" "8" "12-10-19" "gnomesystemmm" "SELinux Policy documentation for gnomesystemmm"
+.SH "NAME"
+gnomesystemmm_selinux \- Security Enhanced Linux Policy for the gnomesystemmm processes
+.SH "DESCRIPTION"
@@ -30012,10 +30026,6 @@ index 0000000..ca0b640
+
+- Set files with the gnomesystemmm_exec_t type, if you want to transition an executable to the gnomesystemmm_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/kde(3|4)/ksysguardprocesslist_helper, /usr/libexec/gnome-system-monitor-mechanism
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -30051,17 +30061,19 @@ index 0000000..ca0b640
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), gnomesystemmm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), gnomesystemmm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/gpg_agent_selinux.8 b/man/man8/gpg_agent_selinux.8
new file mode 100644
-index 0000000..ecc47ea
+index 0000000..77b5b82
--- /dev/null
+++ b/man/man8/gpg_agent_selinux.8
-@@ -0,0 +1,133 @@
-+.TH "gpg_agent_selinux" "8" "gpg_agent" "dwalsh at redhat.com" "gpg_agent SELinux Policy documentation"
+@@ -0,0 +1,144 @@
++.TH "gpg_agent_selinux" "8" "12-10-19" "gpg_agent" "SELinux Policy documentation for gpg_agent"
+.SH "NAME"
+gpg_agent_selinux \- Security Enhanced Linux Policy for the gpg_agent processes
+.SH "DESCRIPTION"
@@ -30109,6 +30121,13 @@ index 0000000..ecc47ea
+.B setsebool -P gpg_agent_env_file 1
+.EE
+
++.PP
++If you want to allow usage of the gpg-agent --write-env-file option. This also allows gpg-agent to manage user files, you must turn on the gpg_agent_env_file boolean.
++
++.EX
++.B setsebool -P gpg_agent_env_file 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -30162,6 +30181,8 @@ index 0000000..ecc47ea
+
+ /root/\.gnupg(/.+)?
+.br
++ /etc/mail/spamassassin/sa-update-keys(/.*)?
++.br
+ /home/[^/]*/\.gnupg(/.+)?
+.br
+ /home/dwalsh/\.gnupg(/.+)?
@@ -30189,19 +30210,21 @@ index 0000000..ecc47ea
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), gpg_agent(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), gpg_agent(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), gpg_selinux(8), gpg_selinux(8), gpg_helper_selinux(8)
\ No newline at end of file
diff --git a/man/man8/gpg_helper_selinux.8 b/man/man8/gpg_helper_selinux.8
new file mode 100644
-index 0000000..4a56957
+index 0000000..3f817f1
--- /dev/null
+++ b/man/man8/gpg_helper_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "gpg_helper_selinux" "8" "gpg_helper" "dwalsh at redhat.com" "gpg_helper SELinux Policy documentation"
+@@ -0,0 +1,101 @@
++.TH "gpg_helper_selinux" "8" "12-10-19" "gpg_helper" "SELinux Policy documentation for gpg_helper"
+.SH "NAME"
+gpg_helper_selinux \- Security Enhanced Linux Policy for the gpg_helper processes
+.SH "DESCRIPTION"
@@ -30264,10 +30287,6 @@ index 0000000..4a56957
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type gpg_helper_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -30299,19 +30318,21 @@ index 0000000..4a56957
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), gpg_helper(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), gpg_helper(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, gpg_selinux(8), gpg_selinux(8), gpg_agent_selinux(8)
\ No newline at end of file
diff --git a/man/man8/gpg_selinux.8 b/man/man8/gpg_selinux.8
new file mode 100644
-index 0000000..da9ab8b
+index 0000000..a046ac9
--- /dev/null
+++ b/man/man8/gpg_selinux.8
-@@ -0,0 +1,340 @@
-+.TH "gpg_selinux" "8" "gpg" "dwalsh at redhat.com" "gpg SELinux Policy documentation"
+@@ -0,0 +1,361 @@
++.TH "gpg_selinux" "8" "12-10-19" "gpg" "SELinux Policy documentation for gpg"
+.SH "NAME"
+gpg_selinux \- Security Enhanced Linux Policy for the gpg processes
+.SH "DESCRIPTION"
@@ -30329,7 +30350,7 @@ index 0000000..da9ab8b
+
+The gpg_t SELinux type can be entered via the "gpg_exec_t" file type. The default entrypoint paths for the gpg_t domain are the following:"
+
-+/usr/bin/gpgsm, /usr/bin/gpg(2)?, /usr/bin/kgpg, /usr/lib/gnupg/.*
++/usr/bin/gpg(2)?, /usr/lib/gnupg/.*, /usr/bin/gpgsm
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -30353,6 +30374,13 @@ index 0000000..da9ab8b
+
+
+.PP
++If you want to allow httpd to run gpg, you must turn on the httpd_use_gpg boolean.
++
++.EX
++.B setsebool -P httpd_use_gpg 1
++.EE
++
++.PP
+If you want to allow usage of the gpg-agent --write-env-file option. This also allows gpg-agent to manage user files, you must turn on the gpg_agent_env_file boolean.
+
+.EX
@@ -30366,6 +30394,13 @@ index 0000000..da9ab8b
+.B setsebool -P httpd_use_gpg 1
+.EE
+
++.PP
++If you want to allow usage of the gpg-agent --write-env-file option. This also allows gpg-agent to manage user files, you must turn on the gpg_agent_env_file boolean.
++
++.EX
++.B setsebool -P gpg_agent_env_file 1
++.EE
++
+.SH SHARING FILES
+If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
+.TP
@@ -30392,6 +30427,13 @@ index 0000000..da9ab8b
+.B setsebool -P gpg_web_anon_write 1
+.EE
+
++.PP
++If you want to allow gpg web domain to modify public files used for public file transfer services., you must turn on the gpg_web_anon_write boolean.
++
++.EX
++.B setsebool -P gpg_web_anon_write 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -30426,10 +30468,6 @@ index 0000000..da9ab8b
+
+- Set files with the gpg_exec_t type, if you want to transition an executable to the gpg_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/gpgsm, /usr/bin/gpg(2)?, /usr/bin/kgpg, /usr/lib/gnupg/.*
+
+.EX
+.PP
@@ -30495,6 +30533,8 @@ index 0000000..da9ab8b
+
+ /root/\.gnupg(/.+)?
+.br
++ /etc/mail/spamassassin/sa-update-keys(/.*)?
++.br
+ /home/[^/]*/\.gnupg(/.+)?
+.br
+ /home/dwalsh/\.gnupg(/.+)?
@@ -30646,19 +30686,21 @@ index 0000000..da9ab8b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), gpg(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), gpg(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), gpg_agent_selinux(8), gpg_helper_selinux(8)
\ No newline at end of file
diff --git a/man/man8/gpm_selinux.8 b/man/man8/gpm_selinux.8
new file mode 100644
-index 0000000..e986c69
+index 0000000..120c674
--- /dev/null
+++ b/man/man8/gpm_selinux.8
-@@ -0,0 +1,132 @@
-+.TH "gpm_selinux" "8" "gpm" "dwalsh at redhat.com" "gpm SELinux Policy documentation"
+@@ -0,0 +1,130 @@
++.TH "gpm_selinux" "8" "12-10-19" "gpm" "SELinux Policy documentation for gpm"
+.SH "NAME"
+gpm_selinux \- Security Enhanced Linux Policy for the gpm processes
+.SH "DESCRIPTION"
@@ -30745,10 +30787,6 @@ index 0000000..e986c69
+
+- Set files with the gpmctl_t type, if you want to treat the files as gpmctl data.
+
-+.br
-+.TP 5
-+Paths:
-+/dev/gpmctl, /dev/gpmdata
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -30786,17 +30824,19 @@ index 0000000..e986c69
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), gpm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), gpm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/gpsd_selinux.8 b/man/man8/gpsd_selinux.8
new file mode 100644
-index 0000000..58ebccb
+index 0000000..2107a33
--- /dev/null
+++ b/man/man8/gpsd_selinux.8
-@@ -0,0 +1,176 @@
-+.TH "gpsd_selinux" "8" "gpsd" "dwalsh at redhat.com" "gpsd SELinux Policy documentation"
+@@ -0,0 +1,174 @@
++.TH "gpsd_selinux" "8" "12-10-19" "gpsd" "SELinux Policy documentation for gpsd"
+.SH "NAME"
+gpsd_selinux \- Security Enhanced Linux Policy for the gpsd processes
+.SH "DESCRIPTION"
@@ -30875,10 +30915,6 @@ index 0000000..58ebccb
+
+- Set files with the gpsd_var_run_t type, if you want to store the gpsd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/gpsd\.sock, /var/run/gpsd\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -30968,17 +31004,19 @@ index 0000000..58ebccb
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), gpsd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), gpsd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/greylist_milter_selinux.8 b/man/man8/greylist_milter_selinux.8
new file mode 100644
-index 0000000..002f3ac
+index 0000000..88b7fbe
--- /dev/null
+++ b/man/man8/greylist_milter_selinux.8
-@@ -0,0 +1,132 @@
-+.TH "greylist_milter_selinux" "8" "greylist_milter" "dwalsh at redhat.com" "greylist_milter SELinux Policy documentation"
+@@ -0,0 +1,126 @@
++.TH "greylist_milter_selinux" "8" "12-10-19" "greylist_milter" "SELinux Policy documentation for greylist_milter"
+.SH "NAME"
+greylist_milter_selinux \- Security Enhanced Linux Policy for the greylist_milter processes
+.SH "DESCRIPTION"
@@ -31033,10 +31071,6 @@ index 0000000..002f3ac
+
+- Set files with the greylist_milter_data_t type, if you want to treat the files as greylist milter content.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/sqlgrey\.pid, /var/run/milter-greylist\.pid, /var/run/milter-greylist(/.*)?, /var/lib/sqlgrey(/.*)?, /var/lib/milter-greylist(/.*)?
+
+.EX
+.PP
@@ -31045,10 +31079,6 @@ index 0000000..002f3ac
+
+- Set files with the greylist_milter_exec_t type, if you want to transition an executable to the greylist_milter_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/sqlgrey, /usr/sbin/milter-greylist
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -31106,17 +31136,19 @@ index 0000000..002f3ac
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), greylist_milter(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), greylist_milter(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/groupadd_selinux.8 b/man/man8/groupadd_selinux.8
new file mode 100644
-index 0000000..d5691cf
+index 0000000..e19e0e5
--- /dev/null
+++ b/man/man8/groupadd_selinux.8
-@@ -0,0 +1,178 @@
-+.TH "groupadd_selinux" "8" "groupadd" "dwalsh at redhat.com" "groupadd SELinux Policy documentation"
+@@ -0,0 +1,176 @@
++.TH "groupadd_selinux" "8" "12-10-19" "groupadd" "SELinux Policy documentation for groupadd"
+.SH "NAME"
+groupadd_selinux \- Security Enhanced Linux Policy for the groupadd processes
+.SH "DESCRIPTION"
@@ -31134,7 +31166,7 @@ index 0000000..d5691cf
+
+The groupadd_t SELinux type can be entered via the "groupadd_exec_t" file type. The default entrypoint paths for the groupadd_t domain are the following:"
+
-+/usr/sbin/gpasswd, /usr/bin/gpasswd, /usr/sbin/groupdel, /usr/sbin/groupadd, /usr/sbin/groupmod
++/usr/bin/gpasswd, /usr/sbin/gpasswd, /usr/sbin/groupadd, /usr/sbin/groupdel, /usr/sbin/groupmod
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -31171,10 +31203,6 @@ index 0000000..d5691cf
+
+- Set files with the groupadd_exec_t type, if you want to transition an executable to the groupadd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/gpasswd, /usr/bin/gpasswd, /usr/sbin/groupdel, /usr/sbin/groupadd, /usr/sbin/groupmod
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -31290,17 +31318,19 @@ index 0000000..d5691cf
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), groupadd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), groupadd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/groupd_selinux.8 b/man/man8/groupd_selinux.8
new file mode 100644
-index 0000000..cb7aca9
+index 0000000..ff65242
--- /dev/null
+++ b/man/man8/groupd_selinux.8
-@@ -0,0 +1,151 @@
-+.TH "groupd_selinux" "8" "groupd" "dwalsh at redhat.com" "groupd SELinux Policy documentation"
+@@ -0,0 +1,153 @@
++.TH "groupd_selinux" "8" "12-10-19" "groupd" "SELinux Policy documentation for groupd"
+.SH "NAME"
+groupd_selinux \- Security Enhanced Linux Policy for the groupd processes
+.SH "DESCRIPTION"
@@ -31446,19 +31476,21 @@ index 0000000..cb7aca9
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), groupd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), groupd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, groupadd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/gssd_selinux.8 b/man/man8/gssd_selinux.8
new file mode 100644
-index 0000000..fa509f9
+index 0000000..79e9165
--- /dev/null
+++ b/man/man8/gssd_selinux.8
-@@ -0,0 +1,197 @@
-+.TH "gssd_selinux" "8" "gssd" "dwalsh at redhat.com" "gssd SELinux Policy documentation"
+@@ -0,0 +1,204 @@
++.TH "gssd_selinux" "8" "12-10-19" "gssd" "SELinux Policy documentation for gssd"
+.SH "NAME"
+gssd_selinux \- Security Enhanced Linux Policy for the gssd processes
+.SH "DESCRIPTION"
@@ -31506,6 +31538,13 @@ index 0000000..fa509f9
+.B setsebool -P gssd_read_tmp 1
+.EE
+
++.PP
++If you want to allow gssd to read temp directory. For access to kerberos tgt, you must turn on the gssd_read_tmp boolean.
++
++.EX
++.B setsebool -P gssd_read_tmp 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -31524,10 +31563,6 @@ index 0000000..fa509f9
+
+- Set files with the gssd_exec_t type, if you want to transition an executable to the gssd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/rpc\.gssd, /usr/sbin/rpc\.svcgssd
+
+.EX
+.PP
@@ -31573,6 +31608,8 @@ index 0000000..fa509f9
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -31650,18 +31687,20 @@ index 0000000..fa509f9
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), gssd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), gssd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/guest_selinux.8 b/man/man8/guest_selinux.8
new file mode 100644
-index 0000000..28a3334
+index 0000000..8ebfc27
--- /dev/null
+++ b/man/man8/guest_selinux.8
-@@ -0,0 +1,218 @@
+@@ -0,0 +1,241 @@
+.TH "guest_selinux" "8" "guest" "mgrepl at redhat.com" "guest SELinux Policy documentation"
+.SH "NAME"
+guest_u \- \fBLeast privledge terminal user role\fP - Security Enhanced Linux Policy
@@ -31734,6 +31773,13 @@ index 0000000..28a3334
+
+
+.PP
++If you want to allow xguest users to mount removable media, you must turn on the xguest_mount_media boolean.
++
++.EX
++.B setsebool -P xguest_mount_media 1
++.EE
++
++.PP
+If you want to allow xguest users to configure Network Manager and connect to apache ports, you must turn on the xguest_connect_network boolean.
+
+.EX
@@ -31741,6 +31787,13 @@ index 0000000..28a3334
+.EE
+
+.PP
++If you want to allow xguest to use blue tooth devices, you must turn on the xguest_use_bluetooth boolean.
++
++.EX
++.B setsebool -P xguest_use_bluetooth 1
++.EE
++
++.PP
+If you want to allow xguest users to mount removable media, you must turn on the xguest_mount_media boolean.
+
+.EX
@@ -31748,6 +31801,13 @@ index 0000000..28a3334
+.EE
+
+.PP
++If you want to allow xguest users to configure Network Manager and connect to apache ports, you must turn on the xguest_connect_network boolean.
++
++.EX
++.B setsebool -P xguest_connect_network 1
++.EE
++
++.PP
+If you want to allow xguest to use blue tooth devices, you must turn on the xguest_use_bluetooth boolean.
+
+.EX
@@ -31770,7 +31830,7 @@ index 0000000..28a3334
+
+Execute the following to see the types that the SELinux user guest_t can execute without transitioning:
+
-+.B sesearch -A -s guest_t -c file -p execute_no_trans
++.B search -A -s guest_t -c file -p execute_no_trans
+
+.TP
+
@@ -31778,7 +31838,7 @@ index 0000000..28a3334
+
+Execute the following to see the types that the SELinux user guest_t can execute and transition:
+
-+.B $ sesearch -A -s guest_t -c process -p transition
++.B $ search -A -s guest_t -c process -p transition
+
+
+.SH "MANAGED FILES"
@@ -31875,19 +31935,21 @@ index 0000000..28a3334
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), guest(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), guest(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/hddtemp_selinux.8 b/man/man8/hddtemp_selinux.8
new file mode 100644
-index 0000000..40326e3
+index 0000000..617332c
--- /dev/null
+++ b/man/man8/hddtemp_selinux.8
-@@ -0,0 +1,130 @@
-+.TH "hddtemp_selinux" "8" "hddtemp" "dwalsh at redhat.com" "hddtemp SELinux Policy documentation"
+@@ -0,0 +1,128 @@
++.TH "hddtemp_selinux" "8" "12-10-19" "hddtemp" "SELinux Policy documentation for hddtemp"
+.SH "NAME"
+hddtemp_selinux \- Security Enhanced Linux Policy for the hddtemp processes
+.SH "DESCRIPTION"
@@ -31989,10 +32051,6 @@ index 0000000..40326e3
+Default Defined Ports:
+tcp 7634
+.EE
-+.SH "MANAGED FILES"
-+
-+The SELinux process type hddtemp_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -32013,17 +32071,19 @@ index 0000000..40326e3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), hddtemp(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), hddtemp(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/hostname_selinux.8 b/man/man8/hostname_selinux.8
new file mode 100644
-index 0000000..9cc1a2f
+index 0000000..0425f3d
--- /dev/null
+++ b/man/man8/hostname_selinux.8
-@@ -0,0 +1,92 @@
-+.TH "hostname_selinux" "8" "hostname" "dwalsh at redhat.com" "hostname SELinux Policy documentation"
+@@ -0,0 +1,86 @@
++.TH "hostname_selinux" "8" "12-10-19" "hostname" "SELinux Policy documentation for hostname"
+.SH "NAME"
+hostname_selinux \- Security Enhanced Linux Policy for the hostname processes
+.SH "DESCRIPTION"
@@ -32078,10 +32138,6 @@ index 0000000..9cc1a2f
+
+- Set files with the hostname_exec_t type, if you want to transition an executable to the hostname_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/bin/hostname, /usr/bin/hostname
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -32090,10 +32146,6 @@ index 0000000..9cc1a2f
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type hostname_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -32111,17 +32163,19 @@ index 0000000..9cc1a2f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), hostname(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), hostname(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/hplip_selinux.8 b/man/man8/hplip_selinux.8
new file mode 100644
-index 0000000..ab19f6e
+index 0000000..2edc192
--- /dev/null
+++ b/man/man8/hplip_selinux.8
-@@ -0,0 +1,190 @@
-+.TH "hplip_selinux" "8" "hplip" "dwalsh at redhat.com" "hplip SELinux Policy documentation"
+@@ -0,0 +1,198 @@
++.TH "hplip_selinux" "8" "12-10-19" "hplip" "SELinux Policy documentation for hplip"
+.SH "NAME"
+hplip_selinux \- Security Enhanced Linux Policy for the hplip processes
+.SH "DESCRIPTION"
@@ -32139,7 +32193,7 @@ index 0000000..ab19f6e
+
+The hplip_t SELinux type can be entered via the "hplip_exec_t" file type. The default entrypoint paths for the hplip_t domain are the following:"
+
-+/usr/bin/hpijs, /usr/share/hplip/.*\.py, /usr/sbin/hp-[^/]+, /usr/lib/cups/backend/hp.*, /usr/sbin/hpiod
++/usr/sbin/hp-[^/]+, /usr/share/hplip/.*\.py, /usr/lib/cups/backend/hp.*, /usr/bin/hpijs, /usr/sbin/hpiod
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -32184,10 +32238,6 @@ index 0000000..ab19f6e
+
+- Set files with the hplip_exec_t type, if you want to transition an executable to the hplip_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/hpijs, /usr/share/hplip/.*\.py, /usr/sbin/hp-[^/]+, /usr/lib/cups/backend/hp.*, /usr/sbin/hpiod
+
+.EX
+.PP
@@ -32207,15 +32257,19 @@ index 0000000..ab19f6e
+
+.EX
+.PP
++.B hplip_var_log_t
++.EE
++
++- Set files with the hplip_var_log_t type, if you want to treat the data as hplip var log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
+.B hplip_var_run_t
+.EE
+
+- Set files with the hplip_var_run_t type, if you want to store the hplip files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/hp.*\.pid, /var/run/hp.*\.port
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -32266,6 +32320,12 @@ index 0000000..ab19f6e
+.br
+
+.br
++.B hplip_var_log_t
++
++ /var/log/hp(/.*)?
++.br
++
++.br
+.B hplip_var_run_t
+
+ /var/run/hp.*\.pid
@@ -32307,17 +32367,19 @@ index 0000000..ab19f6e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), hplip(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), hplip(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/httpd_apcupsd_cgi_script_selinux.8 b/man/man8/httpd_apcupsd_cgi_script_selinux.8
new file mode 100644
-index 0000000..576c4ca
+index 0000000..897dd76
--- /dev/null
+++ b/man/man8/httpd_apcupsd_cgi_script_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "httpd_apcupsd_cgi_script_selinux" "8" "httpd_apcupsd_cgi_script" "dwalsh at redhat.com" "httpd_apcupsd_cgi_script SELinux Policy documentation"
+@@ -0,0 +1,95 @@
++.TH "httpd_apcupsd_cgi_script_selinux" "8" "12-10-19" "httpd_apcupsd_cgi_script" "SELinux Policy documentation for httpd_apcupsd_cgi_script"
+.SH "NAME"
+httpd_apcupsd_cgi_script_selinux \- Security Enhanced Linux Policy for the httpd_apcupsd_cgi_script processes
+.SH "DESCRIPTION"
@@ -32335,7 +32397,7 @@ index 0000000..576c4ca
+
+The httpd_apcupsd_cgi_script_t SELinux type can be entered via the "httpd_apcupsd_cgi_script_exec_t,shell_exec_t,httpd_apcupsd_cgi_script_exec_t" file types. The default entrypoint paths for the httpd_apcupsd_cgi_script_t domain are the following:"
+
-+/var/www/apcupsd/upsfstats\.cgi, /var/www/apcupsd/multimon\.cgi, /var/www/apcupsd/upsstats\.cgi, /var/www/apcupsd/upsimage\.cgi, /var/www/cgi-bin/apcgui(/.*)?, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /var/www/apcupsd/upsfstats\.cgi, /var/www/apcupsd/multimon\.cgi, /var/www/apcupsd/upsstats\.cgi, /var/www/apcupsd/upsimage\.cgi, /var/www/cgi-bin/apcgui(/.*)?
++/var/www/cgi-bin/apcgui(/.*)?, /var/www/apcupsd/multimon\.cgi, /var/www/apcupsd/upsimage\.cgi, /var/www/apcupsd/upsstats\.cgi, /var/www/apcupsd/upsfstats\.cgi, /bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /var/www/cgi-bin/apcgui(/.*)?, /var/www/apcupsd/multimon\.cgi, /var/www/apcupsd/upsimage\.cgi, /var/www/apcupsd/upsstats\.cgi, /var/www/apcupsd/upsfstats\.cgi
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -32372,10 +32434,6 @@ index 0000000..576c4ca
+
+- Set files with the httpd_apcupsd_cgi_script_exec_t type, if you want to transition an executable to the httpd_apcupsd_cgi_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/www/apcupsd/upsfstats\.cgi, /var/www/apcupsd/multimon\.cgi, /var/www/apcupsd/upsstats\.cgi, /var/www/apcupsd/upsimage\.cgi, /var/www/cgi-bin/apcgui(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -32409,19 +32467,21 @@ index 0000000..576c4ca
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_apcupsd_cgi_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_apcupsd_cgi_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_awstats_script_selinux.8 b/man/man8/httpd_awstats_script_selinux.8
new file mode 100644
-index 0000000..3b05ed5
+index 0000000..7037134
--- /dev/null
+++ b/man/man8/httpd_awstats_script_selinux.8
-@@ -0,0 +1,93 @@
-+.TH "httpd_awstats_script_selinux" "8" "httpd_awstats_script" "dwalsh at redhat.com" "httpd_awstats_script SELinux Policy documentation"
+@@ -0,0 +1,95 @@
++.TH "httpd_awstats_script_selinux" "8" "12-10-19" "httpd_awstats_script" "SELinux Policy documentation for httpd_awstats_script"
+.SH "NAME"
+httpd_awstats_script_selinux \- Security Enhanced Linux Policy for the httpd_awstats_script processes
+.SH "DESCRIPTION"
@@ -32439,7 +32499,7 @@ index 0000000..3b05ed5
+
+The httpd_awstats_script_t SELinux type can be entered via the "httpd_awstats_script_exec_t,shell_exec_t,httpd_awstats_script_exec_t" file types. The default entrypoint paths for the httpd_awstats_script_t domain are the following:"
+
-+/usr/share/awstats/wwwroot/cgi-bin(/.*)?, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /usr/share/awstats/wwwroot/cgi-bin(/.*)?
++/usr/share/awstats/wwwroot/cgi-bin(/.*)?, /bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /usr/share/awstats/wwwroot/cgi-bin(/.*)?
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -32509,19 +32569,21 @@ index 0000000..3b05ed5
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_awstats_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_awstats_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_bugzilla_script_selinux.8 b/man/man8/httpd_bugzilla_script_selinux.8
new file mode 100644
-index 0000000..cc12994
+index 0000000..2540605
--- /dev/null
+++ b/man/man8/httpd_bugzilla_script_selinux.8
-@@ -0,0 +1,99 @@
-+.TH "httpd_bugzilla_script_selinux" "8" "httpd_bugzilla_script" "dwalsh at redhat.com" "httpd_bugzilla_script SELinux Policy documentation"
+@@ -0,0 +1,101 @@
++.TH "httpd_bugzilla_script_selinux" "8" "12-10-19" "httpd_bugzilla_script" "SELinux Policy documentation for httpd_bugzilla_script"
+.SH "NAME"
+httpd_bugzilla_script_selinux \- Security Enhanced Linux Policy for the httpd_bugzilla_script processes
+.SH "DESCRIPTION"
@@ -32537,9 +32599,9 @@ index 0000000..cc12994
+
+.SH "ENTRYPOINTS"
+
-+The httpd_bugzilla_script_t SELinux type can be entered via the "httpd_bugzilla_script_exec_t,shell_exec_t,httpd_bugzilla_script_exec_t" file types. The default entrypoint paths for the httpd_bugzilla_script_t domain are the following:"
++The httpd_bugzilla_script_t SELinux type can be entered via the "shell_exec_t,httpd_bugzilla_script_exec_t,httpd_bugzilla_script_exec_t" file types. The default entrypoint paths for the httpd_bugzilla_script_t domain are the following:"
+
-+/usr/share/bugzilla(/.*)?, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /usr/share/bugzilla(/.*)?
++/bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /usr/share/bugzilla(/.*)?, /usr/share/bugzilla(/.*)?
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -32615,19 +32677,21 @@ index 0000000..cc12994
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_bugzilla_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_bugzilla_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_cobbler_script_selinux.8 b/man/man8/httpd_cobbler_script_selinux.8
new file mode 100644
-index 0000000..f88d993
+index 0000000..4cb7a6a
--- /dev/null
+++ b/man/man8/httpd_cobbler_script_selinux.8
-@@ -0,0 +1,93 @@
-+.TH "httpd_cobbler_script_selinux" "8" "httpd_cobbler_script" "dwalsh at redhat.com" "httpd_cobbler_script SELinux Policy documentation"
+@@ -0,0 +1,95 @@
++.TH "httpd_cobbler_script_selinux" "8" "12-10-19" "httpd_cobbler_script" "SELinux Policy documentation for httpd_cobbler_script"
+.SH "NAME"
+httpd_cobbler_script_selinux \- Security Enhanced Linux Policy for the httpd_cobbler_script processes
+.SH "DESCRIPTION"
@@ -32643,9 +32707,9 @@ index 0000000..f88d993
+
+.SH "ENTRYPOINTS"
+
-+The httpd_cobbler_script_t SELinux type can be entered via the "shell_exec_t,httpd_cobbler_script_exec_t,httpd_cobbler_script_exec_t" file types. The default entrypoint paths for the httpd_cobbler_script_t domain are the following:"
++The httpd_cobbler_script_t SELinux type can be entered via the "httpd_cobbler_script_exec_t,shell_exec_t,httpd_cobbler_script_exec_t" file types. The default entrypoint paths for the httpd_cobbler_script_t domain are the following:"
+
-+/usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh
++/bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -32715,19 +32779,21 @@ index 0000000..f88d993
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_cobbler_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_cobbler_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_collectd_script_selinux.8 b/man/man8/httpd_collectd_script_selinux.8
new file mode 100644
-index 0000000..ca8215f
+index 0000000..e685eed
--- /dev/null
+++ b/man/man8/httpd_collectd_script_selinux.8
-@@ -0,0 +1,93 @@
-+.TH "httpd_collectd_script_selinux" "8" "httpd_collectd_script" "dwalsh at redhat.com" "httpd_collectd_script SELinux Policy documentation"
+@@ -0,0 +1,95 @@
++.TH "httpd_collectd_script_selinux" "8" "12-10-19" "httpd_collectd_script" "SELinux Policy documentation for httpd_collectd_script"
+.SH "NAME"
+httpd_collectd_script_selinux \- Security Enhanced Linux Policy for the httpd_collectd_script processes
+.SH "DESCRIPTION"
@@ -32743,9 +32809,9 @@ index 0000000..ca8215f
+
+.SH "ENTRYPOINTS"
+
-+The httpd_collectd_script_t SELinux type can be entered via the "httpd_collectd_script_exec_t,shell_exec_t,httpd_collectd_script_exec_t" file types. The default entrypoint paths for the httpd_collectd_script_t domain are the following:"
++The httpd_collectd_script_t SELinux type can be entered via the "shell_exec_t,httpd_collectd_script_exec_t,httpd_collectd_script_exec_t" file types. The default entrypoint paths for the httpd_collectd_script_t domain are the following:"
+
-+/usr/share/collectd/collection3/bin/.*\.cgi, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /usr/share/collectd/collection3/bin/.*\.cgi
++/bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /usr/share/collectd/collection3/bin/.*\.cgi, /usr/share/collectd/collection3/bin/.*\.cgi
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -32815,19 +32881,21 @@ index 0000000..ca8215f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_collectd_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_collectd_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_cvs_script_selinux.8 b/man/man8/httpd_cvs_script_selinux.8
new file mode 100644
-index 0000000..4495535
+index 0000000..10e60cd
--- /dev/null
+++ b/man/man8/httpd_cvs_script_selinux.8
-@@ -0,0 +1,101 @@
-+.TH "httpd_cvs_script_selinux" "8" "httpd_cvs_script" "dwalsh at redhat.com" "httpd_cvs_script SELinux Policy documentation"
+@@ -0,0 +1,99 @@
++.TH "httpd_cvs_script_selinux" "8" "12-10-19" "httpd_cvs_script" "SELinux Policy documentation for httpd_cvs_script"
+.SH "NAME"
+httpd_cvs_script_selinux \- Security Enhanced Linux Policy for the httpd_cvs_script processes
+.SH "DESCRIPTION"
@@ -32843,9 +32911,9 @@ index 0000000..4495535
+
+.SH "ENTRYPOINTS"
+
-+The httpd_cvs_script_t SELinux type can be entered via the "shell_exec_t,httpd_cvs_script_exec_t,httpd_cvs_script_exec_t" file types. The default entrypoint paths for the httpd_cvs_script_t domain are the following:"
++The httpd_cvs_script_t SELinux type can be entered via the "httpd_cvs_script_exec_t,shell_exec_t,httpd_cvs_script_exec_t" file types. The default entrypoint paths for the httpd_cvs_script_t domain are the following:"
+
-+/usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /usr/share/cvsweb/cvsweb\.cgi, /var/www/cgi-bin/cvsweb\.cgi, /usr/share/cvsweb/cvsweb\.cgi, /var/www/cgi-bin/cvsweb\.cgi
++/var/www/cgi-bin/cvsweb\.cgi, /usr/share/cvsweb/cvsweb\.cgi, /bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /var/www/cgi-bin/cvsweb\.cgi, /usr/share/cvsweb/cvsweb\.cgi
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -32882,10 +32950,6 @@ index 0000000..4495535
+
+- Set files with the httpd_cvs_script_exec_t type, if you want to transition an executable to the httpd_cvs_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/cvsweb/cvsweb\.cgi, /var/www/cgi-bin/cvsweb\.cgi
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -32923,19 +32987,21 @@ index 0000000..4495535
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_cvs_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_cvs_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_dirsrvadmin_script_selinux.8 b/man/man8/httpd_dirsrvadmin_script_selinux.8
new file mode 100644
-index 0000000..dfdc0b6
+index 0000000..20212cc
--- /dev/null
+++ b/man/man8/httpd_dirsrvadmin_script_selinux.8
-@@ -0,0 +1,139 @@
-+.TH "httpd_dirsrvadmin_script_selinux" "8" "httpd_dirsrvadmin_script" "dwalsh at redhat.com" "httpd_dirsrvadmin_script SELinux Policy documentation"
+@@ -0,0 +1,137 @@
++.TH "httpd_dirsrvadmin_script_selinux" "8" "12-10-19" "httpd_dirsrvadmin_script" "SELinux Policy documentation for httpd_dirsrvadmin_script"
+.SH "NAME"
+httpd_dirsrvadmin_script_selinux \- Security Enhanced Linux Policy for the httpd_dirsrvadmin_script processes
+.SH "DESCRIPTION"
@@ -32953,7 +33019,7 @@ index 0000000..dfdc0b6
+
+The httpd_dirsrvadmin_script_t SELinux type can be entered via the "httpd_dirsrvadmin_script_exec_t,shell_exec_t,httpd_dirsrvadmin_script_exec_t" file types. The default entrypoint paths for the httpd_dirsrvadmin_script_t domain are the following:"
+
-+/usr/lib/dirsrv/dsgw-cgi-bin(/.*)?, /usr/lib/dirsrv/cgi-bin(/.*)?, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /usr/lib/dirsrv/dsgw-cgi-bin(/.*)?, /usr/lib/dirsrv/cgi-bin(/.*)?
++/usr/lib/dirsrv/cgi-bin(/.*)?, /usr/lib/dirsrv/dsgw-cgi-bin(/.*)?, /bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /usr/lib/dirsrv/cgi-bin(/.*)?, /usr/lib/dirsrv/dsgw-cgi-bin(/.*)?
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -32990,10 +33056,6 @@ index 0000000..dfdc0b6
+
+- Set files with the httpd_dirsrvadmin_script_exec_t type, if you want to transition an executable to the httpd_dirsrvadmin_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/dirsrv/dsgw-cgi-bin(/.*)?, /usr/lib/dirsrv/cgi-bin(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -33069,19 +33131,21 @@ index 0000000..dfdc0b6
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_dirsrvadmin_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_dirsrvadmin_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_dspam_script_selinux.8 b/man/man8/httpd_dspam_script_selinux.8
new file mode 100644
-index 0000000..4f67e77
+index 0000000..5262ee3
--- /dev/null
+++ b/man/man8/httpd_dspam_script_selinux.8
-@@ -0,0 +1,93 @@
-+.TH "httpd_dspam_script_selinux" "8" "httpd_dspam_script" "dwalsh at redhat.com" "httpd_dspam_script SELinux Policy documentation"
+@@ -0,0 +1,95 @@
++.TH "httpd_dspam_script_selinux" "8" "12-10-19" "httpd_dspam_script" "SELinux Policy documentation for httpd_dspam_script"
+.SH "NAME"
+httpd_dspam_script_selinux \- Security Enhanced Linux Policy for the httpd_dspam_script processes
+.SH "DESCRIPTION"
@@ -33097,9 +33161,9 @@ index 0000000..4f67e77
+
+.SH "ENTRYPOINTS"
+
-+The httpd_dspam_script_t SELinux type can be entered via the "shell_exec_t,httpd_dspam_script_exec_t,httpd_dspam_script_exec_t" file types. The default entrypoint paths for the httpd_dspam_script_t domain are the following:"
++The httpd_dspam_script_t SELinux type can be entered via the "httpd_dspam_script_exec_t,shell_exec_t,httpd_dspam_script_exec_t" file types. The default entrypoint paths for the httpd_dspam_script_t domain are the following:"
+
-+/usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /usr/share/dspam-web/dspam\.cgi, /usr/share/dspam-web/dspam\.cgi
++/usr/share/dspam-web/dspam\.cgi, /bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /usr/share/dspam-web/dspam\.cgi
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -33169,19 +33233,21 @@ index 0000000..4f67e77
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_dspam_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_dspam_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_git_script_selinux.8 b/man/man8/httpd_git_script_selinux.8
new file mode 100644
-index 0000000..cb442ce
+index 0000000..9a82e12
--- /dev/null
+++ b/man/man8/httpd_git_script_selinux.8
-@@ -0,0 +1,115 @@
-+.TH "httpd_git_script_selinux" "8" "httpd_git_script" "dwalsh at redhat.com" "httpd_git_script SELinux Policy documentation"
+@@ -0,0 +1,113 @@
++.TH "httpd_git_script_selinux" "8" "12-10-19" "httpd_git_script" "SELinux Policy documentation for httpd_git_script"
+.SH "NAME"
+httpd_git_script_selinux \- Security Enhanced Linux Policy for the httpd_git_script processes
+.SH "DESCRIPTION"
@@ -33197,9 +33263,9 @@ index 0000000..cb442ce
+
+.SH "ENTRYPOINTS"
+
-+The httpd_git_script_t SELinux type can be entered via the "httpd_git_script_exec_t,shell_exec_t,httpd_git_script_exec_t" file types. The default entrypoint paths for the httpd_git_script_t domain are the following:"
++The httpd_git_script_t SELinux type can be entered via the "shell_exec_t,httpd_git_script_exec_t,httpd_git_script_exec_t" file types. The default entrypoint paths for the httpd_git_script_t domain are the following:"
+
-+/var/www/git/gitweb\.cgi, /var/www/cgi-bin/cgit, /var/www/gitweb-caching/gitweb\.cgi, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /var/www/git/gitweb\.cgi, /var/www/cgi-bin/cgit, /var/www/gitweb-caching/gitweb\.cgi
++/bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /var/www/cgi-bin/cgit, /var/www/git/gitweb\.cgi, /var/www/gitweb-caching/gitweb\.cgi, /var/www/cgi-bin/cgit, /var/www/git/gitweb\.cgi, /var/www/gitweb-caching/gitweb\.cgi
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -33236,10 +33302,6 @@ index 0000000..cb442ce
+
+- Set files with the httpd_git_script_exec_t type, if you want to transition an executable to the httpd_git_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/www/git/gitweb\.cgi, /var/www/cgi-bin/cgit, /var/www/gitweb-caching/gitweb\.cgi
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -33291,19 +33353,21 @@ index 0000000..cb442ce
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_git_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_git_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_helper_selinux.8 b/man/man8/httpd_helper_selinux.8
new file mode 100644
-index 0000000..00848ff
+index 0000000..787a84b
--- /dev/null
+++ b/man/man8/httpd_helper_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "httpd_helper_selinux" "8" "httpd_helper" "dwalsh at redhat.com" "httpd_helper SELinux Policy documentation"
+@@ -0,0 +1,87 @@
++.TH "httpd_helper_selinux" "8" "12-10-19" "httpd_helper" "SELinux Policy documentation for httpd_helper"
+.SH "NAME"
+httpd_helper_selinux \- Security Enhanced Linux Policy for the httpd_helper processes
+.SH "DESCRIPTION"
@@ -33366,10 +33430,6 @@ index 0000000..00848ff
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type httpd_helper_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -33387,19 +33447,21 @@ index 0000000..00848ff
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_helper(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_helper(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_man2html_script_selinux.8 b/man/man8/httpd_man2html_script_selinux.8
new file mode 100644
-index 0000000..e828173
+index 0000000..bf6f738
--- /dev/null
+++ b/man/man8/httpd_man2html_script_selinux.8
-@@ -0,0 +1,111 @@
-+.TH "httpd_man2html_script_selinux" "8" "httpd_man2html_script" "dwalsh at redhat.com" "httpd_man2html_script SELinux Policy documentation"
+@@ -0,0 +1,109 @@
++.TH "httpd_man2html_script_selinux" "8" "12-10-19" "httpd_man2html_script" "SELinux Policy documentation for httpd_man2html_script"
+.SH "NAME"
+httpd_man2html_script_selinux \- Security Enhanced Linux Policy for the httpd_man2html_script processes
+.SH "DESCRIPTION"
@@ -33415,9 +33477,9 @@ index 0000000..e828173
+
+.SH "ENTRYPOINTS"
+
-+The httpd_man2html_script_t SELinux type can be entered via the "httpd_man2html_script_exec_t,shell_exec_t,httpd_man2html_script_exec_t" file types. The default entrypoint paths for the httpd_man2html_script_t domain are the following:"
++The httpd_man2html_script_t SELinux type can be entered via the "shell_exec_t,httpd_man2html_script_exec_t,httpd_man2html_script_exec_t" file types. The default entrypoint paths for the httpd_man2html_script_t domain are the following:"
+
-+/usr/lib/man2html/cgi-bin/man/manwhatis, /usr/lib/man2html/cgi-bin/man/man2html, /usr/lib/man2html/cgi-bin/man/mansec, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /usr/lib/man2html/cgi-bin/man/manwhatis, /usr/lib/man2html/cgi-bin/man/man2html, /usr/lib/man2html/cgi-bin/man/mansec
++/bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /usr/lib/man2html/cgi-bin/man/mansec, /usr/lib/man2html/cgi-bin/man/man2html, /usr/lib/man2html/cgi-bin/man/manwhatis, /usr/lib/man2html/cgi-bin/man/mansec, /usr/lib/man2html/cgi-bin/man/man2html, /usr/lib/man2html/cgi-bin/man/manwhatis
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -33462,10 +33524,6 @@ index 0000000..e828173
+
+- Set files with the httpd_man2html_script_exec_t type, if you want to transition an executable to the httpd_man2html_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/man2html/cgi-bin/man/manwhatis, /usr/lib/man2html/cgi-bin/man/man2html, /usr/lib/man2html/cgi-bin/man/mansec
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -33505,19 +33563,21 @@ index 0000000..e828173
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_man2html_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_man2html_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_mediawiki_script_selinux.8 b/man/man8/httpd_mediawiki_script_selinux.8
new file mode 100644
-index 0000000..5c9ccca
+index 0000000..9b6bb30
--- /dev/null
+++ b/man/man8/httpd_mediawiki_script_selinux.8
-@@ -0,0 +1,99 @@
-+.TH "httpd_mediawiki_script_selinux" "8" "httpd_mediawiki_script" "dwalsh at redhat.com" "httpd_mediawiki_script SELinux Policy documentation"
+@@ -0,0 +1,97 @@
++.TH "httpd_mediawiki_script_selinux" "8" "12-10-19" "httpd_mediawiki_script" "SELinux Policy documentation for httpd_mediawiki_script"
+.SH "NAME"
+httpd_mediawiki_script_selinux \- Security Enhanced Linux Policy for the httpd_mediawiki_script processes
+.SH "DESCRIPTION"
@@ -33535,7 +33595,7 @@ index 0000000..5c9ccca
+
+The httpd_mediawiki_script_t SELinux type can be entered via the "httpd_mediawiki_script_exec_t,shell_exec_t,httpd_mediawiki_script_exec_t" file types. The default entrypoint paths for the httpd_mediawiki_script_t domain are the following:"
+
-+/usr/lib/mediawiki/math/texvc, /usr/lib/mediawiki/math/texvc_tex, /usr/lib/mediawiki/math/texvc_tes, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /usr/lib/mediawiki/math/texvc, /usr/lib/mediawiki/math/texvc_tex, /usr/lib/mediawiki/math/texvc_tes
++/usr/lib/mediawiki/math/texvc, /usr/lib/mediawiki/math/texvc_tex, /usr/lib/mediawiki/math/texvc_tes, /bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /usr/lib/mediawiki/math/texvc, /usr/lib/mediawiki/math/texvc_tex, /usr/lib/mediawiki/math/texvc_tes
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -33572,10 +33632,6 @@ index 0000000..5c9ccca
+
+- Set files with the httpd_mediawiki_script_exec_t type, if you want to transition an executable to the httpd_mediawiki_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/mediawiki/math/texvc, /usr/lib/mediawiki/math/texvc_tex, /usr/lib/mediawiki/math/texvc_tes
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -33611,19 +33667,21 @@ index 0000000..5c9ccca
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_mediawiki_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_mediawiki_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_mojomojo_script_selinux.8 b/man/man8/httpd_mojomojo_script_selinux.8
new file mode 100644
-index 0000000..fc9bc9f
+index 0000000..0e3ce46
--- /dev/null
+++ b/man/man8/httpd_mojomojo_script_selinux.8
-@@ -0,0 +1,99 @@
-+.TH "httpd_mojomojo_script_selinux" "8" "httpd_mojomojo_script" "dwalsh at redhat.com" "httpd_mojomojo_script SELinux Policy documentation"
+@@ -0,0 +1,101 @@
++.TH "httpd_mojomojo_script_selinux" "8" "12-10-19" "httpd_mojomojo_script" "SELinux Policy documentation for httpd_mojomojo_script"
+.SH "NAME"
+httpd_mojomojo_script_selinux \- Security Enhanced Linux Policy for the httpd_mojomojo_script processes
+.SH "DESCRIPTION"
@@ -33641,7 +33699,7 @@ index 0000000..fc9bc9f
+
+The httpd_mojomojo_script_t SELinux type can be entered via the "httpd_mojomojo_script_exec_t,shell_exec_t,httpd_mojomojo_script_exec_t" file types. The default entrypoint paths for the httpd_mojomojo_script_t domain are the following:"
+
-+/usr/bin/mojomojo_fastcgi\.pl, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /usr/bin/mojomojo_fastcgi\.pl
++/usr/bin/mojomojo_fastcgi\.pl, /bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /usr/bin/mojomojo_fastcgi\.pl
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -33717,19 +33775,21 @@ index 0000000..fc9bc9f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_mojomojo_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_mojomojo_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_munin_script_selinux.8 b/man/man8/httpd_munin_script_selinux.8
new file mode 100644
-index 0000000..eb8ed1b
+index 0000000..31971ac
--- /dev/null
+++ b/man/man8/httpd_munin_script_selinux.8
-@@ -0,0 +1,93 @@
-+.TH "httpd_munin_script_selinux" "8" "httpd_munin_script" "dwalsh at redhat.com" "httpd_munin_script SELinux Policy documentation"
+@@ -0,0 +1,95 @@
++.TH "httpd_munin_script_selinux" "8" "12-10-19" "httpd_munin_script" "SELinux Policy documentation for httpd_munin_script"
+.SH "NAME"
+httpd_munin_script_selinux \- Security Enhanced Linux Policy for the httpd_munin_script processes
+.SH "DESCRIPTION"
@@ -33745,9 +33805,9 @@ index 0000000..eb8ed1b
+
+.SH "ENTRYPOINTS"
+
-+The httpd_munin_script_t SELinux type can be entered via the "httpd_munin_script_exec_t,shell_exec_t,httpd_munin_script_exec_t" file types. The default entrypoint paths for the httpd_munin_script_t domain are the following:"
++The httpd_munin_script_t SELinux type can be entered via the "shell_exec_t,httpd_munin_script_exec_t,httpd_munin_script_exec_t" file types. The default entrypoint paths for the httpd_munin_script_t domain are the following:"
+
-+/var/www/html/munin/cgi(/.*)?, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /var/www/html/munin/cgi(/.*)?
++/bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /var/www/html/munin/cgi(/.*)?, /var/www/html/munin/cgi(/.*)?
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -33817,19 +33877,21 @@ index 0000000..eb8ed1b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_munin_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_munin_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_nagios_script_selinux.8 b/man/man8/httpd_nagios_script_selinux.8
new file mode 100644
-index 0000000..ff03c0d
+index 0000000..9a5fa56
--- /dev/null
+++ b/man/man8/httpd_nagios_script_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "httpd_nagios_script_selinux" "8" "httpd_nagios_script" "dwalsh at redhat.com" "httpd_nagios_script SELinux Policy documentation"
+@@ -0,0 +1,95 @@
++.TH "httpd_nagios_script_selinux" "8" "12-10-19" "httpd_nagios_script" "SELinux Policy documentation for httpd_nagios_script"
+.SH "NAME"
+httpd_nagios_script_selinux \- Security Enhanced Linux Policy for the httpd_nagios_script processes
+.SH "DESCRIPTION"
@@ -33845,9 +33907,9 @@ index 0000000..ff03c0d
+
+.SH "ENTRYPOINTS"
+
-+The httpd_nagios_script_t SELinux type can be entered via the "httpd_nagios_script_exec_t,shell_exec_t,httpd_nagios_script_exec_t" file types. The default entrypoint paths for the httpd_nagios_script_t domain are the following:"
++The httpd_nagios_script_t SELinux type can be entered via the "shell_exec_t,httpd_nagios_script_exec_t,httpd_nagios_script_exec_t" file types. The default entrypoint paths for the httpd_nagios_script_t domain are the following:"
+
-+/usr/lib/cgi-bin/nagios(/.+)?, /usr/lib/nagios/cgi-bin(/.*)?, /usr/lib/cgi-bin/netsaint(/.*)?, /usr/lib/nagios/cgi(/.*)?, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /usr/lib/cgi-bin/nagios(/.+)?, /usr/lib/nagios/cgi-bin(/.*)?, /usr/lib/cgi-bin/netsaint(/.*)?, /usr/lib/nagios/cgi(/.*)?
++/bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /usr/lib/nagios/cgi(/.*)?, /usr/lib/cgi-bin/nagios(/.+)?, /usr/lib/nagios/cgi-bin(/.*)?, /usr/lib/cgi-bin/netsaint(/.*)?, /usr/lib/nagios/cgi(/.*)?, /usr/lib/cgi-bin/nagios(/.+)?, /usr/lib/nagios/cgi-bin(/.*)?, /usr/lib/cgi-bin/netsaint(/.*)?
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -33884,10 +33946,6 @@ index 0000000..ff03c0d
+
+- Set files with the httpd_nagios_script_exec_t type, if you want to transition an executable to the httpd_nagios_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/cgi-bin/nagios(/.+)?, /usr/lib/nagios/cgi-bin(/.*)?, /usr/lib/cgi-bin/netsaint(/.*)?, /usr/lib/nagios/cgi(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -33921,19 +33979,21 @@ index 0000000..ff03c0d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_nagios_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_nagios_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_nutups_cgi_script_selinux.8 b/man/man8/httpd_nutups_cgi_script_selinux.8
new file mode 100644
-index 0000000..cd287f3
+index 0000000..b66ad00
--- /dev/null
+++ b/man/man8/httpd_nutups_cgi_script_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "httpd_nutups_cgi_script_selinux" "8" "httpd_nutups_cgi_script" "dwalsh at redhat.com" "httpd_nutups_cgi_script SELinux Policy documentation"
+@@ -0,0 +1,95 @@
++.TH "httpd_nutups_cgi_script_selinux" "8" "12-10-19" "httpd_nutups_cgi_script" "SELinux Policy documentation for httpd_nutups_cgi_script"
+.SH "NAME"
+httpd_nutups_cgi_script_selinux \- Security Enhanced Linux Policy for the httpd_nutups_cgi_script processes
+.SH "DESCRIPTION"
@@ -33949,9 +34009,9 @@ index 0000000..cd287f3
+
+.SH "ENTRYPOINTS"
+
-+The httpd_nutups_cgi_script_t SELinux type can be entered via the "httpd_nutups_cgi_script_exec_t,shell_exec_t,httpd_nutups_cgi_script_exec_t" file types. The default entrypoint paths for the httpd_nutups_cgi_script_t domain are the following:"
++The httpd_nutups_cgi_script_t SELinux type can be entered via the "shell_exec_t,httpd_nutups_cgi_script_exec_t,httpd_nutups_cgi_script_exec_t" file types. The default entrypoint paths for the httpd_nutups_cgi_script_t domain are the following:"
+
-+/var/www/nut-cgi-bin/upsstats\.cgi, /var/www/nut-cgi-bin/upsimage\.cgi, /var/www/nut-cgi-bin/upsset\.cgi, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /var/www/nut-cgi-bin/upsstats\.cgi, /var/www/nut-cgi-bin/upsimage\.cgi, /var/www/nut-cgi-bin/upsset\.cgi
++/bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /var/www/nut-cgi-bin/upsset\.cgi, /var/www/nut-cgi-bin/upsimage\.cgi, /var/www/nut-cgi-bin/upsstats\.cgi, /var/www/nut-cgi-bin/upsset\.cgi, /var/www/nut-cgi-bin/upsimage\.cgi, /var/www/nut-cgi-bin/upsstats\.cgi
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -33988,10 +34048,6 @@ index 0000000..cd287f3
+
+- Set files with the httpd_nutups_cgi_script_exec_t type, if you want to transition an executable to the httpd_nutups_cgi_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/www/nut-cgi-bin/upsstats\.cgi, /var/www/nut-cgi-bin/upsimage\.cgi, /var/www/nut-cgi-bin/upsset\.cgi
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -34025,19 +34081,21 @@ index 0000000..cd287f3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_nutups_cgi_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_nutups_cgi_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_openshift_script_selinux.8 b/man/man8/httpd_openshift_script_selinux.8
new file mode 100644
-index 0000000..9d53699
+index 0000000..e9ffcbe
--- /dev/null
+++ b/man/man8/httpd_openshift_script_selinux.8
-@@ -0,0 +1,93 @@
-+.TH "httpd_openshift_script_selinux" "8" "httpd_openshift_script" "dwalsh at redhat.com" "httpd_openshift_script SELinux Policy documentation"
+@@ -0,0 +1,95 @@
++.TH "httpd_openshift_script_selinux" "8" "12-10-19" "httpd_openshift_script" "SELinux Policy documentation for httpd_openshift_script"
+.SH "NAME"
+httpd_openshift_script_selinux \- Security Enhanced Linux Policy for the httpd_openshift_script processes
+.SH "DESCRIPTION"
@@ -34053,9 +34111,9 @@ index 0000000..9d53699
+
+.SH "ENTRYPOINTS"
+
-+The httpd_openshift_script_t SELinux type can be entered via the "httpd_openshift_script_exec_t,shell_exec_t,httpd_openshift_script_exec_t" file types. The default entrypoint paths for the httpd_openshift_script_t domain are the following:"
++The httpd_openshift_script_t SELinux type can be entered via the "shell_exec_t,httpd_openshift_script_exec_t,httpd_openshift_script_exec_t" file types. The default entrypoint paths for the httpd_openshift_script_t domain are the following:"
+
-+/usr/bin/rhc-restorer-wrapper.sh, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /usr/bin/rhc-restorer-wrapper.sh
++/bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /usr/bin/(oo|rhc)-restorer-wrapper.sh, /usr/bin/(oo|rhc)-restorer-wrapper.sh
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -34125,19 +34183,21 @@ index 0000000..9d53699
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_openshift_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_openshift_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_passwd_selinux.8 b/man/man8/httpd_passwd_selinux.8
new file mode 100644
-index 0000000..4d52e21
+index 0000000..cf2c595
--- /dev/null
+++ b/man/man8/httpd_passwd_selinux.8
-@@ -0,0 +1,111 @@
-+.TH "httpd_passwd_selinux" "8" "httpd_passwd" "dwalsh at redhat.com" "httpd_passwd SELinux Policy documentation"
+@@ -0,0 +1,113 @@
++.TH "httpd_passwd_selinux" "8" "12-10-19" "httpd_passwd" "SELinux Policy documentation for httpd_passwd"
+.SH "NAME"
+httpd_passwd_selinux \- Security Enhanced Linux Policy for the httpd_passwd processes
+.SH "DESCRIPTION"
@@ -34243,19 +34303,21 @@ index 0000000..4d52e21
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_passwd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_passwd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_php_selinux.8 b/man/man8/httpd_php_selinux.8
new file mode 100644
-index 0000000..2ec3952
+index 0000000..b3c8fd1
--- /dev/null
+++ b/man/man8/httpd_php_selinux.8
-@@ -0,0 +1,115 @@
-+.TH "httpd_php_selinux" "8" "httpd_php" "dwalsh at redhat.com" "httpd_php SELinux Policy documentation"
+@@ -0,0 +1,117 @@
++.TH "httpd_php_selinux" "8" "12-10-19" "httpd_php" "SELinux Policy documentation for httpd_php"
+.SH "NAME"
+httpd_php_selinux \- Security Enhanced Linux Policy for the httpd_php processes
+.SH "DESCRIPTION"
@@ -34365,19 +34427,21 @@ index 0000000..2ec3952
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_php(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_php(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_prewikka_script_selinux.8 b/man/man8/httpd_prewikka_script_selinux.8
new file mode 100644
-index 0000000..635c75e
+index 0000000..b7722fa
--- /dev/null
+++ b/man/man8/httpd_prewikka_script_selinux.8
-@@ -0,0 +1,107 @@
-+.TH "httpd_prewikka_script_selinux" "8" "httpd_prewikka_script" "dwalsh at redhat.com" "httpd_prewikka_script SELinux Policy documentation"
+@@ -0,0 +1,109 @@
++.TH "httpd_prewikka_script_selinux" "8" "12-10-19" "httpd_prewikka_script" "SELinux Policy documentation for httpd_prewikka_script"
+.SH "NAME"
+httpd_prewikka_script_selinux \- Security Enhanced Linux Policy for the httpd_prewikka_script processes
+.SH "DESCRIPTION"
@@ -34393,9 +34457,9 @@ index 0000000..635c75e
+
+.SH "ENTRYPOINTS"
+
-+The httpd_prewikka_script_t SELinux type can be entered via the "httpd_prewikka_script_exec_t,shell_exec_t,httpd_prewikka_script_exec_t" file types. The default entrypoint paths for the httpd_prewikka_script_t domain are the following:"
++The httpd_prewikka_script_t SELinux type can be entered via the "shell_exec_t,httpd_prewikka_script_exec_t,httpd_prewikka_script_exec_t" file types. The default entrypoint paths for the httpd_prewikka_script_t domain are the following:"
+
-+/usr/share/prewikka/cgi-bin(/.*)?, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /usr/share/prewikka/cgi-bin(/.*)?
++/bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /usr/share/prewikka/cgi-bin(/.*)?, /usr/share/prewikka/cgi-bin(/.*)?
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -34479,19 +34543,21 @@ index 0000000..635c75e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_prewikka_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_prewikka_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_rotatelogs_selinux.8 b/man/man8/httpd_rotatelogs_selinux.8
new file mode 100644
-index 0000000..6578500
+index 0000000..2186db9
--- /dev/null
+++ b/man/man8/httpd_rotatelogs_selinux.8
-@@ -0,0 +1,117 @@
-+.TH "httpd_rotatelogs_selinux" "8" "httpd_rotatelogs" "dwalsh at redhat.com" "httpd_rotatelogs SELinux Policy documentation"
+@@ -0,0 +1,119 @@
++.TH "httpd_rotatelogs_selinux" "8" "12-10-19" "httpd_rotatelogs" "SELinux Policy documentation for httpd_rotatelogs"
+.SH "NAME"
+httpd_rotatelogs_selinux \- Security Enhanced Linux Policy for the httpd_rotatelogs processes
+.SH "DESCRIPTION"
@@ -34603,17 +34669,19 @@ index 0000000..6578500
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_rotatelogs(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_rotatelogs(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_selinux.8 b/man/man8/httpd_selinux.8
-index 16e8b13..0c91ef3 100644
+index 16e8b13..5db51fb 100644
--- a/man/man8/httpd_selinux.8
+++ b/man/man8/httpd_selinux.8
-@@ -1,120 +1,1980 @@
+@@ -1,120 +1,2138 @@
-.TH "httpd_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "httpd Selinux Policy documentation"
-.de EX
-.nf
@@ -34623,7 +34691,7 @@ index 16e8b13..0c91ef3 100644
-.ft R
-.fi
-..
-+.TH "httpd_selinux" "8" "httpd" "dwalsh at redhat.com" "httpd SELinux Policy documentation"
++.TH "httpd_selinux" "8" "12-10-19" "httpd" "SELinux Policy documentation for httpd"
.SH "NAME"
-httpd_selinux \- Security Enhanced Linux Policy for the httpd daemon
+httpd_selinux \- Security Enhanced Linux Policy for the httpd processes
@@ -34648,7 +34716,7 @@ index 16e8b13..0c91ef3 100644
+
+The httpd_t SELinux type can be entered via the "httpd_exec_t" file type. The default entrypoint paths for the httpd_t domain are the following:"
+
-+/usr/sbin/apache(2)?, /usr/share/jetty/bin/jetty.sh, /usr/bin/mongrel_rails, /usr/lib/apache-ssl/.+, /usr/sbin/httpd\.event, /usr/sbin/httpd(\.worker)?, /usr/sbin/cherokee, /usr/sbin/apache-ssl(2)?, /usr/sbin/lighttpd
++/usr/sbin/httpd(\.worker)?, /usr/sbin/apache(2)?, /usr/lib/apache-ssl/.+, /usr/sbin/apache-ssl(2)?, /usr/share/jetty/bin/jetty.sh, /usr/sbin/cherokee, /usr/sbin/lighttpd, /usr/sbin/httpd\.event, /usr/bin/mongrel_rails
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -34660,7 +34728,10 @@ index 16e8b13..0c91ef3 100644
-The following file contexts types are defined for httpd:
+The following process types are defined for httpd:
+
-+.EX
+ .EX
+-httpd_sys_content_t
+-.EE
+-- Set files with httpd_sys_content_t if you want httpd_sys_script_exec_t scripts and the daemon to read the file, and disallow other non sys scripts from access.
+.B httpd_collectd_script_t, httpd_cvs_script_t, httpd_rotatelogs_t, httpd_bugzilla_script_t, httpd_smokeping_cgi_script_t, httpd_nagios_script_t, httpd_dirsrvadmin_script_t, httpd_suexec_t, httpd_mojomojo_script_t, httpd_php_t, httpd_w3c_validator_script_t, httpd_user_script_t, httpd_awstats_script_t, httpd_apcupsd_cgi_script_t, httpd_nutups_cgi_script_t, httpd_munin_script_t, httpd_zoneminder_script_t, httpd_openshift_script_t, httpd_sys_script_t, httpd_dspam_script_t, httpd_prewikka_script_t, httpd_git_script_t, httpd_t, httpd_man2html_script_t, httpd_passwd_t, httpd_helper_t, httpd_squid_script_t, httpd_cobbler_script_t, httpd_mediawiki_script_t
+.EE
+.PP
@@ -34673,31 +34744,171 @@ index 16e8b13..0c91ef3 100644
+
+
+.PP
-+If you want to allow httpd to act as a relay, you must turn on the httpd_can_network_relay boolean.
++If you want to allow httpd processes to manage IPA content, you must turn on the httpd_manage_ipa boolean.
++
+ .EX
+-httpd_sys_script_exec_t
+-.EE
+-- Set cgi scripts with httpd_sys_script_exec_t to allow them to run with access to all sys types.
++.B setsebool -P httpd_manage_ipa 1
++.EE
++
++.PP
++If you want to allow Apache to run in stickshift mode, not transition to passenger, you must turn on the httpd_run_stickshift boolean.
+
+ .EX
+-httpd_sys_content_rw_t
++.B setsebool -P httpd_run_stickshift 1
+ .EE
+-- Set files with httpd_sys_content_rw_t if you want httpd_sys_script_exec_t scripts and the daemon to read/write the data, and disallow other non sys scripts from access.
++
++.PP
++If you want to allow httpd to access FUSE file systems, you must turn on the httpd_use_fusefs boolean.
++
+ .EX
+-httpd_sys_content_ra_t
++.B setsebool -P httpd_use_fusefs 1
+ .EE
+-- Set files with httpd_sys_content_ra_t if you want httpd_sys_script_exec_t scripts and the daemon to read/append to the file, and disallow other non sys scripts from access.
++
++.PP
++If you want to allow httpd to access openstack ports, you must turn on the httpd_use_openstack boolean.
++
+ .EX
+-httpd_unconfined_script_exec_t
+-.EE
+-- Set cgi scripts with httpd_unconfined_script_exec_t to allow them to run without any SELinux protection. This should only be used for a very complex httpd scripts, after exhausting all other options. It is better to use this script rather than turning off SELinux protection for httpd.
++.B setsebool -P httpd_use_openstack 1
++.EE
+
+-.SH NOTE
+-With certain policies you can define additional file contexts based on roles like user or staff. httpd_user_script_exec_t can be defined where it would only have access to "user" contexts.
++.PP
++If you want to allow httpd to connect to the ldap port, you must turn on the httpd_can_connect_ldap boolean.
+
+-.SH SHARING FILES
+-If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for httpd you would execute:
+.EX
-+.B setsebool -P httpd_can_network_relay 1
++.B setsebool -P httpd_can_connect_ldap 1
+.EE
+
+.PP
++If you want to allow httpd daemon to change its resource limits, you must turn on the httpd_setrlimit boolean.
+
+ .EX
+-setsebool -P allow_httpd_anon_write=1
++.B setsebool -P httpd_setrlimit 1
+ .EE
+
+-or
++.PP
+If you want to allow httpd to communicate with oddjob to start up a service, you must turn on the httpd_use_oddjob boolean.
+
+ .EX
+-setsebool -P allow_httpd_sys_script_anon_write=1
++.B setsebool -P httpd_use_oddjob 1
++.EE
++
++.PP
++If you want to allow httpd to act as a FTP server by listening on the ftp port, you must turn on the httpd_enable_ftp_server boolean.
+
+.EX
-+.B setsebool -P httpd_use_oddjob 1
++.B setsebool -P httpd_enable_ftp_server 1
+ .EE
+
+-.SH BOOLEANS
+-SELinux policy is customizable based on least access required. SELinux can be setup to prevent certain http scripts from working. httpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run httpd with the tightest access possible.
+ .PP
+-httpd can be setup to allow cgi scripts to be executed, set httpd_enable_cgi to allow this
++If you want to allow httpd to access nfs file systems, you must turn on the httpd_use_nfs boolean.
+
+ .EX
+-setsebool -P httpd_enable_cgi 1
++.B setsebool -P httpd_use_nfs 1
+ .EE
+
+ .PP
+-SELinux policy for httpd can be setup to not allowed to access users home directories. If you want to allow access to users home directories you need to set the httpd_enable_homedirs boolean and change the context of the files that you want people to access off the home dir.
++If you want to allow httpd to act as a relay, you must turn on the httpd_can_network_relay boolean.
+
+ .EX
+-setsebool -P httpd_enable_homedirs 1
+-chcon -R -t httpd_sys_content_t ~user/public_html
++.B setsebool -P httpd_can_network_relay 1
+ .EE
+
+ .PP
+-SELinux policy for httpd can be setup to not allow access to the controlling terminal. In most cases this is preferred, because an intruder might be able to use the access to the terminal to gain privileges. But in certain situations httpd needs to prompt for a password to open a certificate file, in these cases, terminal access is required. Set the httpd_tty_comm boolean to allow terminal access.
++If you want to allow http daemon to check spam, you must turn on the httpd_can_check_spam boolean.
+
+ .EX
+-setsebool -P httpd_tty_comm 1
++.B setsebool -P httpd_can_check_spam 1
+ .EE
+
+ .PP
+-httpd can be configured to not differentiate file controls based on context, i.e. all files labeled as httpd context can be read/write/execute. Setting this boolean to false allows you to setup the security policy such that one httpd service can not interfere with another.
++If you want to unify HTTPD to communicate with the terminal. Needed for entering the passphrase for certificates at the terminal, you must turn on the httpd_tty_comm boolean.
+
+ .EX
+-setsebool -P httpd_unified 0
++.B setsebool -P httpd_tty_comm 1
+ .EE
+
+ .PP
+-SELinu policy for httpd can be configured to turn on sending email. This is a security feature, since it would prevent a vulnerabiltiy in http from causing a spam attack. I certain situations, you may want http modules to send mail. You can turn on the httpd_send_mail boolean.
++If you want to unify HTTPD handling of all content files, you must turn on the httpd_unified boolean.
+
+ .EX
+-setsebool -P httpd_can_sendmail 1
++.B setsebool -P httpd_unified 1
++.EE
++
+ .PP
+-httpd can be configured to turn off internal scripting (PHP). PHP and other
+-loadable modules run under the same context as httpd. Therefore several policy rules allow httpd greater access to the system then is needed if you only use external cgi scripts.
++If you want to allow httpd to connect to memcache server, you must turn on the httpd_can_network_memcache boolean.
+
+ .EX
+-setsebool -P httpd_builtin_scripting 0
++.B setsebool -P httpd_can_network_memcache 1
+ .EE
+
+ .PP
+-SELinux policy can be setup such that httpd scripts are not allowed to connect out to the network.
+-This would prevent a hacker from breaking into you httpd server and attacking
+-other machines. If you need scripts to be able to connect you can set the httpd_can_network_connect boolean on.
++If you want to allow HTTPD to connect to port 80 for graceful shutdown, you must turn on the httpd_graceful_shutdown boolean.
+
+ .EX
+-setsebool -P httpd_can_network_connect 1
++.B setsebool -P httpd_graceful_shutdown 1
+ .EE
+
+ .PP
+-system-config-selinux is a GUI tool available to customize SELinux policy settings.
+-.SH AUTHOR
+-This manual page was written by Dan Walsh <dwalsh at redhat.com>.
++If you want to allow httpd to run gpg, you must turn on the httpd_use_gpg boolean.
+
+-.SH "SEE ALSO"
+-selinux(8), httpd(8), chcon(1), setsebool(8)
++.EX
++.B setsebool -P httpd_use_gpg 1
+.EE
+
+.PP
-+If you want to allow HTTPD scripts and modules to connect to databases over the network, you must turn on the httpd_can_network_connect_db boolean.
++If you want to allow httpd to use built in scripting (usually php), you must turn on the httpd_builtin_scripting boolean.
+
+.EX
-+.B setsebool -P httpd_can_network_connect_db 1
++.B setsebool -P httpd_builtin_scripting 1
+.EE
+
+.PP
-+If you want to allow httpd to run gpg, you must turn on the httpd_use_gpg boolean.
++If you want to allow http daemon to send mail, you must turn on the httpd_can_sendmail boolean.
+
+.EX
-+.B setsebool -P httpd_use_gpg 1
++.B setsebool -P httpd_can_sendmail 1
+.EE
+
+.PP
@@ -34708,31 +34919,45 @@ index 16e8b13..0c91ef3 100644
+.EE
+
+.PP
-+If you want to allow httpd to access cifs file systems, you must turn on the httpd_use_cifs boolean.
++If you want to allow Apache to use mod_auth_pam, you must turn on the httpd_mod_auth_pam boolean.
+
+.EX
-+.B setsebool -P httpd_use_cifs 1
++.B setsebool -P httpd_mod_auth_pam 1
+.EE
+
+.PP
-+If you want to allow httpd processes to manage IPA content, you must turn on the httpd_manage_ipa boolean.
++If you want to allow httpd to read user content, you must turn on the httpd_read_user_content boolean.
+
+.EX
-+.B setsebool -P httpd_manage_ipa 1
++.B setsebool -P httpd_read_user_content 1
+.EE
+
+.PP
-+If you want to allow Apache to run in stickshift mode, not transition to passenger, you must turn on the httpd_run_stickshift boolean.
++If you want to allow BIND to bind apache port, you must turn on the named_bind_http_port boolean.
+
+.EX
-+.B setsebool -P httpd_run_stickshift 1
++.B setsebool -P named_bind_http_port 1
+.EE
+
+.PP
-+If you want to allow httpd to read home directories, you must turn on the httpd_enable_homedirs boolean.
++If you want to allow httpd to act as a FTP client connecting to the ftp port and ephemeral ports, you must turn on the httpd_can_connect_ftp boolean.
+
+.EX
-+.B setsebool -P httpd_enable_homedirs 1
++.B setsebool -P httpd_can_connect_ftp 1
++.EE
++
++.PP
++If you want to allow HTTPD scripts and modules to connect to cobbler over the network, you must turn on the httpd_can_network_connect_cobbler boolean.
++
++.EX
++.B setsebool -P httpd_can_network_connect_cobbler 1
++.EE
++
++.PP
++If you want to allow Apache to use mod_auth_ntlm_winbind, you must turn on the httpd_mod_auth_ntlm_winbind boolean.
++
++.EX
++.B setsebool -P httpd_mod_auth_ntlm_winbind 1
+.EE
+
+.PP
@@ -34743,24 +34968,31 @@ index 16e8b13..0c91ef3 100644
+.EE
+
+.PP
-+If you want to unify HTTPD handling of all content files, you must turn on the httpd_unified boolean.
++If you want to allow httpd to read home directories, you must turn on the httpd_enable_homedirs boolean.
+
+.EX
-+.B setsebool -P httpd_unified 1
++.B setsebool -P httpd_enable_homedirs 1
+.EE
+
+.PP
-+If you want to allow Apache to use mod_auth_pam, you must turn on the httpd_mod_auth_pam boolean.
++If you want to allow HTTPD to run SSI executables in the same domain as system CGI scripts, you must turn on the httpd_ssi_exec boolean.
+
+.EX
-+.B setsebool -P httpd_mod_auth_pam 1
++.B setsebool -P httpd_ssi_exec 1
+.EE
+
+.PP
-+If you want to allow HTTPD scripts and modules to connect to the network using TCP, you must turn on the httpd_can_network_connect boolean.
++If you want to allow Apache to execute tmp content, you must turn on the httpd_tmp_exec boolean.
+
+.EX
-+.B setsebool -P httpd_can_network_connect 1
++.B setsebool -P httpd_tmp_exec 1
++.EE
++
++.PP
++If you want to allow httpd to access cifs file systems, you must turn on the httpd_use_cifs boolean.
++
++.EX
++.B setsebool -P httpd_use_cifs 1
+.EE
+
+.PP
@@ -34771,6 +35003,41 @@ index 16e8b13..0c91ef3 100644
+.EE
+
+.PP
++If you want to allow http daemon to connect to zabbix, you must turn on the httpd_can_connect_zabbix boolean.
++
++.EX
++.B setsebool -P httpd_can_connect_zabbix 1
++.EE
++
++.PP
++If you want to allow HTTPD scripts and modules to connect to the network using TCP, you must turn on the httpd_can_network_connect boolean.
++
++.EX
++.B setsebool -P httpd_can_network_connect 1
++.EE
++
++.PP
++If you want to allow HTTPD scripts and modules to connect to databases over the network, you must turn on the httpd_can_network_connect_db boolean.
++
++.EX
++.B setsebool -P httpd_can_network_connect_db 1
++.EE
++
++.PP
++If you want to allow httpd processes to manage IPA content, you must turn on the httpd_manage_ipa boolean.
++
++.EX
++.B setsebool -P httpd_manage_ipa 1
++.EE
++
++.PP
++If you want to allow Apache to run in stickshift mode, not transition to passenger, you must turn on the httpd_run_stickshift boolean.
++
++.EX
++.B setsebool -P httpd_run_stickshift 1
++.EE
++
++.PP
+If you want to allow httpd to access FUSE file systems, you must turn on the httpd_use_fusefs boolean.
+
+.EX
@@ -34778,6 +35045,13 @@ index 16e8b13..0c91ef3 100644
+.EE
+
+.PP
++If you want to allow httpd to access openstack ports, you must turn on the httpd_use_openstack boolean.
++
++.EX
++.B setsebool -P httpd_use_openstack 1
++.EE
++
++.PP
+If you want to allow httpd to connect to the ldap port, you must turn on the httpd_can_connect_ldap boolean.
+
+.EX
@@ -34785,10 +35059,45 @@ index 16e8b13..0c91ef3 100644
+.EE
+
+.PP
-+If you want to allow Apache to use mod_auth_ntlm_winbind, you must turn on the httpd_mod_auth_ntlm_winbind boolean.
++If you want to allow httpd daemon to change its resource limits, you must turn on the httpd_setrlimit boolean.
+
+.EX
-+.B setsebool -P httpd_mod_auth_ntlm_winbind 1
++.B setsebool -P httpd_setrlimit 1
++.EE
++
++.PP
++If you want to allow httpd to communicate with oddjob to start up a service, you must turn on the httpd_use_oddjob boolean.
++
++.EX
++.B setsebool -P httpd_use_oddjob 1
++.EE
++
++.PP
++If you want to allow httpd to act as a FTP server by listening on the ftp port, you must turn on the httpd_enable_ftp_server boolean.
++
++.EX
++.B setsebool -P httpd_enable_ftp_server 1
++.EE
++
++.PP
++If you want to allow httpd to access nfs file systems, you must turn on the httpd_use_nfs boolean.
++
++.EX
++.B setsebool -P httpd_use_nfs 1
++.EE
++
++.PP
++If you want to allow httpd to act as a relay, you must turn on the httpd_can_network_relay boolean.
++
++.EX
++.B setsebool -P httpd_can_network_relay 1
++.EE
++
++.PP
++If you want to allow http daemon to check spam, you must turn on the httpd_can_check_spam boolean.
++
++.EX
++.B setsebool -P httpd_can_check_spam 1
+.EE
+
+.PP
@@ -34799,40 +35108,40 @@ index 16e8b13..0c91ef3 100644
+.EE
+
+.PP
-+If you want to allow HTTPD to connect to port 80 for graceful shutdown, you must turn on the httpd_graceful_shutdown boolean.
++If you want to unify HTTPD handling of all content files, you must turn on the httpd_unified boolean.
+
+.EX
-+.B setsebool -P httpd_graceful_shutdown 1
++.B setsebool -P httpd_unified 1
+.EE
+
+.PP
-+If you want to allow httpd to act as a FTP client connecting to the ftp port and ephemeral ports, you must turn on the httpd_can_connect_ftp boolean.
++If you want to allow httpd to connect to memcache server, you must turn on the httpd_can_network_memcache boolean.
+
+.EX
-+.B setsebool -P httpd_can_connect_ftp 1
++.B setsebool -P httpd_can_network_memcache 1
+.EE
+
+.PP
-+If you want to allow httpd to read user content, you must turn on the httpd_read_user_content boolean.
++If you want to allow HTTPD to connect to port 80 for graceful shutdown, you must turn on the httpd_graceful_shutdown boolean.
+
+.EX
-+.B setsebool -P httpd_read_user_content 1
++.B setsebool -P httpd_graceful_shutdown 1
+.EE
+
+.PP
-+If you want to allow httpd to access nfs file systems, you must turn on the httpd_use_nfs boolean.
++If you want to allow httpd to run gpg, you must turn on the httpd_use_gpg boolean.
+
+.EX
-+.B setsebool -P httpd_use_nfs 1
++.B setsebool -P httpd_use_gpg 1
+.EE
+
+.PP
-+If you want to allow Apache to execute tmp content, you must turn on the httpd_tmp_exec boolean.
++If you want to allow httpd to use built in scripting (usually php), you must turn on the httpd_builtin_scripting boolean.
+
+.EX
-+.B setsebool -P httpd_tmp_exec 1
++.B setsebool -P httpd_builtin_scripting 1
+.EE
-+
+
+.PP
+If you want to allow http daemon to send mail, you must turn on the httpd_can_sendmail boolean.
+
@@ -34841,17 +35150,24 @@ index 16e8b13..0c91ef3 100644
+.EE
+
+.PP
-+If you want to allow httpd to use built in scripting (usually php), you must turn on the httpd_builtin_scripting boolean.
++If you want to allow httpd cgi support, you must turn on the httpd_enable_cgi boolean.
+
+.EX
-+.B setsebool -P httpd_builtin_scripting 1
++.B setsebool -P httpd_enable_cgi 1
+.EE
+
+.PP
-+If you want to allow http daemon to check spam, you must turn on the httpd_can_check_spam boolean.
++If you want to allow Apache to use mod_auth_pam, you must turn on the httpd_mod_auth_pam boolean.
+
+.EX
-+.B setsebool -P httpd_can_check_spam 1
++.B setsebool -P httpd_mod_auth_pam 1
++.EE
++
++.PP
++If you want to allow httpd to read user content, you must turn on the httpd_read_user_content boolean.
+
++.EX
++.B setsebool -P httpd_read_user_content 1
+.EE
+
+.PP
@@ -34862,71 +35178,90 @@ index 16e8b13..0c91ef3 100644
+.EE
+
+.PP
-+If you want to allow httpd to connect to memcache server, you must turn on the httpd_can_network_memcache boolean.
++If you want to allow httpd to act as a FTP client connecting to the ftp port and ephemeral ports, you must turn on the httpd_can_connect_ftp boolean.
+
+.EX
-+.B setsebool -P httpd_can_network_memcache 1
++.B setsebool -P httpd_can_connect_ftp 1
+.EE
+
+.PP
+If you want to allow HTTPD scripts and modules to connect to cobbler over the network, you must turn on the httpd_can_network_connect_cobbler boolean.
+
- .EX
--httpd_sys_content_t
--.EE
--- Set files with httpd_sys_content_t if you want httpd_sys_script_exec_t scripts and the daemon to read the file, and disallow other non sys scripts from access.
++.EX
+.B setsebool -P httpd_can_network_connect_cobbler 1
+.EE
+
+.PP
++If you want to allow Apache to use mod_auth_ntlm_winbind, you must turn on the httpd_mod_auth_ntlm_winbind boolean.
++
++.EX
++.B setsebool -P httpd_mod_auth_ntlm_winbind 1
++.EE
++
++.PP
++If you want to allow Apache to communicate with avahi service via dbus, you must turn on the httpd_dbus_avahi boolean.
++
++.EX
++.B setsebool -P httpd_dbus_avahi 1
++.EE
++
++.PP
++If you want to allow httpd to read home directories, you must turn on the httpd_enable_homedirs boolean.
++
++.EX
++.B setsebool -P httpd_enable_homedirs 1
++.EE
++
++.PP
+If you want to allow HTTPD to run SSI executables in the same domain as system CGI scripts, you must turn on the httpd_ssi_exec boolean.
+
- .EX
--httpd_sys_script_exec_t
--.EE
--- Set cgi scripts with httpd_sys_script_exec_t to allow them to run with access to all sys types.
++.EX
+.B setsebool -P httpd_ssi_exec 1
+.EE
+
+.PP
-+If you want to allow httpd to access openstack ports, you must turn on the httpd_use_openstack boolean.
++If you want to allow Apache to execute tmp content, you must turn on the httpd_tmp_exec boolean.
+
- .EX
--httpd_sys_content_rw_t
-+.B setsebool -P httpd_use_openstack 1
- .EE
--- Set files with httpd_sys_content_rw_t if you want httpd_sys_script_exec_t scripts and the daemon to read/write the data, and disallow other non sys scripts from access.
++.EX
++.B setsebool -P httpd_tmp_exec 1
++.EE
+
+.PP
-+If you want to allow httpd to act as a FTP server by listening on the ftp port, you must turn on the httpd_enable_ftp_server boolean.
++If you want to allow httpd to access cifs file systems, you must turn on the httpd_use_cifs boolean.
+
- .EX
--httpd_sys_content_ra_t
-+.B setsebool -P httpd_enable_ftp_server 1
- .EE
--- Set files with httpd_sys_content_ra_t if you want httpd_sys_script_exec_t scripts and the daemon to read/append to the file, and disallow other non sys scripts from access.
++.EX
++.B setsebool -P httpd_use_cifs 1
++.EE
++
++.PP
++If you want to allow httpd scripts and modules execmem/execstack, you must turn on the httpd_execmem boolean.
++
++.EX
++.B setsebool -P httpd_execmem 1
++.EE
+
+.PP
+If you want to allow http daemon to connect to zabbix, you must turn on the httpd_can_connect_zabbix boolean.
+
- .EX
--httpd_unconfined_script_exec_t
--.EE
--- Set cgi scripts with httpd_unconfined_script_exec_t to allow them to run without any SELinux protection. This should only be used for a very complex httpd scripts, after exhausting all other options. It is better to use this script rather than turning off SELinux protection for httpd.
++.EX
+.B setsebool -P httpd_can_connect_zabbix 1
+.EE
+
+.PP
-+If you want to allow httpd daemon to change its resource limits, you must turn on the httpd_setrlimit boolean.
-
--.SH NOTE
--With certain policies you can define additional file contexts based on roles like user or staff. httpd_user_script_exec_t can be defined where it would only have access to "user" contexts.
++If you want to allow HTTPD scripts and modules to connect to the network using TCP, you must turn on the httpd_can_network_connect boolean.
++
+.EX
-+.B setsebool -P httpd_setrlimit 1
++.B setsebool -P httpd_can_network_connect 1
+.EE
-
- .SH SHARING FILES
--If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for httpd you would execute:
++
++.PP
++If you want to allow HTTPD scripts and modules to connect to databases over the network, you must turn on the httpd_can_network_connect_db boolean.
++
++.EX
++.B setsebool -P httpd_can_network_connect_db 1
++.EE
++
++.SH SHARING FILES
+If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
+.TP
+Allow httpd servers to read the /var/httpd directory by adding the public_content_t file type to the directory and by restoring the file type.
@@ -34946,24 +35281,33 @@ index 16e8b13..0c91ef3 100644
+
+
+.PP
++If you want to allow Apache to modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t., you must turn on the httpd_anon_write boolean.
++
++.EX
++.B setsebool -P httpd_anon_write 1
++.EE
++
++.PP
+If you want to allow apache scripts to write to public content, directories/files must be labeled public_rw_content_t., you must turn on the httpd_sys_script_anon_write boolean.
-
- .EX
--setsebool -P allow_httpd_anon_write=1
++
++.EX
+.B setsebool -P httpd_sys_script_anon_write 1
- .EE
-
--or
++.EE
++
+.PP
+If you want to allow Apache to modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t., you must turn on the httpd_anon_write boolean.
-
- .EX
--setsebool -P allow_httpd_sys_script_anon_write=1
++
++.EX
+.B setsebool -P httpd_anon_write 1
- .EE
-
--.SH BOOLEANS
--SELinux policy is customizable based on least access required. SELinux can be setup to prevent certain http scripts from working. httpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run httpd with the tightest access possible.
++.EE
++
++.PP
++If you want to allow apache scripts to write to public content, directories/files must be labeled public_rw_content_t., you must turn on the httpd_sys_script_anon_write boolean.
++
++.EX
++.B setsebool -P httpd_sys_script_anon_write 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -34992,144 +35336,117 @@ index 16e8b13..0c91ef3 100644
+
+
+.EX
- .PP
--httpd can be setup to allow cgi scripts to be executed, set httpd_enable_cgi to allow this
++.PP
+.B httpd_apcupsd_cgi_ra_content_t
+.EE
+
+- Set files with the httpd_apcupsd_cgi_ra_content_t type, if you want to treat the files as httpd apcupsd cgi read/append content.
+
-
- .EX
--setsebool -P httpd_enable_cgi 1
++
++.EX
+.PP
+.B httpd_apcupsd_cgi_rw_content_t
- .EE
-
++.EE
++
+- Set files with the httpd_apcupsd_cgi_rw_content_t type, if you want to treat the files as httpd apcupsd cgi read/write content.
+
+
+.EX
- .PP
--SELinux policy for httpd can be setup to not allowed to access users home directories. If you want to allow access to users home directories you need to set the httpd_enable_homedirs boolean and change the context of the files that you want people to access off the home dir.
++.PP
+.B httpd_apcupsd_cgi_script_exec_t
+.EE
+
+- Set files with the httpd_apcupsd_cgi_script_exec_t type, if you want to transition an executable to the httpd_apcupsd_cgi_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/www/apcupsd/upsfstats\.cgi, /var/www/apcupsd/multimon\.cgi, /var/www/apcupsd/upsstats\.cgi, /var/www/apcupsd/upsimage\.cgi, /var/www/cgi-bin/apcgui(/.*)?
-
- .EX
--setsebool -P httpd_enable_homedirs 1
--chcon -R -t httpd_sys_content_t ~user/public_html
++
++.EX
+.PP
+.B httpd_awstats_content_t
- .EE
-
++.EE
++
+- Set files with the httpd_awstats_content_t type, if you want to treat the files as httpd awstats content.
+
+
+.EX
- .PP
--SELinux policy for httpd can be setup to not allow access to the controlling terminal. In most cases this is preferred, because an intruder might be able to use the access to the terminal to gain privileges. But in certain situations httpd needs to prompt for a password to open a certificate file, in these cases, terminal access is required. Set the httpd_tty_comm boolean to allow terminal access.
++.PP
+.B httpd_awstats_htaccess_t
+.EE
+
+- Set files with the httpd_awstats_htaccess_t type, if you want to treat the file as a httpd awstats access file.
+
-
- .EX
--setsebool -P httpd_tty_comm 1
++
++.EX
+.PP
+.B httpd_awstats_ra_content_t
- .EE
-
++.EE
++
+- Set files with the httpd_awstats_ra_content_t type, if you want to treat the files as httpd awstats read/append content.
+
+
+.EX
- .PP
--httpd can be configured to not differentiate file controls based on context, i.e. all files labeled as httpd context can be read/write/execute. Setting this boolean to false allows you to setup the security policy such that one httpd service can not interfere with another.
++.PP
+.B httpd_awstats_rw_content_t
+.EE
+
+- Set files with the httpd_awstats_rw_content_t type, if you want to treat the files as httpd awstats read/write content.
+
-
- .EX
--setsebool -P httpd_unified 0
++
++.EX
+.PP
+.B httpd_awstats_script_exec_t
- .EE
-
++.EE
++
+- Set files with the httpd_awstats_script_exec_t type, if you want to transition an executable to the httpd_awstats_script_t domain.
+
+
+.EX
- .PP
--SELinu policy for httpd can be configured to turn on sending email. This is a security feature, since it would prevent a vulnerabiltiy in http from causing a spam attack. I certain situations, you may want http modules to send mail. You can turn on the httpd_send_mail boolean.
++.PP
+.B httpd_bugzilla_content_t
+.EE
+
+- Set files with the httpd_bugzilla_content_t type, if you want to treat the files as httpd bugzilla content.
+
-
- .EX
--setsebool -P httpd_can_sendmail 1
- .PP
--httpd can be configured to turn off internal scripting (PHP). PHP and other
--loadable modules run under the same context as httpd. Therefore several policy rules allow httpd greater access to the system then is needed if you only use external cgi scripts.
++
++.EX
++.PP
+.B httpd_bugzilla_htaccess_t
+.EE
+
+- Set files with the httpd_bugzilla_htaccess_t type, if you want to treat the file as a httpd bugzilla access file.
+
-
- .EX
--setsebool -P httpd_builtin_scripting 0
++
++.EX
+.PP
+.B httpd_bugzilla_ra_content_t
- .EE
-
++.EE
++
+- Set files with the httpd_bugzilla_ra_content_t type, if you want to treat the files as httpd bugzilla read/append content.
+
+
+.EX
- .PP
--SELinux policy can be setup such that httpd scripts are not allowed to connect out to the network.
--This would prevent a hacker from breaking into you httpd server and attacking
--other machines. If you need scripts to be able to connect you can set the httpd_can_network_connect boolean on.
++.PP
+.B httpd_bugzilla_rw_content_t
+.EE
+
+- Set files with the httpd_bugzilla_rw_content_t type, if you want to treat the files as httpd bugzilla read/write content.
+
-
- .EX
--setsebool -P httpd_can_network_connect 1
++
++.EX
+.PP
+.B httpd_bugzilla_script_exec_t
- .EE
-
++.EE
++
+- Set files with the httpd_bugzilla_script_exec_t type, if you want to transition an executable to the httpd_bugzilla_script_t domain.
+
+
+.EX
- .PP
--system-config-selinux is a GUI tool available to customize SELinux policy settings.
--.SH AUTHOR
--This manual page was written by Dan Walsh <dwalsh at redhat.com>.
++.PP
+.B httpd_bugzilla_tmp_t
+.EE
-
--.SH "SEE ALSO"
--selinux(8), httpd(8), chcon(1), setsebool(8)
++
+- Set files with the httpd_bugzilla_tmp_t type, if you want to store httpd bugzilla temporary files in the /tmp directories.
-
-
++
++
+.EX
+.PP
+.B httpd_cache_t
@@ -35137,10 +35454,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_cache_t type, if you want to store the files under the /var/cache directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/cache/php-.*, /var/cache/mediawiki(/.*)?, /var/cache/lighttpd(/.*)?, /var/cache/php-mmcache(/.*)?, /var/cache/mod_gnutls(/.*)?, /var/cache/mod_ssl(/.*)?, /var/cache/mod_.*, /var/cache/ssl.*\.sem, /var/cache/httpd(/.*)?, /var/cache/rt3(/.*)?, /var/cache/php-eaccelerator(/.*)?, /var/cache/mason(/.*)?, /var/cache/mod_proxy(/.*)?
+
+.EX
+.PP
@@ -35229,10 +35542,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_config_t type, if you want to treat the files as httpd configuration data, usually stored under the /etc directory.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/vhosts, /etc/httpd(/.*)?, /etc/apache(2)?(/.*)?, /etc/apache-ssl(2)?(/.*)?, /etc/lighttpd(/.*)?, /var/lib/stickshift/.httpd.d(/.*)?, /etc/cherokee(/.*)?
+
+.EX
+.PP
@@ -35273,10 +35582,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_cvs_script_exec_t type, if you want to transition an executable to the httpd_cvs_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/cvsweb/cvsweb\.cgi, /var/www/cgi-bin/cvsweb\.cgi
+
+.EX
+.PP
@@ -35317,10 +35622,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_dirsrvadmin_script_exec_t type, if you want to transition an executable to the httpd_dirsrvadmin_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/dirsrv/dsgw-cgi-bin(/.*)?, /usr/lib/dirsrv/cgi-bin(/.*)?
+
+.EX
+.PP
@@ -35369,10 +35670,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_exec_t type, if you want to transition an executable to the httpd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/apache(2)?, /usr/share/jetty/bin/jetty.sh, /usr/bin/mongrel_rails, /usr/lib/apache-ssl/.+, /usr/sbin/httpd\.event, /usr/sbin/httpd(\.worker)?, /usr/sbin/cherokee, /usr/sbin/apache-ssl(2)?, /usr/sbin/lighttpd
+
+.EX
+.PP
@@ -35405,10 +35702,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_git_rw_content_t type, if you want to treat the files as httpd git read/write content.
+
-+.br
-+.TP 5
-+Paths:
-+/var/cache/gitweb-caching(/.*)?, /var/cache/cgit(/.*)?
+
+.EX
+.PP
@@ -35417,10 +35710,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_git_script_exec_t type, if you want to transition an executable to the httpd_git_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/www/git/gitweb\.cgi, /var/www/cgi-bin/cgit, /var/www/gitweb-caching/gitweb\.cgi
+
+.EX
+.PP
@@ -35437,10 +35726,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_initrc_exec_t type, if you want to transition an executable to the httpd_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/init\.d/cherokee, /etc/rc\.d/init\.d/httpd, /etc/rc\.d/init\.d/lighttpd
+
+.EX
+.PP
@@ -35465,10 +35750,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_log_t type, if you want to treat the data as httpd log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/apache-ssl(2)?(/.*)?, /var/log/suphp\.log.*, /var/log/httpd(/.*)?, /var/log/apache(2)?(/.*)?, /var/log/cherokee(/.*)?, /var/log/roundcubemail(/.*)?, /var/log/cgiwrap\.log.*, /var/log/lighttpd(/.*)?, /var/www(/.*)?/logs(/.*)?, /var/log/cacti(/.*)?, /var/log/dirsrv/admin-serv(/.*)?, /etc/httpd/logs
+
+.EX
+.PP
@@ -35517,10 +35798,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_man2html_script_exec_t type, if you want to transition an executable to the httpd_man2html_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/man2html/cgi-bin/man/manwhatis, /usr/lib/man2html/cgi-bin/man/man2html, /usr/lib/man2html/cgi-bin/man/mansec
+
+.EX
+.PP
@@ -35529,10 +35806,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_mediawiki_content_t type, if you want to treat the files as httpd mediawiki content.
+
-+.br
-+.TP 5
-+Paths:
-+/var/www/wiki/.*\.php, /usr/share/mediawiki(/.*)?
+
+.EX
+.PP
@@ -35565,10 +35838,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_mediawiki_script_exec_t type, if you want to transition an executable to the httpd_mediawiki_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/mediawiki/math/texvc, /usr/lib/mediawiki/math/texvc_tex, /usr/lib/mediawiki/math/texvc_tes
+
+.EX
+.PP
@@ -35577,10 +35846,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_modules_t type, if you want to treat the files as httpd modules.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/cherokee(/.*)?, /usr/lib/lighttpd(/.*)?, /usr/lib/apache(/.*)?, /etc/httpd/modules, /usr/lib/httpd(/.*)?, /usr/lib/apache2/modules(/.*)?
+
+.EX
+.PP
@@ -35709,10 +35974,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_nagios_script_exec_t type, if you want to transition an executable to the httpd_nagios_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/cgi-bin/nagios(/.+)?, /usr/lib/nagios/cgi-bin(/.*)?, /usr/lib/cgi-bin/netsaint(/.*)?, /usr/lib/nagios/cgi(/.*)?
+
+.EX
+.PP
@@ -35753,10 +36014,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_nutups_cgi_script_exec_t type, if you want to transition an executable to the httpd_nutups_cgi_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/www/nut-cgi-bin/upsstats\.cgi, /var/www/nut-cgi-bin/upsimage\.cgi, /var/www/nut-cgi-bin/upsset\.cgi
+
+.EX
+.PP
@@ -35949,10 +36206,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_squid_script_exec_t type, if you want to transition an executable to the httpd_squid_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/squid/cachemgr\.cgi, /usr/share/lightsquid/cgi(/.*)?
+
+.EX
+.PP
@@ -35969,10 +36222,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_suexec_exec_t type, if you want to transition an executable to the httpd_suexec_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/apache(2)?/suexec(2)?, /usr/sbin/suexec, /usr/lib/cgi-bin/(nph-)?cgiwrap(d)?
+
+.EX
+.PP
@@ -35989,10 +36238,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_sys_content_t type, if you want to treat the files as httpd sys content.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/icecast(/.*)?, /usr/share/htdig(/.*)?, /etc/htdig(/.*)?, /var/www/svn/conf(/.*)?, /usr/share/doc/ghc/html(/.*)?, /usr/share/mythtv/data(/.*)?, /var/lib/htdig(/.*)?, /srv/gallery2(/.*)?, /srv/([^/]*/)?www(/.*)?, /usr/share/ntop/html(/.*)?, /test/symlinked/file, /usr/share/mythweb(/.*)?, /usr/share/openca/htdocs(/.*)?, /usr/share/selinux-policy[^/]*/html(/.*)?, /usr/share/drupal.*, /var/lib/cacti/rra(/.*)?, /var/lib/trac(/.*)?, /var/www(/.*)?, /var/www/icons(/.*)?
+
+.EX
+.PP
@@ -36017,10 +36262,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_sys_rw_content_t type, if you want to treat the files as httpd sys read/write content.
+
-+.br
-+.TP 5
-+Paths:
-+/var/www/html/[^/]*/sites/default/settings\.php, /var/spool/viewvc(/.*)?, /etc/WebCalendar(/.*)?, /etc/mock/koji(/.*)?, /var/lib/svn(/.*)?, /var/spool/gosa(/.*)?, /etc/zabbix/web(/.*)?, /usr/share/wordpress/wp-content/upgrade(/.*)?, /var/lib/pootle/po(/.*)?, /etc/drupal.*, /var/www/gallery/albums(/.*)?, /usr/share/wordpress/wp-content/uploads(/.*)?, /var/www/html/configuration\.php, /var/lib/drupal.*, /usr/share/wordpress-mu/wp-content(/.*)?, /var/lib/dokuwiki(/.*)?, /var/www/moodledata(/.*)?, /var/www/html/[^/]*/sites/default/files(/.*)?, /var/www/svn(/.*)?, /var/www/html/wp-content(/.*)?
+
+.EX
+.PP
@@ -36029,10 +36270,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_sys_script_exec_t type, if you want to transition an executable to the httpd_sys_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/www/svn/hooks(/.*)?, /usr/share/mythweb/mythweb\.pl, /usr/share/wordpress/.*\.php, /usr/lib/cgi-bin(/.*)?, /opt/.*\.cgi, /var/www/perl(/.*)?, /usr/share/mythtv/mythweather/scripts(/.*)?, /usr/share/wordpress-mu/wp-config\.php, /usr/.*\.cgi, /var/www/html/[^/]*/cgi-bin(/.*)?, /var/www/[^/]*/cgi-bin(/.*)?, /var/www/cgi-bin(/.*)?, /usr/share/wordpress/wp-includes/.*\.php
+
+.EX
+.PP
@@ -36057,10 +36294,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_unit_file_t type, if you want to treat the files as httpd unit content.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/systemd/system/httpd.*, /usr/lib/systemd/system/jetty.*
+
+.EX
+.PP
@@ -36109,10 +36342,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_var_lib_t type, if you want to store the httpd files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/rt3/data/RT-Shredder(/.*)?, /var/lib/lighttpd(/.*)?, /var/lib/httpd(/.*)?, /var/lib/cherokee(/.*)?, /var/lib/dav(/.*)?, /var/lib/php(/.*)?
+
+.EX
+.PP
@@ -36121,10 +36350,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_var_run_t type, if you want to store the httpd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/mod_.*, /var/run/wsgi.*, /var/run/apache.*, /var/lib/php/session(/.*)?, /var/run/cherokee\.pid, /var/run/lighttpd(/.*)?, /var/run/gcache_port, /opt/dirsrv/var/run/dirsrv/dsgw/cookies(/.*)?, /var/run/httpd.*, /var/run/dirsrv/admin-serv.*
+
+.EX
+.PP
@@ -36165,10 +36390,6 @@ index 16e8b13..0c91ef3 100644
+
+- Set files with the httpd_w3c_validator_script_exec_t type, if you want to transition an executable to the httpd_w3c_validator_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/w3c-markup-validator/cgi-bin(/.*)?, /usr/lib/cgi-bin/check
+
+.EX
+.PP
@@ -36470,6 +36691,8 @@ index 16e8b13..0c91ef3 100644
+.br
+ /usr/share/wordpress/wp-content/upgrade(/.*)?
+.br
++ /etc/owncloud/config\.php
++.br
+ /var/www/html/configuration\.php
+.br
+
@@ -36566,6 +36789,8 @@ index 16e8b13..0c91ef3 100644
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -36650,19 +36875,21 @@ index 16e8b13..0c91ef3 100644
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_smokeping_cgi_script_selinux.8 b/man/man8/httpd_smokeping_cgi_script_selinux.8
new file mode 100644
-index 0000000..08d734b
+index 0000000..79d9836
--- /dev/null
+++ b/man/man8/httpd_smokeping_cgi_script_selinux.8
-@@ -0,0 +1,99 @@
-+.TH "httpd_smokeping_cgi_script_selinux" "8" "httpd_smokeping_cgi_script" "dwalsh at redhat.com" "httpd_smokeping_cgi_script SELinux Policy documentation"
+@@ -0,0 +1,101 @@
++.TH "httpd_smokeping_cgi_script_selinux" "8" "12-10-19" "httpd_smokeping_cgi_script" "SELinux Policy documentation for httpd_smokeping_cgi_script"
+.SH "NAME"
+httpd_smokeping_cgi_script_selinux \- Security Enhanced Linux Policy for the httpd_smokeping_cgi_script processes
+.SH "DESCRIPTION"
@@ -36678,9 +36905,9 @@ index 0000000..08d734b
+
+.SH "ENTRYPOINTS"
+
-+The httpd_smokeping_cgi_script_t SELinux type can be entered via the "httpd_smokeping_cgi_script_exec_t,shell_exec_t,httpd_smokeping_cgi_script_exec_t" file types. The default entrypoint paths for the httpd_smokeping_cgi_script_t domain are the following:"
++The httpd_smokeping_cgi_script_t SELinux type can be entered via the "shell_exec_t,httpd_smokeping_cgi_script_exec_t,httpd_smokeping_cgi_script_exec_t" file types. The default entrypoint paths for the httpd_smokeping_cgi_script_t domain are the following:"
+
-+/usr/share/smokeping/cgi(/.*)?, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /usr/share/smokeping/cgi(/.*)?
++/bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /usr/share/smokeping/cgi(/.*)?, /usr/share/smokeping/cgi(/.*)?
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -36756,19 +36983,21 @@ index 0000000..08d734b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_smokeping_cgi_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_smokeping_cgi_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_squid_script_selinux.8 b/man/man8/httpd_squid_script_selinux.8
new file mode 100644
-index 0000000..4f98a94
+index 0000000..188c7b1
--- /dev/null
+++ b/man/man8/httpd_squid_script_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "httpd_squid_script_selinux" "8" "httpd_squid_script" "dwalsh at redhat.com" "httpd_squid_script SELinux Policy documentation"
+@@ -0,0 +1,95 @@
++.TH "httpd_squid_script_selinux" "8" "12-10-19" "httpd_squid_script" "SELinux Policy documentation for httpd_squid_script"
+.SH "NAME"
+httpd_squid_script_selinux \- Security Enhanced Linux Policy for the httpd_squid_script processes
+.SH "DESCRIPTION"
@@ -36784,9 +37013,9 @@ index 0000000..4f98a94
+
+.SH "ENTRYPOINTS"
+
-+The httpd_squid_script_t SELinux type can be entered via the "httpd_squid_script_exec_t,shell_exec_t,httpd_squid_script_exec_t" file types. The default entrypoint paths for the httpd_squid_script_t domain are the following:"
++The httpd_squid_script_t SELinux type can be entered via the "shell_exec_t,httpd_squid_script_exec_t,httpd_squid_script_exec_t" file types. The default entrypoint paths for the httpd_squid_script_t domain are the following:"
+
-+/usr/lib/squid/cachemgr\.cgi, /usr/share/lightsquid/cgi(/.*)?, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /usr/lib/squid/cachemgr\.cgi, /usr/share/lightsquid/cgi(/.*)?
++/bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /usr/share/lightsquid/cgi(/.*)?, /usr/lib/squid/cachemgr\.cgi, /usr/share/lightsquid/cgi(/.*)?, /usr/lib/squid/cachemgr\.cgi
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -36823,10 +37052,6 @@ index 0000000..4f98a94
+
+- Set files with the httpd_squid_script_exec_t type, if you want to transition an executable to the httpd_squid_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/squid/cachemgr\.cgi, /usr/share/lightsquid/cgi(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -36860,19 +37085,21 @@ index 0000000..4f98a94
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_squid_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_squid_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_suexec_selinux.8 b/man/man8/httpd_suexec_selinux.8
new file mode 100644
-index 0000000..c0ace36
+index 0000000..036d340
--- /dev/null
+++ b/man/man8/httpd_suexec_selinux.8
-@@ -0,0 +1,119 @@
-+.TH "httpd_suexec_selinux" "8" "httpd_suexec" "dwalsh at redhat.com" "httpd_suexec SELinux Policy documentation"
+@@ -0,0 +1,117 @@
++.TH "httpd_suexec_selinux" "8" "12-10-19" "httpd_suexec" "SELinux Policy documentation for httpd_suexec"
+.SH "NAME"
+httpd_suexec_selinux \- Security Enhanced Linux Policy for the httpd_suexec processes
+.SH "DESCRIPTION"
@@ -36890,7 +37117,7 @@ index 0000000..c0ace36
+
+The httpd_suexec_t SELinux type can be entered via the "httpd_suexec_exec_t" file type. The default entrypoint paths for the httpd_suexec_t domain are the following:"
+
-+/usr/lib/apache(2)?/suexec(2)?, /usr/sbin/suexec, /usr/lib/cgi-bin/(nph-)?cgiwrap(d)?
++/usr/lib/apache(2)?/suexec(2)?, /usr/lib/cgi-bin/(nph-)?cgiwrap(d)?, /usr/sbin/suexec
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -36927,10 +37154,6 @@ index 0000000..c0ace36
+
+- Set files with the httpd_suexec_exec_t type, if you want to transition an executable to the httpd_suexec_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/apache(2)?/suexec(2)?, /usr/sbin/suexec, /usr/lib/cgi-bin/(nph-)?cgiwrap(d)?
+
+.EX
+.PP
@@ -36986,19 +37209,21 @@ index 0000000..c0ace36
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_suexec(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_suexec(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_sys_script_selinux.8 b/man/man8/httpd_sys_script_selinux.8
new file mode 100644
-index 0000000..6191d01
+index 0000000..bfcbb55
--- /dev/null
+++ b/man/man8/httpd_sys_script_selinux.8
-@@ -0,0 +1,183 @@
-+.TH "httpd_sys_script_selinux" "8" "httpd_sys_script" "dwalsh at redhat.com" "httpd_sys_script SELinux Policy documentation"
+@@ -0,0 +1,190 @@
++.TH "httpd_sys_script_selinux" "8" "12-10-19" "httpd_sys_script" "SELinux Policy documentation for httpd_sys_script"
+.SH "NAME"
+httpd_sys_script_selinux \- Security Enhanced Linux Policy for the httpd_sys_script processes
+.SH "DESCRIPTION"
@@ -37014,9 +37239,9 @@ index 0000000..6191d01
+
+.SH "ENTRYPOINTS"
+
-+The httpd_sys_script_t SELinux type can be entered via the "cifs_t,nfs_t,httpd_sys_script_exec_t,shell_exec_t,httpd_sys_content_t,httpd_sys_script_exec_t" file types. The default entrypoint paths for the httpd_sys_script_t domain are the following:"
++The httpd_sys_script_t SELinux type can be entered via the "httpd_sys_script_exec_t,shell_exec_t,httpd_sys_content_t,cifs_t,nfs_t,httpd_sys_script_exec_t" file types. The default entrypoint paths for the httpd_sys_script_t domain are the following:"
+
-+/var/www/svn/hooks(/.*)?, /usr/share/mythweb/mythweb\.pl, /usr/share/wordpress/.*\.php, /usr/lib/cgi-bin(/.*)?, /opt/.*\.cgi, /var/www/perl(/.*)?, /usr/share/mythtv/mythweather/scripts(/.*)?, /usr/share/wordpress-mu/wp-config\.php, /usr/.*\.cgi, /var/www/html/[^/]*/cgi-bin(/.*)?, /var/www/[^/]*/cgi-bin(/.*)?, /var/www/cgi-bin(/.*)?, /usr/share/wordpress/wp-includes/.*\.php, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /usr/share/icecast(/.*)?, /usr/share/htdig(/.*)?, /etc/htdig(/.*)?, /var/www/svn/conf(/.*)?, /usr/share/doc/ghc/html(/.*)?, /usr/share/mythtv/
data(/.*)?, /var/lib/htdig(/.*)?, /srv/gallery2(/.*)?, /srv/([^/]*/)?www(/.*)?, /usr/share/ntop/html(/.*)?, /test/symlinked/file, /usr/share/mythweb(/.*)?, /usr/share/openca/htdocs(/.*)?, /usr/share/selinux-policy[^/]*/html(/.*)?, /usr/share/drupal.*, /var/lib/cacti/rra(/.*)?, /var/lib/trac(/.*)?, /var/www(/.*)?, /var/www/icons(/.*)?, /var/www/svn/hooks(/.*)?, /usr/share/mythweb/mythweb\.pl, /usr/share/wordpress/.*\.php, /usr/lib/cgi-bin(/.*)?, /opt/.*\.cgi, /var/www/perl(/.*)?, /usr/share/mythtv/mythweather/scripts(/.*)?, /usr/share/wordpress-mu/wp-config\.php, /usr/.*\.cgi, /var/www/html/[^/]*/cgi-bin(/.*)?, /var/www/[^/]*/cgi-bin(/.*)?, /var/www/cgi-bin(/.*)?, /usr/share/wordpress/wp-includes/.*\.php
++/usr/.*\.cgi, /opt/.*\.cgi, /var/www/[^/]*/cgi-bin(/.*)?, /var/www/perl(/.*)?, /var/www/html/[^/]*/cgi-bin(/.*)?, /usr/lib/cgi-bin(/.*)?, /var/www/cgi-bin(/.*)?, /var/www/svn/hooks(/.*)?, /usr/share/wordpress/.*\.php, /usr/share/wordpress/wp-includes/.*\.php, /usr/share/mythtv/mythweather/scripts(/.*)?, /usr/share/mythweb/mythweb\.pl, /usr/share/wordpress-mu/wp-config\.php, /bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /srv/([^/]*/)?www(/.*)?, /var/www(/.*)?, /etc/htdig(/.*)?, /srv/gallery2(/.*)?, /var/lib/trac(/.*)?, /var/lib/htdig(/.*)?, /var/www/icons(/.*)
?, /usr/share/htdig(/.*)?, /usr/share/drupal.*, /var/www/svn/conf(/.*)?, /usr/share/icecast(/.*)?, /usr/share/mythweb(/.*)?, /var/lib/cacti/rra(/.*)?, /usr/share/ntop/html(/.*)?, /usr/share/mythtv/data(/.*)?, /usr/share/doc/ghc/html(/.*)?, /usr/share/openca/htdocs(/.*)?, /usr/share/selinux-policy[^/]*/html(/.*)?, /usr/.*\.cgi, /opt/.*\.cgi, /var/www/[^/]*/cgi-bin(/.*)?, /var/www/perl(/.*)?, /var/www/html/[^/]*/cgi-bin(/.*)?, /usr/lib/cgi-bin(/.*)?, /var/www/cgi-bin(/.*)?, /var/www/svn/hooks(/.*)?, /usr/share/wordpress/.*\.php, /usr/share/wordpress/wp-includes/.*\.php, /usr/share/mythtv/mythweather/scripts(/.*)?, /usr/share/mythweb/mythweb\.pl, /usr/share/wordpress-mu/wp-config\.php
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -37061,6 +37286,13 @@ index 0000000..6191d01
+.B setsebool -P httpd_sys_script_anon_write 1
+.EE
+
++.PP
++If you want to allow apache scripts to write to public content, directories/files must be labeled public_rw_content_t., you must turn on the httpd_sys_script_anon_write boolean.
++
++.EX
++.B setsebool -P httpd_sys_script_anon_write 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -37079,10 +37311,6 @@ index 0000000..6191d01
+
+- Set files with the httpd_sys_script_exec_t type, if you want to transition an executable to the httpd_sys_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/www/svn/hooks(/.*)?, /usr/share/mythweb/mythweb\.pl, /usr/share/wordpress/.*\.php, /usr/lib/cgi-bin(/.*)?, /opt/.*\.cgi, /var/www/perl(/.*)?, /usr/share/mythtv/mythweather/scripts(/.*)?, /usr/share/wordpress-mu/wp-config\.php, /usr/.*\.cgi, /var/www/html/[^/]*/cgi-bin(/.*)?, /var/www/[^/]*/cgi-bin(/.*)?, /var/www/cgi-bin(/.*)?, /usr/share/wordpress/wp-includes/.*\.php
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -37136,6 +37364,8 @@ index 0000000..6191d01
+.br
+ /usr/share/wordpress/wp-content/upgrade(/.*)?
+.br
++ /etc/owncloud/config\.php
++.br
+ /var/www/html/configuration\.php
+.br
+
@@ -37176,19 +37406,21 @@ index 0000000..6191d01
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_sys_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_sys_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_user_script_selinux.8 b/man/man8/httpd_user_script_selinux.8
new file mode 100644
-index 0000000..e0305ba
+index 0000000..26a1ad6
--- /dev/null
+++ b/man/man8/httpd_user_script_selinux.8
-@@ -0,0 +1,93 @@
-+.TH "httpd_user_script_selinux" "8" "httpd_user_script" "dwalsh at redhat.com" "httpd_user_script SELinux Policy documentation"
+@@ -0,0 +1,95 @@
++.TH "httpd_user_script_selinux" "8" "12-10-19" "httpd_user_script" "SELinux Policy documentation for httpd_user_script"
+.SH "NAME"
+httpd_user_script_selinux \- Security Enhanced Linux Policy for the httpd_user_script processes
+.SH "DESCRIPTION"
@@ -37204,9 +37436,9 @@ index 0000000..e0305ba
+
+.SH "ENTRYPOINTS"
+
-+The httpd_user_script_t SELinux type can be entered via the "httpd_user_script_exec_t,shell_exec_t,httpd_user_script_exec_t" file types. The default entrypoint paths for the httpd_user_script_t domain are the following:"
++The httpd_user_script_t SELinux type can be entered via the "shell_exec_t,httpd_user_script_exec_t,httpd_user_script_exec_t" file types. The default entrypoint paths for the httpd_user_script_t domain are the following:"
+
-+/usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh
++/bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /home/[^/]*/((www)|(web)|(public_html))/cgi-bin(/.+)?, /home/dwalsh/((www)|(web)|(public_html))/cgi-bin(/.+)?, /var/lib/xguest/home/xguest/((www)|(web)|(public_html))/cgi-bin(/.+)?, /home/[^/]*/((www)|(web)|(public_html))/cgi-bin(/.+)?, /home/dwalsh/((www)|(web)|(public_html))/cgi-bin(/.+)?, /var/lib/xguest/home/xguest/((www)|(web)|(public_html))/cgi-bin(/.+)?
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -37276,19 +37508,21 @@ index 0000000..e0305ba
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_user_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_user_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_w3c_validator_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_w3c_validator_script_selinux.8 b/man/man8/httpd_w3c_validator_script_selinux.8
new file mode 100644
-index 0000000..af2e597
+index 0000000..c83c1f7
--- /dev/null
+++ b/man/man8/httpd_w3c_validator_script_selinux.8
-@@ -0,0 +1,101 @@
-+.TH "httpd_w3c_validator_script_selinux" "8" "httpd_w3c_validator_script" "dwalsh at redhat.com" "httpd_w3c_validator_script SELinux Policy documentation"
+@@ -0,0 +1,99 @@
++.TH "httpd_w3c_validator_script_selinux" "8" "12-10-19" "httpd_w3c_validator_script" "SELinux Policy documentation for httpd_w3c_validator_script"
+.SH "NAME"
+httpd_w3c_validator_script_selinux \- Security Enhanced Linux Policy for the httpd_w3c_validator_script processes
+.SH "DESCRIPTION"
@@ -37306,7 +37540,7 @@ index 0000000..af2e597
+
+The httpd_w3c_validator_script_t SELinux type can be entered via the "shell_exec_t,httpd_w3c_validator_script_exec_t,httpd_w3c_validator_script_exec_t" file types. The default entrypoint paths for the httpd_w3c_validator_script_t domain are the following:"
+
-+/usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /usr/share/w3c-markup-validator/cgi-bin(/.*)?, /usr/lib/cgi-bin/check, /usr/share/w3c-markup-validator/cgi-bin(/.*)?, /usr/lib/cgi-bin/check
++/bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /usr/share/w3c-markup-validator/cgi-bin(/.*)?, /usr/lib/cgi-bin/check, /usr/share/w3c-markup-validator/cgi-bin(/.*)?, /usr/lib/cgi-bin/check
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -37343,10 +37577,6 @@ index 0000000..af2e597
+
+- Set files with the httpd_w3c_validator_script_exec_t type, if you want to transition an executable to the httpd_w3c_validator_script_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/w3c-markup-validator/cgi-bin(/.*)?, /usr/lib/cgi-bin/check
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -37384,19 +37614,21 @@ index 0000000..af2e597
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_w3c_validator_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_w3c_validator_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_zoneminder_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/httpd_zoneminder_script_selinux.8 b/man/man8/httpd_zoneminder_script_selinux.8
new file mode 100644
-index 0000000..2ca9e73
+index 0000000..3b71c6d
--- /dev/null
+++ b/man/man8/httpd_zoneminder_script_selinux.8
-@@ -0,0 +1,93 @@
-+.TH "httpd_zoneminder_script_selinux" "8" "httpd_zoneminder_script" "dwalsh at redhat.com" "httpd_zoneminder_script SELinux Policy documentation"
+@@ -0,0 +1,95 @@
++.TH "httpd_zoneminder_script_selinux" "8" "12-10-19" "httpd_zoneminder_script" "SELinux Policy documentation for httpd_zoneminder_script"
+.SH "NAME"
+httpd_zoneminder_script_selinux \- Security Enhanced Linux Policy for the httpd_zoneminder_script processes
+.SH "DESCRIPTION"
@@ -37412,9 +37644,9 @@ index 0000000..2ca9e73
+
+.SH "ENTRYPOINTS"
+
-+The httpd_zoneminder_script_t SELinux type can be entered via the "httpd_zoneminder_script_exec_t,shell_exec_t,httpd_zoneminder_script_exec_t" file types. The default entrypoint paths for the httpd_zoneminder_script_t domain are the following:"
++The httpd_zoneminder_script_t SELinux type can be entered via the "shell_exec_t,httpd_zoneminder_script_exec_t,httpd_zoneminder_script_exec_t" file types. The default entrypoint paths for the httpd_zoneminder_script_t domain are the following:"
+
-+/usr/libexec/zoneminder/cgi-bin(/.*)?, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /usr/libexec/zoneminder/cgi-bin(/.*)?
++/bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /usr/libexec/zoneminder/cgi-bin(/.*)?, /usr/libexec/zoneminder/cgi-bin(/.*)?
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -37484,19 +37716,21 @@ index 0000000..2ca9e73
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), httpd_zoneminder_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), httpd_zoneminder_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, httpd_selinux(8), httpd_selinux(8), httpd_apcupsd_cgi_script_selinux(8), httpd_awstats_script_selinux(8), httpd_bugzilla_script_selinux(8), httpd_cobbler_script_selinux(8), httpd_collectd_script_selinux(8), httpd_cvs_script_selinux(8), httpd_dirsrvadmin_script_selinux(8), httpd_dspam_script_selinux(8), httpd_git_script_selinux(8), httpd_helper_selinux(8), httpd_man2html_script_selinux(8), httpd_mediawiki_script_selinux(8), httpd_mojomojo_script_selinux(8), httpd_munin_script_selinux(8), httpd_nagios_script_selinux(8), httpd_nutups_cgi_script_selinux(8), httpd_openshift_script_selinux(8), httpd_passwd_selinux(8), httpd_php_selinux(8), httpd_prewikka_script_selinux(8), httpd_rotatelogs_selinux(8), httpd_smokeping_cgi_script_selinux(8), httpd_squid_script_selinux(8), httpd_suexec_selinux(8), httpd_sys_script_selinux(8), httpd_user_script_selinux(8), httpd_w3c_validator_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/hwclock_selinux.8 b/man/man8/hwclock_selinux.8
new file mode 100644
-index 0000000..4e90ad5
+index 0000000..652c75b
--- /dev/null
+++ b/man/man8/hwclock_selinux.8
-@@ -0,0 +1,112 @@
-+.TH "hwclock_selinux" "8" "hwclock" "dwalsh at redhat.com" "hwclock SELinux Policy documentation"
+@@ -0,0 +1,110 @@
++.TH "hwclock_selinux" "8" "12-10-19" "hwclock" "SELinux Policy documentation for hwclock"
+.SH "NAME"
+hwclock_selinux \- Security Enhanced Linux Policy for the hwclock processes
+.SH "DESCRIPTION"
@@ -37514,7 +37748,7 @@ index 0000000..4e90ad5
+
+The hwclock_t SELinux type can be entered via the "hwclock_exec_t" file type. The default entrypoint paths for the hwclock_t domain are the following:"
+
-+/usr/sbin/hwclock, /sbin/hwclock
++/sbin/hwclock, /usr/sbin/hwclock
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -37551,10 +37785,6 @@ index 0000000..4e90ad5
+
+- Set files with the hwclock_exec_t type, if you want to transition an executable to the hwclock_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/hwclock, /sbin/hwclock
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -37604,17 +37834,19 @@ index 0000000..4e90ad5
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), hwclock(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), hwclock(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/iceauth_selinux.8 b/man/man8/iceauth_selinux.8
new file mode 100644
-index 0000000..7d8e7b5
+index 0000000..539c45e
--- /dev/null
+++ b/man/man8/iceauth_selinux.8
-@@ -0,0 +1,124 @@
-+.TH "iceauth_selinux" "8" "iceauth" "dwalsh at redhat.com" "iceauth SELinux Policy documentation"
+@@ -0,0 +1,118 @@
++.TH "iceauth_selinux" "8" "12-10-19" "iceauth" "SELinux Policy documentation for iceauth"
+.SH "NAME"
+iceauth_selinux \- Security Enhanced Linux Policy for the iceauth processes
+.SH "DESCRIPTION"
@@ -37669,10 +37901,6 @@ index 0000000..7d8e7b5
+
+- Set files with the iceauth_exec_t type, if you want to transition an executable to the iceauth_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/iceauth, /usr/X11R6/bin/iceauth
+
+.EX
+.PP
@@ -37681,10 +37909,6 @@ index 0000000..7d8e7b5
+
+- Set files with the iceauth_home_t type, if you want to store iceauth files in the users home directory.
+
-+.br
-+.TP 5
-+Paths:
-+/root/\.DCOP.*, /root/\.ICEauthority.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -37734,17 +37958,19 @@ index 0000000..7d8e7b5
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), iceauth(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), iceauth(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/icecast_selinux.8 b/man/man8/icecast_selinux.8
new file mode 100644
-index 0000000..99b1a8a
+index 0000000..c9f4072
--- /dev/null
+++ b/man/man8/icecast_selinux.8
-@@ -0,0 +1,153 @@
-+.TH "icecast_selinux" "8" "icecast" "dwalsh at redhat.com" "icecast SELinux Policy documentation"
+@@ -0,0 +1,162 @@
++.TH "icecast_selinux" "8" "12-10-19" "icecast" "SELinux Policy documentation for icecast"
+.SH "NAME"
+icecast_selinux \- Security Enhanced Linux Policy for the icecast processes
+.SH "DESCRIPTION"
@@ -37792,6 +38018,13 @@ index 0000000..99b1a8a
+.B setsebool -P icecast_connect_any 1
+.EE
+
++.PP
++If you want to allow icecast to connect to all ports, not just sound ports, you must turn on the icecast_connect_any boolean.
++
++.EX
++.B setsebool -P icecast_connect_any 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -37892,19 +38125,21 @@ index 0000000..99b1a8a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), icecast(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), icecast(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/ifconfig_selinux.8 b/man/man8/ifconfig_selinux.8
new file mode 100644
-index 0000000..2d4fc17
+index 0000000..096c2ff
--- /dev/null
+++ b/man/man8/ifconfig_selinux.8
-@@ -0,0 +1,116 @@
-+.TH "ifconfig_selinux" "8" "ifconfig" "dwalsh at redhat.com" "ifconfig SELinux Policy documentation"
+@@ -0,0 +1,114 @@
++.TH "ifconfig_selinux" "8" "12-10-19" "ifconfig" "SELinux Policy documentation for ifconfig"
+.SH "NAME"
+ifconfig_selinux \- Security Enhanced Linux Policy for the ifconfig processes
+.SH "DESCRIPTION"
@@ -37922,7 +38157,7 @@ index 0000000..2d4fc17
+
+The ifconfig_t SELinux type can be entered via the "ifconfig_exec_t" file type. The default entrypoint paths for the ifconfig_t domain are the following:"
+
-+/usr/sbin/ipx_internal_net, /sbin/ipx_configure, /sbin/tc, /usr/sbin/ipx_configure, /usr/sbin/iwconfig, /usr/sbin/ipx_interface, /usr/sbin/mii-tool, /usr/sbin/ethtool, /usr/sbin/ifconfig, /sbin/ipx_interface, /bin/ip, /usr/bin/ip, /sbin/iwconfig, /usr/sbin/tc, /sbin/ifconfig, /sbin/mii-tool, /sbin/ethtool, /usr/sbin/ip, /sbin/ip, /sbin/ipx_internal_net
++/bin/ip, /sbin/ip, /sbin/tc, /usr/bin/ip, /usr/sbin/ip, /usr/sbin/tc, /sbin/ethtool, /sbin/ifconfig, /sbin/iwconfig, /sbin/mii-tool, /usr/sbin/ethtool, /usr/sbin/ifconfig, /usr/sbin/iwconfig, /usr/sbin/mii-tool, /sbin/ipx_configure, /sbin/ipx_interface, /sbin/ipx_internal_net, /usr/sbin/ipx_configure, /usr/sbin/ipx_interface, /usr/sbin/ipx_internal_net
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -37959,10 +38194,6 @@ index 0000000..2d4fc17
+
+- Set files with the ifconfig_exec_t type, if you want to transition an executable to the ifconfig_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/ipx_internal_net, /sbin/ipx_configure, /sbin/tc, /usr/sbin/ipx_configure, /usr/sbin/iwconfig, /usr/sbin/ipx_interface, /usr/sbin/mii-tool, /usr/sbin/ethtool, /usr/sbin/ifconfig, /sbin/ipx_interface, /bin/ip, /usr/bin/ip, /sbin/iwconfig, /usr/sbin/tc, /sbin/ifconfig, /sbin/mii-tool, /sbin/ethtool, /usr/sbin/ip, /sbin/ip, /sbin/ipx_internal_net
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -38016,17 +38247,19 @@ index 0000000..2d4fc17
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ifconfig(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ifconfig(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/inetd_child_selinux.8 b/man/man8/inetd_child_selinux.8
new file mode 100644
-index 0000000..023a91f
+index 0000000..23fc22d
--- /dev/null
+++ b/man/man8/inetd_child_selinux.8
-@@ -0,0 +1,159 @@
-+.TH "inetd_child_selinux" "8" "inetd_child" "dwalsh at redhat.com" "inetd_child SELinux Policy documentation"
+@@ -0,0 +1,157 @@
++.TH "inetd_child_selinux" "8" "12-10-19" "inetd_child" "SELinux Policy documentation for inetd_child"
+.SH "NAME"
+inetd_child_selinux \- Security Enhanced Linux Policy for the inetd_child processes
+.SH "DESCRIPTION"
@@ -38044,7 +38277,7 @@ index 0000000..023a91f
+
+The inetd_child_t SELinux type can be entered via the "inetd_child_exec_t" file type. The default entrypoint paths for the inetd_child_t domain are the following:"
+
-+/usr/sbin/identd, /usr/local/lib/pysieved/pysieved.*\.py, /usr/sbin/in\..*d
++/usr/sbin/in\..*d, /usr/local/lib/pysieved/pysieved.*\.py, /usr/sbin/identd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -38081,10 +38314,6 @@ index 0000000..023a91f
+
+- Set files with the inetd_child_exec_t type, if you want to transition an executable to the inetd_child_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/identd, /usr/local/lib/pysieved/pysieved.*\.py, /usr/sbin/in\..*d
+
+.EX
+.PP
@@ -38180,19 +38409,21 @@ index 0000000..023a91f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), inetd_child(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), inetd_child(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, inetd_selinux(8), inetd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/inetd_selinux.8 b/man/man8/inetd_selinux.8
new file mode 100644
-index 0000000..a6b61ac
+index 0000000..d535378
--- /dev/null
+++ b/man/man8/inetd_selinux.8
-@@ -0,0 +1,209 @@
-+.TH "inetd_selinux" "8" "inetd" "dwalsh at redhat.com" "inetd SELinux Policy documentation"
+@@ -0,0 +1,203 @@
++.TH "inetd_selinux" "8" "12-10-19" "inetd" "SELinux Policy documentation for inetd"
+.SH "NAME"
+inetd_selinux \- Security Enhanced Linux Policy for the inetd processes
+.SH "DESCRIPTION"
@@ -38247,10 +38478,6 @@ index 0000000..a6b61ac
+
+- Set files with the inetd_child_exec_t type, if you want to transition an executable to the inetd_child_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/identd, /usr/local/lib/pysieved/pysieved.*\.py, /usr/sbin/in\..*d
+
+.EX
+.PP
@@ -38275,10 +38502,6 @@ index 0000000..a6b61ac
+
+- Set files with the inetd_exec_t type, if you want to transition an executable to the inetd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/inetd, /usr/sbin/xinetd, /usr/sbin/rlinetd
+
+.EX
+.PP
@@ -38396,19 +38619,21 @@ index 0000000..a6b61ac
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), inetd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), inetd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, inetd_child_selinux(8)
\ No newline at end of file
diff --git a/man/man8/init_selinux.8 b/man/man8/init_selinux.8
new file mode 100644
-index 0000000..57563a1
+index 0000000..e47af9a
--- /dev/null
+++ b/man/man8/init_selinux.8
-@@ -0,0 +1,473 @@
-+.TH "init_selinux" "8" "init" "dwalsh at redhat.com" "init SELinux Policy documentation"
+@@ -0,0 +1,465 @@
++.TH "init_selinux" "8" "12-10-19" "init" "SELinux Policy documentation for init"
+.SH "NAME"
+init_selinux \- Security Enhanced Linux Policy for the init processes
+.SH "DESCRIPTION"
@@ -38426,7 +38651,7 @@ index 0000000..57563a1
+
+The init_t SELinux type can be entered via the "init_exec_t" file type. The default entrypoint paths for the init_t domain are the following:"
+
-+/usr/sbin/init(ng)?, /sbin/init(ng)?, /bin/systemd, /usr/lib/systemd/system-generators/[^/]*, /usr/bin/systemd, /sbin/upstart, /usr/sbin/upstart, /usr/lib/systemd/[^/]*
++/sbin/init(ng)?, /usr/sbin/init(ng)?, /usr/lib/systemd/[^/]*, /usr/lib/systemd/system-generators/[^/]*, /bin/systemd, /sbin/upstart, /usr/bin/systemd, /usr/sbin/upstart
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -38463,10 +38688,6 @@ index 0000000..57563a1
+
+- Set files with the init_exec_t type, if you want to transition an executable to the init_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/init(ng)?, /sbin/init(ng)?, /bin/systemd, /usr/lib/systemd/system-generators/[^/]*, /usr/bin/systemd, /sbin/upstart, /usr/sbin/upstart, /usr/lib/systemd/[^/]*
+
+.EX
+.PP
@@ -38507,10 +38728,6 @@ index 0000000..57563a1
+
+- Set files with the initrc_exec_t type, if you want to transition an executable to the initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/startx, /etc/rc\.d/rc, /usr/libexec/dcc/stop-.*, /etc/sysconfig/network-scripts/ifup-ipsec, /usr/lib/systemd/fedora[^/]*, /usr/sbin/start-dirsrv, /usr/sbin/restart-dirsrv, /usr/sbin/open_init_pty, /usr/sbin/ldap-agent, /etc/X11/prefdm, /etc/rc\.d/rc\.[^/]+, /etc/rc\.d/init\.d/.*, /usr/libexec/dcc/start-.*, /usr/share/system-config-services/system-config-services-mechanism\.py, /usr/sbin/apachectl, /etc/init\.d/.*, /usr/bin/sepg_ctl
+
+.EX
+.PP
@@ -38543,10 +38760,6 @@ index 0000000..57563a1
+
+- Set files with the initrc_var_run_t type, if you want to store the initrc files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/setmixer_flag, /var/run/runlevel\.dir, /var/run/random-seed, /var/run/utmp
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -38632,10 +38845,10 @@ index 0000000..57563a1
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -38656,8 +38869,6 @@ index 0000000..57563a1
+.br
+.B init_var_lib_t
+
-+ /var/lib/random-seed
-+.br
+
+.br
+.B init_var_run_t
@@ -38738,6 +38949,14 @@ index 0000000..57563a1
+.br
+
+.br
++.B random_seed_t
++
++ /var/lib/random-seed
++.br
++ /usr/var/lib/random-seed
++.br
++
++.br
+.B sysfs_t
+
+ /sys(/.*)?
@@ -38816,12 +39035,8 @@ index 0000000..57563a1
+.br
+ /var/log/syslog
+.br
-+ /var/log/boot\.log
-+.br
+ /var/named/chroot/var/log
+.br
-+ /var/spool/plymouth/boot\.log
-+.br
+
+.br
+.B var_run_t
@@ -38876,19 +39091,21 @@ index 0000000..57563a1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), init(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), init(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, initrc_selinux(8)
\ No newline at end of file
diff --git a/man/man8/initrc_selinux.8 b/man/man8/initrc_selinux.8
new file mode 100644
-index 0000000..a647e30
+index 0000000..3a33c44
--- /dev/null
+++ b/man/man8/initrc_selinux.8
-@@ -0,0 +1,827 @@
-+.TH "initrc_selinux" "8" "initrc" "dwalsh at redhat.com" "initrc SELinux Policy documentation"
+@@ -0,0 +1,817 @@
++.TH "initrc_selinux" "8" "12-10-19" "initrc" "SELinux Policy documentation for initrc"
+.SH "NAME"
+initrc_selinux \- Security Enhanced Linux Policy for the initrc processes
+.SH "DESCRIPTION"
@@ -38904,9 +39121,9 @@ index 0000000..a647e30
+
+.SH "ENTRYPOINTS"
+
-+The initrc_t SELinux type can be entered via the "puppetmaster_initrc_exec_t,collectd_initrc_exec_t,httpd_initrc_exec_t,kdump_initrc_exec_t,bin_t,dovecot_initrc_exec_t,zebra_initrc_exec_t,lldpad_initrc_exec_t,munin_initrc_exec_t,soundd_initrc_exec_t,uuidd_initrc_exec_t,postfix_initrc_exec_t,ctdbd_initrc_exec_t,glusterd_initrc_exec_t,saslauthd_initrc_exec_t,postgresql_initrc_exec_t,kerberos_initrc_exec_t,apcupsd_initrc_exec_t,cupsd_initrc_exec_t,ksmtuned_initrc_exec_t,tuned_initrc_exec_t,fsdaemon_initrc_exec_t,tgtd_initrc_exec_t,exim_initrc_exec_t,ajaxterm_initrc_exec_t,hddtemp_initrc_exec_t,tcsd_initrc_exec_t,rhsmcertd_initrc_exec_t,svnserve_initrc_exec_t,ftpd_initrc_exec_t,aisexec_initrc_exec_t,auditd_initrc_exec_t,shorewall_initrc_exec_t,wdmd_initrc_exec_t,likewise_initrc_exec_t,cfengine_initrc_exec_t,initrc_exec_t,postgrey_initrc_exec_t,avahi_initrc_exec_t,gpsd_initrc_exec_t,privoxy_initrc_exec_t,nagios_initrc_exec_t,shell_exec_t,cgred_initrc_exec_t,rgmanager_initrc_exec
_t,tor_initrc_exec_t,radvd_initrc_exec_t,abrt_initrc_exec_t,ipsec_initrc_exec_t,puppet_initrc_exec_t,named_initrc_exec_t,psad_initrc_exec_t,pppd_initrc_exec_t,canna_initrc_exec_t,squid_initrc_exec_t,firewalld_initrc_exec_t,cvs_initrc_exec_t,samba_initrc_exec_t,pacemaker_initrc_exec_t,afs_initrc_exec_t,amavis_initrc_exec_t,spamd_initrc_exec_t,nis_initrc_exec_t,arpwatch_initrc_exec_t,mpd_initrc_exec_t,callweaver_initrc_exec_t,pads_initrc_exec_t,qpidd_initrc_exec_t,smokeping_initrc_exec_t,bcfg2_initrc_exec_t,mscan_initrc_exec_t,rwho_initrc_exec_t,l2tpd_initrc_exec_t,portreserve_initrc_exec_t,icecast_initrc_exec_t,rpcd_initrc_exec_t,NetworkManager_initrc_exec_t,nslcd_initrc_exec_t,slpd_initrc_exec_t,jabberd_initrc_exec_t,memcached_initrc_exec_t,vhostmd_initrc_exec_t,certmaster_initrc_exec_t,mysqld_initrc_exec_t,crond_initrc_exec_t,fail2ban_initrc_exec_t,sssd_initrc_exec_t,zabbix_initrc_exec_t,sshd_initrc_exec_t,dspam_initrc_exec_t,asterisk_initrc_exec_t,setrans_initrc_exec_t,cor
osync_initrc_exec_t,cmirrord_initrc_exec_t,ypbind_initrc_exec_t,iptables_initrc_exec_t,clvmd_initrc_exec_t,dhcpc_helper_exec_t,prelude_initrc_exec_t,rpcbind_initrc_exec_t,sendmail_initrc_exec_t,dnsmasq_initrc_exec_t,cobblerd_initrc_exec_t,bitlbee_initrc_exec_t,sanlock_initrc_exec_t,slapd_initrc_exec_t,clamd_initrc_exec_t,syslogd_initrc_exec_t,ulogd_initrc_exec_t,glance_api_initrc_exec_t,ntop_initrc_exec_t,ntpd_initrc_exec_t,polipo_initrc_exec_t,nscd_initrc_exec_t,openvpn_initrc_exec_t,bluetooth_initrc_exec_t,chronyd_initrc_exec_t,boinc_initrc_exec_t,nfsd_initrc_exec_t,denyhosts_initrc_exec_t,cgconfig_initrc_exec_t,mongod_initrc_exec_t,automount_initrc_exec_t,roundup_initrc_exec_t,zoneminder_initrc_exec_t,certmonger_initrc_exec_t,ddclient_initrc_exec_t,dictd_initrc_exec_t,snort_initrc_exec_t,ricci_initrc_exec_t,snmpd_initrc_exec_t,innd_initrc_exec_t,pingd_initrc_exec_t,iwhd_initrc_exec_t,radiusd_initrc_exec_t,aiccu_initrc_exec_t,dhcpd_initrc_exec_t,lircd_initrc_exec_t,mysqlma
nagerd_initrc_exec_t,cyrus_initrc_exec_t,varnishd_initrc_exec_t,virtd_initrc_exec_t,varnishlog_initrc_exec_t,zabbix_agent_initrc_exec_t,piranha_pulse_initrc_exec_t,glance_registry_initrc_exec_t" file types. The default entrypoint paths for the initrc_t domain are the following:"
++The initrc_t SELinux type can be entered via the "callweaver_initrc_exec_t,pads_initrc_exec_t,qpidd_initrc_exec_t,smokeping_initrc_exec_t,bcfg2_initrc_exec_t,mscan_initrc_exec_t,isnsd_initrc_exec_t,rwho_initrc_exec_t,l2tpd_initrc_exec_t,portreserve_initrc_exec_t,NetworkManager_initrc_exec_t,icecast_initrc_exec_t,rpcd_initrc_exec_t,nslcd_initrc_exec_t,jabberd_initrc_exec_t,slpd_initrc_exec_t,vhostmd_initrc_exec_t,certmaster_initrc_exec_t,memcached_initrc_exec_t,mysqld_initrc_exec_t,crond_initrc_exec_t,fail2ban_initrc_exec_t,sssd_initrc_exec_t,zabbix_initrc_exec_t,asterisk_initrc_exec_t,sshd_initrc_exec_t,dspam_initrc_exec_t,corosync_initrc_exec_t,ypbind_initrc_exec_t,clvmd_initrc_exec_t,setrans_initrc_exec_t,cmirrord_initrc_exec_t,rngd_initrc_exec_t,dhcpc_helper_exec_t,iptables_initrc_exec_t,prelude_initrc_exec_t,rpcbind_initrc_exec_t,sendmail_initrc_exec_t,dnsmasq_initrc_exec_t,cobblerd_initrc_exec_t,bitlbee_initrc_exec_t,sanlock_initrc_exec_t,slapd_initrc_exec_t,clamd_init
rc_exec_t,glance_api_initrc_exec_t,syslogd_initrc_exec_t,ulogd_initrc_exec_t,ntop_initrc_exec_t,ntpd_initrc_exec_t,nscd_initrc_exec_t,polipo_initrc_exec_t,bluetooth_initrc_exec_t,chronyd_initrc_exec_t,openvpn_initrc_exec_t,boinc_initrc_exec_t,nfsd_initrc_exec_t,denyhosts_initrc_exec_t,cgconfig_initrc_exec_t,mongod_initrc_exec_t,automount_initrc_exec_t,ddclient_initrc_exec_t,roundup_initrc_exec_t,dictd_initrc_exec_t,ricci_initrc_exec_t,zoneminder_initrc_exec_t,certmonger_initrc_exec_t,innd_initrc_exec_t,pingd_initrc_exec_t,snort_initrc_exec_t,snmpd_initrc_exec_t,iwhd_initrc_exec_t,radiusd_initrc_exec_t,dhcpd_initrc_exec_t,lircd_initrc_exec_t,cyrus_initrc_exec_t,varnishd_initrc_exec_t,virtd_initrc_exec_t,aiccu_initrc_exec_t,mysqlmanagerd_initrc_exec_t,zabbix_agent_initrc_exec_t,varnishlog_initrc_exec_t,piranha_pulse_initrc_exec_t,glance_registry_initrc_exec_t,collectd_initrc_exec_t,puppetmaster_initrc_exec_t,httpd_initrc_exec_t,kdump_initrc_exec_t,dovecot_initrc_exec_t,zebra_i
nitrc_exec_t,lldpad_initrc_exec_t,bin_t,munin_initrc_exec_t,soundd_initrc_exec_t,uuidd_initrc_exec_t,postfix_initrc_exec_t,ctdbd_initrc_exec_t,glusterd_initrc_exec_t,saslauthd_initrc_exec_t,postgresql_initrc_exec_t,kerberos_initrc_exec_t,apcupsd_initrc_exec_t,cupsd_initrc_exec_t,ksmtuned_initrc_exec_t,tuned_initrc_exec_t,fsdaemon_initrc_exec_t,exim_initrc_exec_t,tgtd_initrc_exec_t,ajaxterm_initrc_exec_t,hddtemp_initrc_exec_t,tcsd_initrc_exec_t,rhsmcertd_initrc_exec_t,svnserve_initrc_exec_t,ftpd_initrc_exec_t,shorewall_initrc_exec_t,aisexec_initrc_exec_t,auditd_initrc_exec_t,likewise_initrc_exec_t,cfengine_initrc_exec_t,wdmd_initrc_exec_t,initrc_exec_t,postgrey_initrc_exec_t,avahi_initrc_exec_t,gpsd_initrc_exec_t,privoxy_initrc_exec_t,nagios_initrc_exec_t,shell_exec_t,cgred_initrc_exec_t,rgmanager_initrc_exec_t,tor_initrc_exec_t,radvd_initrc_exec_t,abrt_initrc_exec_t,ipsec_initrc_exec_t,puppet_initrc_exec_t,named_initrc_exec_t,psad_initrc_exec_t,squid_initrc_exec_t,cvs_initrc
_exec_t,pppd_initrc_exec_t,canna_initrc_exec_t,firewalld_initrc_exec_t,afs_initrc_exec_t,samba_initrc_exec_t,spamd_initrc_exec_t,pacemaker_initrc_exec_t,nis_initrc_exec_t,amavis_initrc_exec_t,mpd_initrc_exec_t,arpwatch_initrc_exec_t" file types. The default entrypoint paths for the initrc_t domain are the following:"
+
-+/etc/rc\.d/init\.d/puppetmaster, /etc/rc\.d/init\.d/collectd, /etc/init\.d/cherokee, /etc/rc\.d/init\.d/httpd, /etc/rc\.d/init\.d/lighttpd, /etc/rc\.d/init\.d/kdump, /etc/ppp/ip-up\..*, /usr/lib/vmware-tools/(s)?bin32(/.*)?, /usr/lib/virtualbox/VBoxManage, /usr/lib/.*/scripts(/.*)?, /etc/ppp/ip-down\..*, /usr/share/system-config-netboot/system-config-netboot\.py, /usr/share/shorewall-perl(/.*)?, /usr/Brother(/.*)?, /usr/share/doc/ghc/html/libraries/gen_contents_index, /usr/lib/mailman.*/mail(/.*)?, /usr/lib/[^/]*thunderbird[^/]*/open-browser\.sh, /usr/share/cluster/ocf-shellfuncs, /bin, /usr/lib/.*/program(/.*)?, /usr/lib/security/pam_krb5/pam_krb5_storetmp, /usr/share/apr-0/build/libtool, /usr/lib/pm-utils(/.*)?, /etc/sysconfig/network-scripts/net.*, /usr/share/system-config-language/system-config-language, /usr/lib/vte/gnome-pty-helper, /etc/lxdm/Pre.*, /usr/lib/xulrunner[^/]*/crashreporter, /usr/lib/nagios/plugins(/.*)?, /usr/share/PackageKit/helpers(/.*)?, /usr/share/e1
6/misc(/.*)?, /usr/lib/fence(/.*)?, /etc/sysconfig/network-scripts/init.*, /usr/lib/xulrunner[^/]*/updater, /etc/mcelog/cache-error-trigger, /usr/share/system-config-mouse/system-config-mouse, /usr/share/system-config-netboot/pxeos\.py, /usr/share/cluster/.*\.sh, /usr/lib/udev/devices/MAKEDEV, /usr/lib/nfs-utils/scripts(/.*)?, /usr/share/mc/extfs/.*, /emul/ia32-linux/usr(/.*)?/sbin(/.*)?, /var/qmail/rc, /var/mailman.*/bin(/.*)?, /usr/share/system-config-nfs/system-config-nfs\.py, /sbin, /usr/share/texmf/web2c/mktexupd, /usr/lib/readahead(/.*)?, /usr/lib/gimp/.*/plug-ins(/.*)?, /usr/lib/xen/bin(/.*)?, /usr/share/Modules/init(/.*)?, /var/qmail/bin, /opt/google/talkplugin(/.*)?, /etc/profile.d(/.*)?, /usr/share/hwbrowser/hwbrowser, /usr/share/dayplanner/dayplanner, /usr/lib/nspluginwrapper/np.*, /usr/share/printconf/util/print\.py, /usr/lib/[^/]*/run-mozilla\.sh, /usr/linuxprinter/filters(/.*)?, /usr/share/system-config-network/neat-control\.py, /usr/lib/[^/]*/mozilla-xremote-c
lient, /usr/share/hal/scripts(/.*)?, /usr/lib/[^/]*thunderbird[^/]*/thunderbird, /usr/share/system-config-selinux/polgen\.py, /usr/lib(.*/)?sbin(/.*)?, /lib/udev/devices/MAKEDEV, /etc/vmware-tools(/.*)?, /etc/PackageKit/events(/.*)?, /usr/share/denyhosts/plugins(/.*)?, /usr/share/sectool/.*\.py, /etc/pki/tls/certs/make-dummy-cert, /usr/lib/rpm/rpmd, /usr/lib/tuned/.*/.*\.sh, /usr/share/cluster/svclib_nfslock, /usr/libexec(/.*)?, /usr/share/system-config-nfs/nfs-export\.py, /usr/share/apr-0/build/[^/]+\.sh, /opt/OpenPrinting-Gutenprint/cups/lib/filter(/.*)?, /bin/mountpoint, /usr/share/rhn/rhn_applet/needed-packages\.py, /lib/security/pam_krb5(/.*)?, /emul/ia32-linux/usr/libexec(/.*)?, /usr/lib/rpm/rpmk, /etc/apcupsd/commok, /usr/lib/oracle/xe/apps(/.*)?, /usr/share/clamav/freshclam-sleep, /usr/lib/mediawiki/math/texvc.*, /etc/ConsoleKit/run-seat\.d(/.*)?, /usr/lib/xfce4(/.*)?, /usr/share/system-config-services/system-config-services, /opt/(.*/)?libexec(/.*)?, /emul/ia32-linu
x/usr(/.*)?/Bin(/.*)?, /usr/lib/debug/sbin(/.*)?, /etc/sysconfig/libvirtd, /etc/cron.weekly(/.*)?, /usr/lib/ccache/bin(/.*)?, /sbin/.*, /var/lib/asterisk/agi-bin(/.*)?, /usr/lib/[^/]*thunderbird[^/]*/thunderbird-bin, /usr/lib/yp/.+, /usr/share/wicd/daemon(/.*)?, /etc/ppp/ipv6-up\..*, /etc/acpi/actions(/.*)?, /etc/sysconfig/network-scripts/ifdown.*, /usr/share/cluster/SAPDatabase, /usr/share/system-config-soundcard/system-config-soundcard, /usr/lib/udev/scsi_id, /etc/pm/power\.d(/.*)?, /usr/share/system-config-services/gui\.py, /etc/lxdm/Xsession, /usr/lib/cyrus-imapd/.*, /usr/sbin/insmod_ksymoops_clean, /etc/cipe/ip-down.*, /usr/share/PackageKit/pk-upgrade-distro\.sh, /usr/share/shorewall/compiler\.pl, /usr/share/pydict/pydict\.py, /dev/MAKEDEV, /usr/share/shorewall-shell(/.*)?, /emul/ia32-linux/bin(/.*)?, /root/bin(/.*)?, /usr/lib/xfce4/session/balou-export-theme, /usr/share/system-config-selinux/system-config-selinux\.py, /etc/ppp/ipv6-down\..*, /usr/share/pwlib/make/ptlib
-config, /usr/lib/ConsoleKit/scripts(/.*)?, /opt/(.*/)?bin(/.*)?, /etc/init\.d/functions, /lib/readahead(/.*)?, /etc/apcupsd/apccontrol, /usr/share/system-config-samba/system-config-samba\.py, /usr/lib/misc/sftp-server, /etc/apcupsd/onbattery, /usr/lib/qt.*/bin(/.*)?, /usr/share/cvs/contrib/rcs2log, /usr/lib/debug/usr/sbin(/.*)?, /usr/share/system-config-keyboard/system-config-keyboard, /usr/share/fedora-usermgmt/wrapper, /usr/lib/thunderbird.*/mozilla-xremote-client, /usr/share/ssl/misc(/.*)?, /etc/apcupsd/changeme, /etc/apcupsd/offbattery, /etc/apcupsd/commfailure, /etc/sysconfig/readonly-root, /etc/cron.monthly(/.*)?, /var/ftp/bin(/.*)?, /usr/lib/xfce4/xfwm4/helper-dialog, /usr/lib/iscan/network, /usr/share/shorewall-lite(/.*)?, /usr/Printer(/.*)?, /usr/share/authconfig/authconfig-gtk\.py, /usr/share/system-config-rootpassword/system-config-rootpassword, /usr/lib/news/bin(/.*)?, /usr/share/system-config-lvm/system-config-lvm\.py, /usr/share/system-config-netboot/pxeboot\.
py, /etc/auto\.[^/]*, /usr/Brother/(.*/)?inf/brprintconf.*, /etc/apcupsd/masterconnect, /etc/avahi/.*\.action, /usr/lib/netsaint/plugins(/.*)?, /usr/share/authconfig/authconfig-tui\.py, /usr/share/system-config-securitylevel/system-config-securitylevel\.py, /usr/lib/xfce4/exo-1/exo-helper-1, /usr/lib/dracut(/.*)?, /usr/share/kde4/apps/kajongg/kajongg.py, /usr/share/hal/device-manager/hal-device-manager, /usr/share/selinux/devel/policygentool, /etc/mail/make, /usr/lib/debug/usr/libexec(/.*)?, /opt/gutenprint/cups/lib/filter(/.*)?, /usr/libexec/openssh/sftp-server, /usr/lib/ruby/gems/.*/agents(/.*)?, /usr/lib/bluetooth(/.*)?, /usr/lib/chromium-browser(/.*)?, /etc/sysconfig/init, /usr/share/system-logviewer/system-logviewer\.py, /emul/ia32-linux/usr(/.*)?/bin(/.*)?, /usr/lib/wicd/monitor\.py, /etc/pki/tls/misc(/.*)?, /etc/cron.hourly(/.*)?, /etc/xen/qemu-ifup, /usr/share/system-config-services/serviceconf\.py, /usr/share/tucan.*/tucan.py, /usr/lib/portage/bin(/.*)?, /etc/lxdm/L
oginReady, /etc/mcelog/triggers(/.*)?, /usr/share/texmf/web2c/mktexnam, /etc/gdm/XKeepsCrashing[^/]*, /usr/lib/apt/methods.+, /etc/rc\.d/init\.d/functions, /usr/lib/xfce4/exo-1/exo-compose-mail-1, /etc/kde/shutdown(/.*)?, /usr/lib/cups(/.*)?, /usr/share/gedit-2/plugins/externaltools/tools(/.*)?, /usr/share/gnucash/finance-quote-helper, /etc/cron.daily(/.*)?, /usr/share/gitolite/hooks/gitolite-admin/post-update, /usr/lib/rpm/rpmv, /etc/ConsoleKit/run-session\.d(/.*)?, /etc/munin/plugins(/.*)?, /usr/share/clamav/clamd-gen, /etc/lxdm/Post.*, /usr/lib/xulrunner[^/]*/xulrunner[^/]*, /etc/hotplug/.*agent, /usr/lib/emacsen-common/.*, /usr/lib/jvm/java(.*/)bin(/.*), /etc/sysconfig/network-scripts/ifup.*, /usr/lib/xfce4/xfconf/xfconfd, /usr/lib/MailScanner(/.*)?, /usr/share/vhostmd/scripts(/.*)?, /usr/share/ajaxterm/qweb.py.*, /usr/share/switchdesk/switchdesk-gui\.py, /usr/lib/ipsec/.*, /usr/share/turboprint/lib(/.*)?, /usr/sbin/mkfs\.cramfs, /var/qmail/bin(/.*)?, /etc/sysconfig/cron
d, /usr/share/hplip/[^/]*, /lib/security/pam_krb5/pam_krb5_storetmp, /usr/share/debconf/.+, /usr/share/shorewall/configpath, /usr/bin/pingus.*, /etc/hotplug/hotplug\.functions, /usr/lib/mailman.*/bin(/.*)?, /usr/share/texmf/web2c/mktexdir, /usr/share/gnucash/finance-quote-check, /etc/redhat-lsb(/.*)?, /usr/X11R6/lib/X11/xkb/xkbcomp, /etc/gdm/[^/]+, /opt/google/chrome(/.*)?, /usr/lib/tumbler-[^/]*/tumblerd, /usr/lib/dpkg/.+, /usr/share/sandbox/sandboxX.sh, /etc/cipe/ip-up.*, /usr/lib/udev/[^/]*, /usr/bin/mountpoint, /lib/udev/scsi_id, /bin/.*, /emul/ia32-linux/sbin(/.*)?, /var/lib/iscan/interpreter, /etc/dhcp/dhclient\.d(/.*)?, /etc/racoon/scripts(/.*)?, /opt/(.*/)?sbin(/.*)?, /usr/share/shorewall6-lite(/.*)?, /usr/share/spamassassin/sa-update\.cron, /usr/share/rhn/rhn_applet/applet\.py, /etc/X11/xdm/TakeConsole, /usr/(.*/)?sbin(/.*)?, /etc/X11/xinit(/.*)?, /usr/share/shorewall/getparams, /usr/share/cluster/checkquorum, /etc/X11/xdm/GiveConsole, /usr/lib/xfce4/session/xfsm-sh
utdown-helper, /lib/upstart(/.*)?, /etc/pm/sleep\.d(/.*)?, /etc/gdm/[^/]+/.*, /usr/share/system-config-httpd/system-config-httpd, /usr/lib/upstart(/.*)?, /usr/lib/pgsql/test/regress/.*\.sh, /usr/share/system-config-users/system-config-users, /etc/mgetty\+sendfax/new_fax, /usr/lib/debug/bin(/.*)?, /usr/lib/debug/usr/bin(/.*)?, /etc/hotplug/.*rc, /usr/lib/courier(/.*)?, /etc/X11/xdm/Xsetup_0, /etc/netplug\.d(/.*)?, /usr/Brother/(.*/)?inf/setup.*, /usr/lib/xfce4/session/balou-install-theme, /usr/(.*/)?bin(/.*)?, /usr/(.*/)?Bin(/.*)?, /etc/xen/scripts(/.*)?, /usr/share/smolt/client(/.*)?, /usr/bin, /etc/sysconfig/netconsole, /usr/share/system-config-network(/netconfig)?/[^/]+\.py, /usr/lib/xfce4/panel/migrate, /usr/share/ajaxterm/ajaxterm.py.*, /sbin/mkfs\.cramfs, /usr/share/authconfig/authconfig\.py, /usr/share/system-config-date/system-config-date\.py, /usr/share/virtualbox/.*\.sh, /etc/apcupsd/mastertimeout, /usr/lib/ruby/gems(/.*)?/helper-scripts(/.*)?, /usr/share/texmf/texc
onfig/tcfmgr, /etc/kde/env(/.*)?, /usr/lib/rpm/rpmq, /sbin/insmod_ksymoops_clean, /usr/lib/xfce4/panel/wrapper, /usr/share/system-config-printer/applet\.py, /etc/hotplug\.d/default/default.*, /usr/lib(.*/)?bin(/.*)?, /usr/share/gitolite/hooks/common/update, /usr/lib/ConsoleKit/run-session\.d(/.*)?, /usr/lib/sftp-server, /usr/share/system-config-display/system-config-display, /lib/udev/[^/]*, /usr/share/cluster/fence_scsi_check\.pl, /usr/share/denyhosts/scripts(/.*)?, /usr/share/createrepo(/.*)?, /usr/lib/yaboot/addnote, /usr/lib/vmware-tools/(s)?bin64(/.*)?, /usr/share/cluster/SAPInstance, /etc/rc\.d/init\.d/dovecot, /etc/rc\.d/init\.d/ripd, /etc/rc\.d/init\.d/ripngd, /etc/rc\.d/init\.d/zebra, /etc/rc\.d/init\.d/bgpd, /etc/rc\.d/init\.d/ospf6d, /etc/rc\.d/init\.d/ospfd, /etc/rc\.d/init\.d/lldpad, /etc/rc\.d/init\.d/munin-node, /etc/rc\.d/init\.d/nasd, /etc/rc\.d/init\.d/uuidd, /etc/rc\.d/init\.d/postfix, /etc/rc\.d/init\.d/ctdb, /usr/sbin/glusterd, /etc/rc\.d/init\.d/gluster
d, /etc/rc\.d/init\.d/sasl, /etc/rc\.d/init\.d/(se)?postgresql, /etc/rc\.d/init\.d/krb5kdc, /etc/rc\.d/init\.d/kprop, /etc/rc\.d/init\.d/kadmind, /etc/rc\.d/init\.d/krb524d, /etc/rc\.d/init\.d/apcupsd, /etc/rc\.d/init\.d/cups, /etc/rc\.d/init\.d/ksmtuned, /etc/rc\.d/init\.d/tuned, /etc/rc\.d/init\.d/smartd, /etc/rc\.d/init\.d/tgtd, /etc/rc\.d/init\.d/exim, /etc/rc\.d/init\.d/ajaxterm, /etc/rc\.d/init\.d/hddtemp, /etc/rc\.d/init\.d/tcsd, /etc/rc\.d/init\.d/rhsmcertd, /etc/rc.d/init.d/svnserve, /etc/rc\.d/init\.d/proftpd, /etc/rc\.d/init\.d/vsftpd, /etc/rc\.d/init\.d/openais, /etc/rc\.d/init\.d/auditd, /etc/rc\.d/init\.d/shorewall, /etc/rc\.d/init\.d/shorewall-lite, /etc/rc\.d/init\.d/wdmd, /etc/rc\.d/init\.d/eventlogd, /etc/rc\.d/init\.d/dcerpcd, /etc/rc\.d/init\.d/lwregd, /etc/rc\.d/init\.d/lwiod, /etc/rc\.d/init\.d/lsassd, /etc/rc\.d/init\.d/netlogond, /etc/rc\.d/init\.d/srvsvcd, /etc/rc\.d/init\.d/lwsmd, /etc/rc\.d/init\.d/cf-serverd, /etc/rc\.d/init\.d/cf-execd, /etc/rc\.
d/init\.d/cf-monitord, /usr/sbin/startx, /etc/rc\.d/rc, /usr/libexec/dcc/stop-.*, /etc/sysconfig/network-scripts/ifup-ipsec, /usr/lib/systemd/fedora[^/]*, /usr/sbin/start-dirsrv, /usr/sbin/restart-dirsrv, /usr/sbin/open_init_pty, /usr/sbin/ldap-agent, /etc/X11/prefdm, /etc/rc\.d/rc\.[^/]+, /etc/rc\.d/init\.d/.*, /usr/libexec/dcc/start-.*, /usr/share/system-config-services/system-config-services-mechanism\.py, /usr/sbin/apachectl, /etc/init\.d/.*, /usr/bin/sepg_ctl, /etc/rc\.d/init\.d/postgrey, /etc/rc\.d/init\.d/avahi.*, /etc/rc\.d/init\.d/gpsd, /etc/rc\.d/init\.d/privoxy, /etc/rc\.d/init\.d/nagios, /etc/rc\.d/init\.d/nrpe, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin
/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /etc/rc\.d/init\.d/cgred, /etc/rc\.d/init\.d/rgmanager, /etc/rc\.d/init\.d/cpglockd, /etc/rc\.d/init\.d/heartbeat, /etc/rc\.d/init\.d/tor, /etc/rc\.d/init\.d/radvd, /etc/rc\.d/init\.d/abrt, /etc/rc\.d/init\.d/racoon, /etc/rc\.d/init\.d/ipsec, /etc/rc\.d/init\.d/puppet, /etc/rc\.d/init\.d/named, /etc/rc\.d/init\.d/unbound, /etc/rc\.d/init\.d/psad, /etc/rc\.d/init\.d/ppp, /etc/ppp/(auth|ip(v6|x)?)-(up|down), /etc/rc\.d/init\.d/canna, /etc/rc\.d/init\.d/squid, /etc/rc\.d/init\.d/firewalld, /etc/rc\.d/init\.d/nmb, /etc/rc\.d/init\.d/smb, /etc/rc\.d/init\.d/winbind, /etc/rc\.d/init\.d/pacemaker, /etc/rc\.d/init\.d/afs, /etc/rc\.d/init\.d/openafs-client, /etc/rc\.d/init\.d/amavis, /etc/rc\.d/init\.d/amavisd-snmp, /etc/rc\.d/init\.d/spampd, /etc/rc\.d/init\.d/pyzord, /etc/rc\.d/init\.d/spamd, /etc/rc\.d/init\.d/mimedefang.*, /etc/rc\.d/init\.d/ypserv, /etc/rc\.d/init\.d/y
pxfrd, /etc/rc\.d/init\.d/yppasswd, /etc/rc\.d/init\.d/arpwatch, /etc/rc\.d/init\.d/mpd, /etc/rc\.d/init\.d/callweaver, /etc/rc\.d/init\.d/pads, /etc/rc\.d/init\.d/qpidd, /etc/rc\.d/init\.d/smokeping, /etc/rc\.d/init\.d/bcfg2, /etc/rc\.d/init\.d/MailScanner, /etc/rc\.d/init\.d/rwhod, /etc/rc\.d/init\.d/xl2tpd, /etc/rc\.d/init\.d/prol2tpd, /etc/rc\.d/init\.d/openl2tpd, /etc/rc\.d/init\.d/portreserve, /etc/rc\.d/init\.d/icecast, /etc/rc\.d/init\.d/nfslock, /etc/rc\.d/init\.d/rpcidmapd, /etc/rc\.d/init\.d/wicd, /etc/NetworkManager/dispatcher\.d(/.*)?, /usr/libexec/nm-dispatcher.action, /etc/rc\.d/init\.d/nslcd, /etc/rc\.d/init\.d/slpd, /etc/rc\.d/init\.d/jabberd, /etc/rc\.d/init\.d/memcached, /etc/rc.d/init.d/vhostmd, /etc/rc\.d/init\.d/certmaster, /etc/rc\.d/init\.d/mysqld, /etc/rc\.d/init\.d/atd, /etc/rc\.d/init\.d/fail2ban, /etc/rc\.d/init\.d/sssd, /etc/rc\.d/init\.d/zabbix-server, /etc/rc\.d/init\.d/zabbix, /etc/rc\.d/init\.d/sshd, /etc/rc\.d/init\.d/dspam, /etc/rc\.d/init\
.d/asterisk, /etc/rc\.d/init\.d/mcstrans, /etc/rc\.d/init\.d/corosync, /etc/rc\.d/init\.d/cmirrord, /etc/rc\.d/init\.d/ypbind, /etc/rc\.d/init\.d/ebtables, /etc/rc\.d/init\.d/ip6?tables, /etc/firestarter/firestarter\.sh, /etc/rc\.d/init\.d/prelude-correlator, /etc/rc\.d/init\.d/prelude-manager, /etc/rc\.d/init\.d/prelude-lml, /etc/rc\.d/init\.d/rpcbind, /etc/rc\.d/init\.d/sendmail, /etc/rc\.d/init\.d/dnsmasq, /etc/rc\.d/init\.d/cobblerd, /etc/rc\.d/init\.d/bitlbee, /etc/rc\.d/init\.d/sanlock, /etc/rc\.d/init\.d/slapd, /etc/rc\.d/init\.d/clamd-wrapper, /etc/rc\.d/init\.d/rsyslog, /etc/rc\.d/init\.d/ulogd, /etc/rc\.d/init\.d/openstack-glance-api, /etc/rc\.d/init\.d/ntpd, /etc/rc\.d/init\.d/polipo, /etc/rc\.d/init\.d/nscd, /etc/rc\.d/init\.d/openvpn, /etc/rc\.d/init\.d/dund, /etc/rc\.d/init\.d/bluetooth, /etc/rc\.d/init\.d/pand, /etc/rc\.d/init\.d/chronyd, /etc/rc\.d/init\.d/boinc-client, /etc/rc\.d/init\.d/nfs, /etc/rc\.d/init\.d/denyhosts, /etc/rc\.d/init\.d/cgconfig, /etc/rc
\.d/init\.d/mongod, /etc/rc\.d/init\.d/autofs, /etc/rc\.d/init\.d/roundup, /etc/rc\.d/init\.d/motion, /etc/rc\.d/init\.d/zoneminder, /etc/rc\.d/init\.d/certmonger, /etc/rc\.d/init\.d/ddclient, /etc/rc\.d/init\.d/dictd, /etc/rc\.d/init\.d/snortd, /etc/rc\.d/init\.d/ricci, /etc/rc\.d/init\.d/snmpd, /etc/rc\.d/init\.d/snmptrapd, /etc/rc\.d/init\.d/innd, /etc/rc\.d/init\.d/whatsup-pingd, /etc/rc\.d/init\.d/iwhd, /etc/rc\.d/init\.d/radiusd, /etc/rc\.d/init\.d/aiccu, /etc/rc\.d/init\.d/dhcpd(6)?, /etc/rc\.d/init\.d/lirc, /etc/rc\.d/init\.d/mysqlmanager, /etc/rc\.d/init\.d/cyrus, /etc/rc\.d/init\.d/varnish, /etc/rc\.d/init\.d/libvirtd, /etc/rc\.d/init\.d/varnishlog, /etc/rc\.d/init\.d/varnishncsa, /etc/rc\.d/init\.d/zabbix-agentd, /etc/rc\.d/init\.d/pulse, /etc/rc\.d/init\.d/openstack-glance-registry
++/etc/rc\.d/init\.d/callweaver, /etc/rc\.d/init\.d/pads, /etc/rc\.d/init\.d/qpidd, /etc/rc\.d/init\.d/smokeping, /etc/rc\.d/init\.d/bcfg2, /etc/rc\.d/init\.d/MailScanner, /etc/rc\.d/init\.d/isnsd, /etc/rc\.d/init\.d/rwhod, /etc/rc\.d/init\.d/xl2tpd, /etc/rc\.d/init\.d/prol2tpd, /etc/rc\.d/init\.d/openl2tpd, /etc/rc\.d/init\.d/portreserve, /usr/libexec/nm-dispatcher.action, /etc/NetworkManager/dispatcher\.d(/.*)?, /etc/rc\.d/init\.d/wicd, /etc/rc\.d/init\.d/icecast, /etc/rc\.d/init\.d/nfslock, /etc/rc\.d/init\.d/rpcidmapd, /etc/rc\.d/init\.d/nslcd, /etc/rc\.d/init\.d/jabberd, /etc/rc\.d/init\.d/slpd, /etc/rc.d/init.d/vhostmd, /etc/rc\.d/init\.d/certmaster, /etc/rc\.d/init\.d/memcached, /etc/rc\.d/init\.d/mysqld, /etc/rc\.d/init\.d/atd, /etc/rc\.d/init\.d/fail2ban, /etc/rc\.d/init\.d/sssd, /etc/rc\.d/init\.d/zabbix, /etc/rc\.d/init\.d/zabbix-server, /etc/rc\.d/init\.d/asterisk, /etc/rc\.d/init\.d/sshd, /etc/rc\.d/init\.d/dspam, /etc/rc\.d/init\.d/corosync, /etc/rc\.d/init\.d/y
pbind, /etc/rc\.d/init\.d/mcstrans, /etc/rc\.d/init\.d/cmirrord, /etc/rc\.d/init\.d/rngd, /etc/firestarter/firestarter\.sh, /etc/rc\.d/init\.d/ip6?tables, /etc/rc\.d/init\.d/ebtables, /etc/rc\.d/init\.d/prelude-lml, /etc/rc\.d/init\.d/prelude-manager, /etc/rc\.d/init\.d/prelude-correlator, /etc/rc\.d/init\.d/rpcbind, /etc/rc\.d/init\.d/sendmail, /etc/rc\.d/init\.d/dnsmasq, /etc/rc\.d/init\.d/cobblerd, /etc/rc\.d/init\.d/bitlbee, /etc/rc\.d/init\.d/sanlock, /etc/rc\.d/init\.d/slapd, /etc/rc\.d/init\.d/clamd-wrapper, /etc/rc\.d/init\.d/openstack-glance-api, /etc/rc\.d/init\.d/rsyslog, /etc/rc\.d/init\.d/ulogd, /etc/rc\.d/init\.d/ntpd, /etc/rc\.d/init\.d/nscd, /etc/rc\.d/init\.d/polipo, /etc/rc\.d/init\.d/dund, /etc/rc\.d/init\.d/pand, /etc/rc\.d/init\.d/bluetooth, /etc/rc\.d/init\.d/chronyd, /etc/rc\.d/init\.d/openvpn, /etc/rc\.d/init\.d/boinc-client, /etc/rc\.d/init\.d/nfs, /etc/rc\.d/init\.d/denyhosts, /etc/rc\.d/init\.d/cgconfig, /etc/rc\.d/init\.d/mongod, /etc/rc\.d/init\.
d/autofs, /etc/rc\.d/init\.d/ddclient, /etc/rc\.d/init\.d/roundup, /etc/rc\.d/init\.d/dictd, /etc/rc\.d/init\.d/ricci, /etc/rc\.d/init\.d/motion, /etc/rc\.d/init\.d/zoneminder, /etc/rc\.d/init\.d/certmonger, /etc/rc\.d/init\.d/innd, /etc/rc\.d/init\.d/whatsup-pingd, /etc/rc\.d/init\.d/snortd, /etc/rc\.d/init\.d/snmpd, /etc/rc\.d/init\.d/snmptrapd, /etc/rc\.d/init\.d/iwhd, /etc/rc\.d/init\.d/radiusd, /etc/rc\.d/init\.d/dhcpd(6)?, /etc/rc\.d/init\.d/lirc, /etc/rc\.d/init\.d/cyrus, /etc/rc\.d/init\.d/varnish, /etc/rc\.d/init\.d/libvirtd, /etc/rc\.d/init\.d/aiccu, /etc/rc\.d/init\.d/mysqlmanager, /etc/rc\.d/init\.d/zabbix-agentd, /etc/rc\.d/init\.d/varnishlog, /etc/rc\.d/init\.d/varnishncsa, /etc/rc\.d/init\.d/pulse, /etc/rc\.d/init\.d/openstack-glance-registry, /etc/rc\.d/init\.d/collectd, /etc/rc\.d/init\.d/puppetmaster, /etc/init\.d/cherokee, /etc/rc\.d/init\.d/httpd, /etc/rc\.d/init\.d/lighttpd, /etc/rc\.d/init\.d/kdump, /etc/rc\.d/init\.d/dovecot, /etc/rc\.d/init\.d/bgpd, /
etc/rc\.d/init\.d/ripd, /etc/rc\.d/init\.d/ospfd, /etc/rc\.d/init\.d/zebra, /etc/rc\.d/init\.d/ospf6d, /etc/rc\.d/init\.d/ripngd, /etc/rc\.d/init\.d/lldpad, /bin/.*, /opt/(.*/)?bin(/.*)?, /usr/(.*/)?Bin(/.*)?, /usr/(.*/)?bin(/.*)?, /usr/(.*/)?sbin(/.*)?, /opt/(.*/)?sbin(/.*)?, /opt/(.*/)?libexec(/.*)?, /sbin/.*, /usr/lib(.*/)?bin(/.*)?, /usr/lib(.*/)?sbin(/.*)?, /etc/gdm/[^/]+, /root/bin(/.*)?, /etc/gdm/[^/]+/.*, /etc/cron.daily(/.*)?, /etc/cron.weekly(/.*)?, /etc/cron.hourly(/.*)?, /etc/cron.monthly(/.*)?, /usr/lib/.*/scripts(/.*)?, /usr/lib/.*/program(/.*)?, /usr/lib/[^/]*/run-mozilla\.sh, /usr/lib/[^/]*/mozilla-xremote-client, /usr/lib/[^/]*thunderbird[^/]*/thunderbird, /usr/lib/[^/]*thunderbird[^/]*/thunderbird-bin, /usr/lib/[^/]*thunderbird[^/]*/open-browser\.sh, /lib/udev/[^/]*, /etc/auto\.[^/]*, /etc/avahi/.*\.action, /usr/lib/qt.*/bin(/.*)?, /usr/lib/yp/.+, /var/ftp/bin(/.*)?, /usr/Brother(/.*)?, /usr/Printer(/.*)?, /usr/libexec(/.*)?, /lib/upstart(/.*)?, /etc/kde/en
v(/.*)?, /etc/profile.d(/.*)?, /var/mailman.*/bin(/.*)?, /etc/lxdm/Pre.*, /etc/hotplug/.*rc, /usr/lib/cups(/.*)?, /etc/hotplug/.*agent, /usr/Brother/(.*/)?inf/setup.*, /usr/Brother/(.*/)?inf/brprintconf.*, /usr/lib/dpkg/.+, /etc/lxdm/Post.*, /usr/lib/udev/[^/]*, /var/qmail/bin(/.*)?, /usr/lib/xfce4(/.*)?, /usr/lib/fence(/.*)?, /etc/X11/xinit(/.*)?, /lib/readahead(/.*)?, /etc/netplug\.d(/.*)?, /usr/lib/gimp/.*/plug-ins(/.*)?, /usr/lib/ipsec/.*, /etc/ppp/ip-up\..*, /usr/bin/pingus.*, /etc/cipe/ip-up.*, /usr/lib/dracut(/.*)?, /etc/pm/power\.d(/.*)?, /etc/pm/sleep\.d(/.*)?, /etc/redhat-lsb(/.*)?, /usr/lib/tuned/.*/.*\.sh, /usr/lib/xen/bin(/.*)?, /usr/lib/upstart(/.*)?, /usr/lib/courier(/.*)?, /etc/xen/scripts(/.*)?, /usr/share/tucan.*/tucan.py, /usr/lib/mailman.*/bin(/.*)?, /usr/lib/mailman.*/mail(/.*)?, /etc/ppp/ipv6-up\..*, /etc/ppp/ip-down\..*, /etc/cipe/ip-down.*, /usr/share/hplip/[^/]*, /usr/lib/news/bin(/.*)?, /usr/lib/pm-utils(/.*)?, /etc/vmware-tools(/.*)?, /etc/kde/shut
down(/.*)?, /etc/acpi/actions(/.*)?, /etc/pki/tls/misc(/.*)?, /usr/lib/jvm/java(.*/)bin(/.*), /usr/lib/tumbler-[^/]*/tumblerd, /usr/lib/readahead(/.*)?, /opt/google/chrome(/.*)?, /etc/munin/plugins(/.*)?, /usr/lib/bluetooth(/.*)?, /usr/lib/debug/bin(/.*)?, /usr/lib/xulrunner[^/]*/updater, /usr/lib/xulrunner[^/]*/crashreporter, /usr/lib/xulrunner[^/]*/xulrunner[^/]*, /usr/lib/ruby/gems(/.*)?/helper-scripts(/.*)?, /usr/share/debconf/.+, /etc/ppp/ipv6-down\..*, /usr/share/cluster/.*\.sh, /usr/share/sectool/.*\.py, /usr/share/ssl/misc(/.*)?, /usr/share/e16/misc(/.*)?, /usr/lib/ccache/bin(/.*)?, /etc/racoon/scripts(/.*)?, /usr/lib/debug/sbin(/.*)?, /usr/lib/ruby/gems/.*/agents(/.*)?, /usr/share/mc/extfs/.*, /usr/lib/apt/methods.+, /usr/lib/portage/bin(/.*)?, /usr/lib/MailScanner(/.*)?, /etc/mcelog/triggers(/.*)?, /etc/dhcp/dhclient\.d(/.*)?, /emul/ia32-linux/bin(/.*)?, /emul/ia32-linux/usr(/.*)?/bin(/.*)?, /emul/ia32-linux/usr(/.*)?/Bin(/.*)?, /emul/ia32-linux/usr(/.*)?/sbin(/.*)
?, /usr/lib/thunderbird.*/mozilla-xremote-client, /usr/lib/cyrus-imapd/.*, /usr/share/createrepo(/.*)?, /emul/ia32-linux/sbin(/.*)?, /usr/share/virtualbox/.*\.sh, /usr/share/hal/scripts(/.*)?, /usr/share/wicd/daemon(/.*)?, /lib/security/pam_krb5(/.*)?, /opt/google/talkplugin(/.*)?, /etc/PackageKit/events(/.*)?, /usr/lib/debug/usr/bin(/.*)?, /usr/lib/vmware-tools/(s)?bin32(/.*)?, /usr/lib/vmware-tools/(s)?bin64(/.*)?, /etc/gdm/XKeepsCrashing[^/]*, /usr/lib/oracle/xe/apps(/.*)?, /usr/share/Modules/init(/.*)?, /usr/share/smolt/client(/.*)?, /usr/lib/nagios/plugins(/.*)?, /usr/lib/debug/usr/sbin(/.*)?, /usr/share/apr-0/build/[^/]+\.sh, /usr/lib/emacsen-common/.*, /usr/share/ajaxterm/qweb.py.*, /var/lib/asterisk/agi-bin(/.*)?, /usr/share/shorewall-perl(/.*)?, /usr/share/shorewall-lite(/.*)?, /usr/linuxprinter/filters(/.*)?, /usr/lib/netsaint/plugins(/.*)?, /usr/lib/chromium-browser(/.*)?, /usr/share/turboprint/lib(/.*)?, /usr/lib/nfs-utils/scripts(/.*)?, /usr/share/shorewall-shel
l(/.*)?, /usr/share/shorewall6-lite(/.*)?, /usr/share/vhostmd/scripts(/.*)?, /usr/lib/debug/usr/libexec(/.*)?, /etc/ConsoleKit/run-seat\.d(/.*)?, /usr/lib/nspluginwrapper/np.*, /usr/share/sandbox/sandboxX.sh, /usr/lib/ConsoleKit/scripts(/.*)?, /usr/share/ajaxterm/ajaxterm.py.*, /usr/lib/pgsql/test/regress/.*\.sh, /usr/share/denyhosts/plugins(/.*)?, /usr/share/denyhosts/scripts(/.*)?, /emul/ia32-linux/usr/libexec(/.*)?, /usr/lib/mediawiki/math/texvc.*, /usr/share/PackageKit/helpers(/.*)?, /etc/ConsoleKit/run-session\.d(/.*)?, /etc/hotplug\.d/default/default.*, /usr/lib/systemd/system-sleep/(.*)?, /opt/gutenprint/cups/lib/filter(/.*)?, /usr/share/system-config-network(/netconfig)?/[^/]+\.py, /usr/lib/ConsoleKit/run-session\.d(/.*)?, /etc/sysconfig/network-scripts/net.*, /etc/sysconfig/network-scripts/ifup.*, /etc/sysconfig/network-scripts/init.*, /usr/share/kde4/apps/kajongg/kajongg.py, /etc/sysconfig/network-scripts/ifdown.*, /opt/OpenPrinting-Gutenprint/cups/lib/filter(/.*)?
, /usr/share/gedit-2/plugins/externaltools/tools(/.*)?, /bin, /sbin, /usr/bin, /dev/MAKEDEV, /var/qmail/rc, /var/qmail/bin, /etc/mail/make, /bin/mountpoint, /usr/lib/rpm/rpmv, /usr/lib/rpm/rpmk, /usr/lib/rpm/rpmq, /usr/lib/rpm/rpmd, /lib/udev/scsi_id, /sbin/mkfs\.cramfs, /etc/xen/qemu-ifup, /etc/lxdm/Xsession, /etc/sysconfig/init, /usr/bin/mountpoint, /etc/apcupsd/commok, /usr/lib/sftp-server, /etc/sysconfig/crond, /etc/lxdm/LoginReady, /usr/sbin/mkfs\.cramfs, /usr/lib/udev/scsi_id, /etc/X11/xdm/Xsetup_0, /etc/init\.d/functions, /etc/apcupsd/changeme, /usr/lib/iscan/network, /etc/apcupsd/onbattery, /usr/lib/yaboot/addnote, /etc/sysconfig/libvirtd, /etc/apcupsd/apccontrol, /etc/apcupsd/offbattery, /usr/lib/wicd/monitor\.py, /etc/X11/xdm/TakeConsole, /etc/X11/xdm/GiveConsole, /etc/apcupsd/commfailure, /usr/lib/misc/sftp-server, /etc/sysconfig/netconsole, /lib/udev/devices/MAKEDEV, /var/lib/iscan/interpreter, /etc/rc\.d/init\.d/functions, /etc/apcupsd/masterconnect, /etc/apcups
d/mastertimeout, /usr/share/pydict/pydict\.py, /usr/share/clamav/clamd-gen, /sbin/insmod_ksymoops_clean, /etc/mgetty\+sendfax/new_fax, /usr/lib/xfce4/panel/migrate, /usr/lib/xfce4/panel/wrapper, /etc/sysconfig/readonly-root, /usr/lib/udev/devices/MAKEDEV, /usr/lib/vte/gnome-pty-helper, /usr/lib/xfce4/xfconf/xfconfd, /usr/share/hwbrowser/hwbrowser, /usr/share/cvs/contrib/rcs2log, /usr/X11R6/lib/X11/xkb/xkbcomp, /usr/lib/virtualbox/VBoxManage, /usr/share/cluster/checkquorum, /usr/share/shorewall/getparams, /usr/share/apr-0/build/libtool, /usr/share/cluster/SAPDatabase, /usr/share/cluster/SAPInstance, /etc/hotplug/hotplug\.functions, /usr/share/texmf/web2c/mktexdir, /usr/share/texmf/web2c/mktexupd, /usr/share/texmf/web2c/mktexnam, /usr/share/shorewall/configpath, /usr/sbin/insmod_ksymoops_clean, /etc/mcelog/cache-error-trigger, /usr/share/shorewall/compiler\.pl, /usr/share/dayplanner/dayplanner, /usr/libexec/openssh/sftp-server, /usr/share/texmf/texconfig/tcfmgr, /usr/share/cla
mav/freshclam-sleep, /usr/share/cluster/ocf-shellfuncs, /usr/share/cluster/svclib_nfslock, /usr/lib/xfce4/exo-1/exo-helper-1, /usr/share/pwlib/make/ptlib-config, /usr/share/fedora-usermgmt/wrapper, /usr/share/printconf/util/print\.py, /usr/lib/xfce4/xfwm4/helper-dialog, /etc/pki/tls/certs/make-dummy-cert, /usr/share/rhn/rhn_applet/applet\.py, /usr/share/authconfig/authconfig\.py, /usr/share/spamassassin/sa-update\.cron, /usr/share/gnucash/finance-quote-check, /usr/share/cluster/fence_scsi_check\.pl, /usr/share/selinux/devel/policygentool, /usr/share/switchdesk/switchdesk-gui\.py, /usr/share/authconfig/authconfig-gtk\.py, /usr/share/authconfig/authconfig-tui\.py, /usr/share/gitolite/hooks/common/update, /usr/share/gnucash/finance-quote-helper, /usr/lib/xfce4/exo-1/exo-compose-mail-1, /usr/share/system-config-services/gui\.py, /lib/security/pam_krb5/pam_krb5_storetmp, /usr/share/system-config-netboot/pxeos\.py, /usr/lib/xfce4/session/balou-export-theme, /usr/share/system-confi
g-nfs/nfs-export\.py, /usr/share/system-config-printer/applet\.py, /usr/share/system-config-selinux/polgen\.py, /usr/share/PackageKit/pk-upgrade-distro\.sh, /usr/lib/xfce4/session/balou-install-theme, /usr/share/system-config-netboot/pxeboot\.py, /usr/lib/xfce4/session/xfsm-shutdown-helper, /usr/share/rhn/rhn_applet/needed-packages\.py, /usr/lib/security/pam_krb5/pam_krb5_storetmp, /usr/share/system-logviewer/system-logviewer\.py, /usr/share/system-config-network/neat-control\.py, /usr/share/system-config-services/serviceconf\.py, /usr/share/hal/device-manager/hal-device-manager, /usr/share/system-config-lvm/system-config-lvm\.py, /usr/share/system-config-nfs/system-config-nfs\.py, /usr/share/system-config-httpd/system-config-httpd, /usr/share/system-config-mouse/system-config-mouse, /usr/share/system-config-users/system-config-users, /usr/share/system-config-date/system-config-date\.py, /usr/share/doc/ghc/html/libraries/gen_contents_index, /usr/share/gitolite/hooks/gitolite
-admin/post-update, /usr/share/system-config-samba/system-config-samba\.py, /usr/share/system-config-display/system-config-display, /usr/share/system-config-keyboard/system-config-keyboard, /usr/share/system-config-language/system-config-language, /usr/share/system-config-services/system-config-services, /usr/share/system-config-selinux/system-config-selinux\.py, /usr/share/system-config-netboot/system-config-netboot\.py, /usr/share/system-config-soundcard/system-config-soundcard, /usr/share/system-config-rootpassword/system-config-rootpassword, /usr/share/system-config-securitylevel/system-config-securitylevel\.py, /etc/rc\.d/init\.d/munin-node, /etc/rc\.d/init\.d/nasd, /etc/rc\.d/init\.d/uuidd, /etc/rc\.d/init\.d/postfix, /etc/rc\.d/init\.d/ctdb, /usr/sbin/glusterd, /etc/rc\.d/init\.d/glusterd, /etc/rc\.d/init\.d/sasl, /etc/rc\.d/init\.d/(se)?postgresql, /etc/rc\.d/init\.d/kprop, /etc/rc\.d/init\.d/kadmind, /etc/rc\.d/init\.d/krb524d, /etc/rc\.d/init\.d/krb5kdc, /etc/rc\.d
/init\.d/apcupsd, /etc/rc\.d/init\.d/cups, /etc/rc\.d/init\.d/ksmtuned, /etc/rc\.d/init\.d/tuned, /etc/rc\.d/init\.d/smartd, /etc/rc\.d/init\.d/exim, /etc/rc\.d/init\.d/tgtd, /etc/rc\.d/init\.d/ajaxterm, /etc/rc\.d/init\.d/hddtemp, /etc/rc\.d/init\.d/tcsd, /etc/rc\.d/init\.d/rhsmcertd, /etc/rc.d/init.d/svnserve, /etc/rc\.d/init\.d/vsftpd, /etc/rc\.d/init\.d/proftpd, /etc/rc\.d/init\.d/shorewall, /etc/rc\.d/init\.d/shorewall-lite, /etc/rc\.d/init\.d/openais, /etc/rc\.d/init\.d/auditd, /etc/rc\.d/init\.d/lwiod, /etc/rc\.d/init\.d/lwsmd, /etc/rc\.d/init\.d/lsassd, /etc/rc\.d/init\.d/lwregd, /etc/rc\.d/init\.d/dcerpcd, /etc/rc\.d/init\.d/srvsvcd, /etc/rc\.d/init\.d/eventlogd, /etc/rc\.d/init\.d/netlogond, /etc/rc\.d/init\.d/cf-execd, /etc/rc\.d/init\.d/cf-serverd, /etc/rc\.d/init\.d/cf-monitord, /etc/rc\.d/init\.d/wdmd, /etc/init\.d/.*, /etc/rc\.d/rc\.[^/]+, /etc/rc\.d/init\.d/.*, /usr/libexec/dcc/stop-.*, /usr/libexec/dcc/start-.*, /usr/lib/systemd/fedora[^/]*, /etc/rc\.d/rc, /
etc/X11/prefdm, /usr/sbin/startx, /usr/bin/sepg_ctl, /usr/sbin/apachectl, /usr/sbin/ldap-agent, /usr/sbin/start-dirsrv, /usr/sbin/open_init_pty, /usr/sbin/restart-dirsrv, /etc/sysconfig/network-scripts/ifup-ipsec, /usr/share/system-config-services/system-config-services-mechanism\.py, /etc/rc\.d/init\.d/postgrey, /etc/rc\.d/init\.d/avahi.*, /etc/rc\.d/init\.d/gpsd, /etc/rc\.d/init\.d/privoxy, /etc/rc\.d/init\.d/nrpe, /etc/rc\.d/init\.d/nagios, /bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /etc/rc\.d/init\.d/cgred, /etc/rc\.d/init\.d/cpglockd, /etc/rc\.d/init\.
d/rgmanager, /etc/rc\.d/init\.d/heartbeat, /etc/rc\.d/init\.d/tor, /etc/rc\.d/init\.d/radvd, /etc/rc\.d/init\.d/abrt, /etc/rc\.d/init\.d/ipsec, /etc/rc\.d/init\.d/racoon, /etc/rc\.d/init\.d/puppet, /etc/rc\.d/init\.d/named, /etc/rc\.d/init\.d/unbound, /etc/rc\.d/init\.d/psad, /etc/rc\.d/init\.d/squid, /etc/ppp/(auth|ip(v6|x)?)-(up|down), /etc/rc\.d/init\.d/ppp, /etc/rc\.d/init\.d/canna, /etc/rc\.d/init\.d/firewalld, /etc/rc\.d/init\.d/afs, /etc/rc\.d/init\.d/openafs-client, /etc/rc\.d/init\.d/nmb, /etc/rc\.d/init\.d/smb, /etc/rc\.d/init\.d/winbind, /etc/rc\.d/init\.d/mimedefang.*, /etc/rc\.d/init\.d/spamd, /etc/rc\.d/init\.d/spampd, /etc/rc\.d/init\.d/pyzord, /etc/rc\.d/init\.d/pacemaker, /etc/rc\.d/init\.d/ypserv, /etc/rc\.d/init\.d/ypxfrd, /etc/rc\.d/init\.d/yppasswd, /etc/rc\.d/init\.d/amavis, /etc/rc\.d/init\.d/amavisd-snmp, /etc/rc\.d/init\.d/mpd, /etc/rc\.d/init\.d/arpwatch
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -38951,10 +39168,6 @@ index 0000000..a647e30
+
+- Set files with the initrc_exec_t type, if you want to transition an executable to the initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/startx, /etc/rc\.d/rc, /usr/libexec/dcc/stop-.*, /etc/sysconfig/network-scripts/ifup-ipsec, /usr/lib/systemd/fedora[^/]*, /usr/sbin/start-dirsrv, /usr/sbin/restart-dirsrv, /usr/sbin/open_init_pty, /usr/sbin/ldap-agent, /etc/X11/prefdm, /etc/rc\.d/rc\.[^/]+, /etc/rc\.d/init\.d/.*, /usr/libexec/dcc/start-.*, /usr/share/system-config-services/system-config-services-mechanism\.py, /usr/sbin/apachectl, /etc/init\.d/.*, /usr/bin/sepg_ctl
+
+.EX
+.PP
@@ -38987,10 +39200,6 @@ index 0000000..a647e30
+
+- Set files with the initrc_var_run_t type, if you want to store the initrc files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/setmixer_flag, /var/run/runlevel\.dir, /var/run/random-seed, /var/run/utmp
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -39200,10 +39409,10 @@ index 0000000..a647e30
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -39638,12 +39847,8 @@ index 0000000..a647e30
+.br
+ /var/log/syslog
+.br
-+ /var/log/boot\.log
-+.br
+ /var/named/chroot/var/log
+.br
-+ /var/spool/plymouth/boot\.log
-+.br
+
+.br
+.B var_spool_t
@@ -39710,19 +39915,21 @@ index 0000000..a647e30
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), initrc(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), initrc(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, init_selinux(8)
\ No newline at end of file
diff --git a/man/man8/innd_selinux.8 b/man/man8/innd_selinux.8
new file mode 100644
-index 0000000..a295729
+index 0000000..b85bf10
--- /dev/null
+++ b/man/man8/innd_selinux.8
-@@ -0,0 +1,188 @@
-+.TH "innd_selinux" "8" "innd" "dwalsh at redhat.com" "innd SELinux Policy documentation"
+@@ -0,0 +1,182 @@
++.TH "innd_selinux" "8" "12-10-19" "innd" "SELinux Policy documentation for innd"
+.SH "NAME"
+innd_selinux \- Security Enhanced Linux Policy for the innd processes
+.SH "DESCRIPTION"
@@ -39740,7 +39947,7 @@ index 0000000..a295729
+
+The innd_t SELinux type can be entered via the "innd_exec_t" file type. The default entrypoint paths for the innd_t domain are the following:"
+
-+/usr/bin/suck, /usr/lib/news/bin/filechan, /usr/lib/news/bin/nntpget, /usr/sbin/in\.nnrpd, /usr/lib/news/bin/convdate, /usr/lib/news/bin/innfeed, /usr/lib/news/bin/shlock, /usr/lib/news/bin/archive, /usr/lib/news/bin/innconfval, /usr/lib/news/bin/actsync, /usr/lib/news/bin/innxbatch, /usr/bin/inews, /usr/lib/news/bin/batcher, /usr/sbin/innd.*, /usr/lib/news/bin/expire, /usr/lib/news/bin/nnrpd, /usr/lib/news/bin/inndstart, /usr/lib/news/bin/ctlinnd, /usr/bin/rpost, /usr/lib/news/bin/buffchan, /usr/lib/news/bin/ovdb_recover, /etc/news/boot, /usr/lib/news/bin/startinnfeed, /usr/lib/news/bin/makehistory, /usr/lib/news/bin/expireover, /usr/bin/rnews, /usr/lib/news/bin/innd, /usr/lib/news/bin/newsrequeue, /usr/lib/news/bin/makedbz, /usr/lib/news/bin/innxmit, /usr/lib/news/bin/fastrm, /usr/lib/news/bin/getlist, /usr/lib/news/bin/sm, /usr/lib/news/bin/grephistory, /usr/lib/news/bin/rnews, /usr/lib/news/bin/overchan, /usr/lib/news/bin/cvtbatch, /usr/lib/news/bin/prunehistory, /usr/l
ib/news/bin/inews, /usr/lib/news/bin/shrinkfile, /usr/lib/news/bin/inndf
++/usr/sbin/innd.*, /usr/bin/suck, /etc/news/boot, /usr/bin/inews, /usr/bin/rnews, /usr/bin/rpost, /usr/sbin/in\.nnrpd, /usr/lib/news/bin/sm, /usr/lib/news/bin/innd, /usr/lib/news/bin/inews, /usr/lib/news/bin/inndf, /usr/lib/news/bin/nnrpd, /usr/lib/news/bin/rnews, /usr/lib/news/bin/expire, /usr/lib/news/bin/fastrm, /usr/lib/news/bin/shlock, /usr/lib/news/bin/actsync, /usr/lib/news/bin/archive, /usr/lib/news/bin/batcher, /usr/lib/news/bin/ctlinnd, /usr/lib/news/bin/getlist, /usr/lib/news/bin/innfeed, /usr/lib/news/bin/innxmit, /usr/lib/news/bin/makedbz, /usr/lib/news/bin/nntpget, /usr/lib/news/bin/buffchan, /usr/lib/news/bin/convdate, /usr/lib/news/bin/cvtbatch, /usr/lib/news/bin/filechan, /usr/lib/news/bin/overchan, /usr/lib/news/bin/inndstart, /usr/lib/news/bin/innxbatch, /usr/lib/news/bin/expireover, /usr/lib/news/bin/innconfval, /usr/lib/news/bin/shrinkfile, /usr/lib/news/bin/grephistory, /usr/lib/news/bin/makehistory, /usr/lib/news/bin/newsrequeue, /usr/lib/news/bin/ovdb
_recover, /usr/lib/news/bin/prunehistory, /usr/lib/news/bin/startinnfeed
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -39785,10 +39992,6 @@ index 0000000..a295729
+
+- Set files with the innd_exec_t type, if you want to transition an executable to the innd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/suck, /usr/lib/news/bin/filechan, /usr/lib/news/bin/nntpget, /usr/sbin/in\.nnrpd, /usr/lib/news/bin/convdate, /usr/lib/news/bin/innfeed, /usr/lib/news/bin/shlock, /usr/lib/news/bin/archive, /usr/lib/news/bin/innconfval, /usr/lib/news/bin/actsync, /usr/lib/news/bin/innxbatch, /usr/bin/inews, /usr/lib/news/bin/batcher, /usr/sbin/innd.*, /usr/lib/news/bin/expire, /usr/lib/news/bin/nnrpd, /usr/lib/news/bin/inndstart, /usr/lib/news/bin/ctlinnd, /usr/bin/rpost, /usr/lib/news/bin/buffchan, /usr/lib/news/bin/ovdb_recover, /etc/news/boot, /usr/lib/news/bin/startinnfeed, /usr/lib/news/bin/makehistory, /usr/lib/news/bin/expireover, /usr/bin/rnews, /usr/lib/news/bin/innd, /usr/lib/news/bin/newsrequeue, /usr/lib/news/bin/makedbz, /usr/lib/news/bin/innxmit, /usr/lib/news/bin/fastrm, /usr/lib/news/bin/getlist, /usr/lib/news/bin/sm, /usr/lib/news/bin/grephistory, /usr/lib/news/bin/rnews, /usr/lib/news/bin/overchan, /usr/lib/news/bin/cvtbatch, /usr/lib/news/bin/prunehistory, /usr/l
ib/news/bin/inews, /usr/lib/news/bin/shrinkfile, /usr/lib/news/bin/inndf
+
+.EX
+.PP
@@ -39821,10 +40024,6 @@ index 0000000..a295729
+
+- Set files with the innd_var_run_t type, if you want to store the innd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/innd(/.*)?, /var/run/news(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -39906,17 +40105,19 @@ index 0000000..a295729
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), innd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), innd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/insmod_selinux.8 b/man/man8/insmod_selinux.8
new file mode 100644
-index 0000000..13c6e2d
+index 0000000..0fbec7e
--- /dev/null
+++ b/man/man8/insmod_selinux.8
-@@ -0,0 +1,182 @@
-+.TH "insmod_selinux" "8" "insmod" "dwalsh at redhat.com" "insmod SELinux Policy documentation"
+@@ -0,0 +1,194 @@
++.TH "insmod_selinux" "8" "12-10-19" "insmod" "SELinux Policy documentation for insmod"
+.SH "NAME"
+insmod_selinux \- Security Enhanced Linux Policy for the insmod processes
+.SH "DESCRIPTION"
@@ -39934,7 +40135,7 @@ index 0000000..13c6e2d
+
+The insmod_t SELinux type can be entered via the "insmod_exec_t" file type. The default entrypoint paths for the insmod_t domain are the following:"
+
-+/sbin/rmmod.*, /sbin/modprobe.*, /sbin/insmod.*, /usr/sbin/modprobe.*, /usr/bin/kmod, /usr/sbin/insmod.*, /usr/sbin/rmmod.*
++/sbin/rmmod.*, /sbin/insmod.*, /sbin/modprobe.*, /usr/sbin/rmmod.*, /usr/sbin/insmod.*, /usr/sbin/modprobe.*, /usr/bin/kmod
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -39958,6 +40159,13 @@ index 0000000..13c6e2d
+
+
+.PP
++If you want to allow pppd to load kernel modules for certain modems, you must turn on the pppd_can_insmod boolean.
++
++.EX
++.B setsebool -P pppd_can_insmod 1
++.EE
++
++.PP
+If you want to disable kernel module loading, you must turn on the secure_mode_insmod boolean.
+
+.EX
@@ -39971,6 +40179,13 @@ index 0000000..13c6e2d
+.B setsebool -P pppd_can_insmod 1
+.EE
+
++.PP
++If you want to disable kernel module loading, you must turn on the secure_mode_insmod boolean.
++
++.EX
++.B setsebool -P secure_mode_insmod 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -39989,10 +40204,6 @@ index 0000000..13c6e2d
+
+- Set files with the insmod_exec_t type, if you want to transition an executable to the insmod_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/rmmod.*, /sbin/modprobe.*, /sbin/insmod.*, /usr/sbin/modprobe.*, /usr/bin/kmod, /usr/sbin/insmod.*, /usr/sbin/rmmod.*
+
+.EX
+.PP
@@ -40093,19 +40304,21 @@ index 0000000..13c6e2d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), insmod(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), insmod(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/ipsec_mgmt_selinux.8 b/man/man8/ipsec_mgmt_selinux.8
new file mode 100644
-index 0000000..c9b623b
+index 0000000..2615e5b
--- /dev/null
+++ b/man/man8/ipsec_mgmt_selinux.8
-@@ -0,0 +1,191 @@
-+.TH "ipsec_mgmt_selinux" "8" "ipsec_mgmt" "dwalsh at redhat.com" "ipsec_mgmt SELinux Policy documentation"
+@@ -0,0 +1,189 @@
++.TH "ipsec_mgmt_selinux" "8" "12-10-19" "ipsec_mgmt" "SELinux Policy documentation for ipsec_mgmt"
+.SH "NAME"
+ipsec_mgmt_selinux \- Security Enhanced Linux Policy for the ipsec_mgmt processes
+.SH "DESCRIPTION"
@@ -40121,9 +40334,9 @@ index 0000000..c9b623b
+
+.SH "ENTRYPOINTS"
+
-+The ipsec_mgmt_t SELinux type can be entered via the "shell_exec_t,ipsec_mgmt_exec_t" file types. The default entrypoint paths for the ipsec_mgmt_t domain are the following:"
++The ipsec_mgmt_t SELinux type can be entered via the "ipsec_mgmt_exec_t,shell_exec_t" file types. The default entrypoint paths for the ipsec_mgmt_t domain are the following:"
+
-+/usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh, /usr/lib/ipsec/_plutorun, /usr/libexec/ipsec/_plutoload, /usr/libexec/nm-openswan-service, /usr/sbin/ipsec, /usr/lib/ipsec/_plutoload, /usr/libexec/ipsec/_plutorun
++/usr/sbin/ipsec, /usr/lib/ipsec/_plutorun, /usr/lib/ipsec/_plutoload, /usr/libexec/ipsec/_plutorun, /usr/libexec/ipsec/_plutoload, /usr/libexec/nm-openswan-service, /bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -40160,10 +40373,6 @@ index 0000000..c9b623b
+
+- Set files with the ipsec_mgmt_exec_t type, if you want to transition an executable to the ipsec_mgmt_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/ipsec/_plutorun, /usr/libexec/ipsec/_plutoload, /usr/libexec/nm-openswan-service, /usr/sbin/ipsec, /usr/lib/ipsec/_plutoload, /usr/libexec/ipsec/_plutorun
+
+.EX
+.PP
@@ -40291,19 +40500,21 @@ index 0000000..c9b623b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ipsec_mgmt(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ipsec_mgmt(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, ipsec_selinux(8), ipsec_selinux(8)
\ No newline at end of file
diff --git a/man/man8/ipsec_selinux.8 b/man/man8/ipsec_selinux.8
new file mode 100644
-index 0000000..8b748d6
+index 0000000..ddc738e
--- /dev/null
+++ b/man/man8/ipsec_selinux.8
-@@ -0,0 +1,285 @@
-+.TH "ipsec_selinux" "8" "ipsec" "dwalsh at redhat.com" "ipsec SELinux Policy documentation"
+@@ -0,0 +1,263 @@
++.TH "ipsec_selinux" "8" "12-10-19" "ipsec" "SELinux Policy documentation for ipsec"
+.SH "NAME"
+ipsec_selinux \- Security Enhanced Linux Policy for the ipsec processes
+.SH "DESCRIPTION"
@@ -40321,7 +40532,7 @@ index 0000000..8b748d6
+
+The ipsec_t SELinux type can be entered via the "ipsec_exec_t" file type. The default entrypoint paths for the ipsec_t domain are the following:"
+
-+/usr/lib/ipsec/pluto, /usr/lib/ipsec/klipsdebug, /usr/libexec/ipsec/eroute, /usr/libexec/ipsec/pluto, /usr/lib/ipsec/spi, /usr/lib/ipsec/eroute, /usr/libexec/ipsec/spi, /usr/libexec/ipsec/klipsdebug
++/usr/lib/ipsec/spi, /usr/lib/ipsec/pluto, /usr/lib/ipsec/eroute, /usr/libexec/ipsec/spi, /usr/libexec/ipsec/pluto, /usr/lib/ipsec/klipsdebug, /usr/libexec/ipsec/eroute, /usr/libexec/ipsec/klipsdebug
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -40358,10 +40569,6 @@ index 0000000..8b748d6
+
+- Set files with the ipsec_conf_file_t type, if you want to treat the files as ipsec conf content.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/ipsec\.conf, /etc/racoon(/.*)?
+
+.EX
+.PP
@@ -40370,10 +40577,6 @@ index 0000000..8b748d6
+
+- Set files with the ipsec_exec_t type, if you want to transition an executable to the ipsec_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/ipsec/pluto, /usr/lib/ipsec/klipsdebug, /usr/libexec/ipsec/eroute, /usr/libexec/ipsec/pluto, /usr/lib/ipsec/spi, /usr/lib/ipsec/eroute, /usr/libexec/ipsec/spi, /usr/libexec/ipsec/klipsdebug
+
+.EX
+.PP
@@ -40382,10 +40585,6 @@ index 0000000..8b748d6
+
+- Set files with the ipsec_initrc_exec_t type, if you want to transition an executable to the ipsec_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/racoon, /etc/rc\.d/init\.d/ipsec
+
+.EX
+.PP
@@ -40394,10 +40593,6 @@ index 0000000..8b748d6
+
+- Set files with the ipsec_key_file_t type, if you want to treat the files as ipsec key content.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/ipsec\.secrets, /etc/racoon/certs(/.*)?, /etc/racoon/psk\.txt, /etc/ipsec\.d(/.*)?
+
+.EX
+.PP
@@ -40414,10 +40609,6 @@ index 0000000..8b748d6
+
+- Set files with the ipsec_mgmt_exec_t type, if you want to transition an executable to the ipsec_mgmt_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/ipsec/_plutorun, /usr/libexec/ipsec/_plutoload, /usr/libexec/nm-openswan-service, /usr/sbin/ipsec, /usr/lib/ipsec/_plutoload, /usr/libexec/ipsec/_plutorun
+
+.EX
+.PP
@@ -40450,10 +40641,6 @@ index 0000000..8b748d6
+
+- Set files with the ipsec_var_run_t type, if you want to store the ipsec files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/racoon\.pid, /var/run/pluto(/.*)?, /var/racoon(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -40583,19 +40770,21 @@ index 0000000..8b748d6
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ipsec(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ipsec(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, ipsec_mgmt_selinux(8)
\ No newline at end of file
diff --git a/man/man8/iptables_selinux.8 b/man/man8/iptables_selinux.8
new file mode 100644
-index 0000000..e109fae
+index 0000000..c07b09e
--- /dev/null
+++ b/man/man8/iptables_selinux.8
-@@ -0,0 +1,261 @@
-+.TH "iptables_selinux" "8" "iptables" "dwalsh at redhat.com" "iptables SELinux Policy documentation"
+@@ -0,0 +1,258 @@
++.TH "iptables_selinux" "8" "12-10-19" "iptables" "SELinux Policy documentation for iptables"
+.SH "NAME"
+iptables_selinux \- Security Enhanced Linux Policy for the iptables processes
+.SH "DESCRIPTION"
@@ -40613,7 +40802,7 @@ index 0000000..e109fae
+
+The iptables_t SELinux type can be entered via the "iptables_exec_t" file type. The default entrypoint paths for the iptables_t domain are the following:"
+
-+/usr/sbin/ipvsadm-restore, /usr/sbin/ipchains.*, /usr/sbin/ip6?tables, /usr/sbin/ip6?tables-restore, /sbin/ebtables-restore, /usr/sbin/xtables-multi, /sbin/ipchains.*, /sbin/ip6?tables, /usr/sbin/ebtables-restore, /usr/sbin/ebtables, /sbin/ipvsadm, /usr/sbin/ipvsadm-save, /sbin/xtables-multi, /sbin/ipvsadm-restore, /sbin/ebtables, /usr/sbin/ip6?tables-multi, /sbin/ip6?tables-multi, /usr/sbin/ipvsadm, /sbin/ipvsadm-save, /sbin/ip6?tables-restore
++/sbin/ip6?tables, /sbin/ip6?tables-multi, /sbin/ip6?tables-restore, /usr/sbin/ip6?tables, /usr/sbin/ip6?tables-multi, /usr/sbin/ip6?tables-restore, /sbin/ipchains.*, /usr/sbin/ipchains.*, /sbin/ipvsadm, /sbin/ebtables, /usr/sbin/ipvsadm, /sbin/ipvsadm-save, /usr/sbin/ebtables, /sbin/xtables-multi, /sbin/ipvsadm-restore, /sbin/ebtables-restore, /usr/sbin/ipvsadm-save, /usr/sbin/xtables-multi, /usr/sbin/ipvsadm-restore, /usr/sbin/ebtables-restore
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -40643,6 +40832,13 @@ index 0000000..e109fae
+.B setsebool -P dhcpc_exec_iptables 1
+.EE
+
++.PP
++If you want to allow dhcpc client applications to execute iptables commands, you must turn on the dhcpc_exec_iptables boolean.
++
++.EX
++.B setsebool -P dhcpc_exec_iptables 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -40661,10 +40857,6 @@ index 0000000..e109fae
+
+- Set files with the iptables_exec_t type, if you want to transition an executable to the iptables_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/ipvsadm-restore, /usr/sbin/ipchains.*, /usr/sbin/ip6?tables, /usr/sbin/ip6?tables-restore, /sbin/ebtables-restore, /usr/sbin/xtables-multi, /sbin/ipchains.*, /sbin/ip6?tables, /usr/sbin/ebtables-restore, /usr/sbin/ebtables, /sbin/ipvsadm, /usr/sbin/ipvsadm-save, /sbin/xtables-multi, /sbin/ipvsadm-restore, /sbin/ebtables, /usr/sbin/ip6?tables-multi, /sbin/ip6?tables-multi, /usr/sbin/ipvsadm, /sbin/ipvsadm-save, /sbin/ip6?tables-restore
+
+.EX
+.PP
@@ -40673,10 +40865,6 @@ index 0000000..e109fae
+
+- Set files with the iptables_initrc_exec_t type, if you want to transition an executable to the iptables_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/ebtables, /etc/rc\.d/init\.d/ip6?tables
+
+.EX
+.PP
@@ -40693,10 +40881,6 @@ index 0000000..e109fae
+
+- Set files with the iptables_unit_file_t type, if you want to treat the files as iptables unit content.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/systemd/system/proftpd.*, /usr/lib/systemd/system/ip6tables.*, /usr/lib/systemd/system/vsftpd.*, /usr/lib/systemd/system/slapd.*, /usr/lib/systemd/system/ppp.*, /usr/lib/systemd/system/iptables.*
+
+.EX
+.PP
@@ -40750,10 +40934,10 @@ index 0000000..e109fae
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -40851,19 +41035,21 @@ index 0000000..e109fae
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), iptables(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), iptables(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/irc_selinux.8 b/man/man8/irc_selinux.8
new file mode 100644
-index 0000000..b0661ea
+index 0000000..b48ec36
--- /dev/null
+++ b/man/man8/irc_selinux.8
-@@ -0,0 +1,148 @@
-+.TH "irc_selinux" "8" "irc" "dwalsh at redhat.com" "irc SELinux Policy documentation"
+@@ -0,0 +1,146 @@
++.TH "irc_selinux" "8" "12-10-19" "irc" "SELinux Policy documentation for irc"
+.SH "NAME"
+irc_selinux \- Security Enhanced Linux Policy for the irc processes
+.SH "DESCRIPTION"
@@ -40881,7 +41067,7 @@ index 0000000..b0661ea
+
+The irc_t SELinux type can be entered via the "irc_exec_t" file type. The default entrypoint paths for the irc_t domain are the following:"
+
-+/usr/bin/tinyirc, /usr/bin/[st]irc, /usr/bin/ircII
++/usr/bin/[st]irc, /usr/bin/ircII, /usr/bin/tinyirc
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -40918,10 +41104,6 @@ index 0000000..b0661ea
+
+- Set files with the irc_exec_t type, if you want to transition an executable to the irc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/tinyirc, /usr/bin/[st]irc, /usr/bin/ircII
+
+.EX
+.PP
@@ -41007,17 +41189,19 @@ index 0000000..b0661ea
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), irc(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), irc(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/irqbalance_selinux.8 b/man/man8/irqbalance_selinux.8
new file mode 100644
-index 0000000..773b7c6
+index 0000000..4624199
--- /dev/null
+++ b/man/man8/irqbalance_selinux.8
-@@ -0,0 +1,100 @@
-+.TH "irqbalance_selinux" "8" "irqbalance" "dwalsh at redhat.com" "irqbalance SELinux Policy documentation"
+@@ -0,0 +1,102 @@
++.TH "irqbalance_selinux" "8" "12-10-19" "irqbalance" "SELinux Policy documentation for irqbalance"
+.SH "NAME"
+irqbalance_selinux \- Security Enhanced Linux Policy for the irqbalance processes
+.SH "DESCRIPTION"
@@ -41113,17 +41297,19 @@ index 0000000..773b7c6
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), irqbalance(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), irqbalance(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/irssi_selinux.8 b/man/man8/irssi_selinux.8
new file mode 100644
-index 0000000..c4c5f95
+index 0000000..972641d
--- /dev/null
+++ b/man/man8/irssi_selinux.8
-@@ -0,0 +1,149 @@
-+.TH "irssi_selinux" "8" "irssi" "dwalsh at redhat.com" "irssi SELinux Policy documentation"
+@@ -0,0 +1,158 @@
++.TH "irssi_selinux" "8" "12-10-19" "irssi" "SELinux Policy documentation for irssi"
+.SH "NAME"
+irssi_selinux \- Security Enhanced Linux Policy for the irssi processes
+.SH "DESCRIPTION"
@@ -41171,6 +41357,13 @@ index 0000000..c4c5f95
+.B setsebool -P irssi_use_full_network 1
+.EE
+
++.PP
++If you want to allow the Irssi IRC Client to connect to any port, and to bind to any unreserved port, you must turn on the irssi_use_full_network boolean.
++
++.EX
++.B setsebool -P irssi_use_full_network 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -41267,19 +41460,21 @@ index 0000000..c4c5f95
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), irssi(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), irssi(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/iscsid_selinux.8 b/man/man8/iscsid_selinux.8
new file mode 100644
-index 0000000..73041bb
+index 0000000..5e20d91
--- /dev/null
+++ b/man/man8/iscsid_selinux.8
-@@ -0,0 +1,162 @@
-+.TH "iscsid_selinux" "8" "iscsid" "dwalsh at redhat.com" "iscsid SELinux Policy documentation"
+@@ -0,0 +1,160 @@
++.TH "iscsid_selinux" "8" "12-10-19" "iscsid" "SELinux Policy documentation for iscsid"
+.SH "NAME"
+iscsid_selinux \- Security Enhanced Linux Policy for the iscsid processes
+.SH "DESCRIPTION"
@@ -41297,7 +41492,7 @@ index 0000000..73041bb
+
+The iscsid_t SELinux type can be entered via the "iscsid_exec_t" file type. The default entrypoint paths for the iscsid_t domain are the following:"
+
-+/sbin/brcm_iscsiuio, /sbin/iscsiuio, /usr/sbin/iscsiuio, /usr/sbin/iscsid, /usr/sbin/brcm_iscsiuio, /sbin/iscsid
++/sbin/iscsid, /sbin/iscsiuio, /usr/sbin/iscsid, /usr/sbin/iscsiuio, /sbin/brcm_iscsiuio, /usr/sbin/brcm_iscsiuio
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -41334,10 +41529,6 @@ index 0000000..73041bb
+
+- Set files with the iscsid_exec_t type, if you want to transition an executable to the iscsid_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/brcm_iscsiuio, /sbin/iscsiuio, /usr/sbin/iscsiuio, /usr/sbin/iscsid, /usr/sbin/brcm_iscsiuio, /sbin/iscsid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -41437,17 +41628,19 @@ index 0000000..73041bb
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), iscsid(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), iscsid(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/iwhd_selinux.8 b/man/man8/iwhd_selinux.8
new file mode 100644
-index 0000000..e5e9d21
+index 0000000..87ace53
--- /dev/null
+++ b/man/man8/iwhd_selinux.8
-@@ -0,0 +1,138 @@
-+.TH "iwhd_selinux" "8" "iwhd" "dwalsh at redhat.com" "iwhd SELinux Policy documentation"
+@@ -0,0 +1,140 @@
++.TH "iwhd_selinux" "8" "12-10-19" "iwhd" "SELinux Policy documentation for iwhd"
+.SH "NAME"
+iwhd_selinux \- Security Enhanced Linux Policy for the iwhd processes
+.SH "DESCRIPTION"
@@ -41581,17 +41774,19 @@ index 0000000..e5e9d21
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), iwhd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), iwhd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/jabberd_router_selinux.8 b/man/man8/jabberd_router_selinux.8
new file mode 100644
-index 0000000..a6e4397
+index 0000000..1f0b708
--- /dev/null
+++ b/man/man8/jabberd_router_selinux.8
-@@ -0,0 +1,99 @@
-+.TH "jabberd_router_selinux" "8" "jabberd_router" "dwalsh at redhat.com" "jabberd_router SELinux Policy documentation"
+@@ -0,0 +1,97 @@
++.TH "jabberd_router_selinux" "8" "12-10-19" "jabberd_router" "SELinux Policy documentation for jabberd_router"
+.SH "NAME"
+jabberd_router_selinux \- Security Enhanced Linux Policy for the jabberd_router processes
+.SH "DESCRIPTION"
@@ -41646,10 +41841,6 @@ index 0000000..a6e4397
+
+- Set files with the jabberd_router_exec_t type, if you want to transition an executable to the jabberd_router_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/c2s, /usr/bin/router
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -41685,19 +41876,21 @@ index 0000000..a6e4397
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), jabberd_router(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), jabberd_router(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, jabberd_selinux(8), jabberd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/jabberd_selinux.8 b/man/man8/jabberd_selinux.8
new file mode 100644
-index 0000000..92d32e3
+index 0000000..fe0222c
--- /dev/null
+++ b/man/man8/jabberd_selinux.8
-@@ -0,0 +1,175 @@
-+.TH "jabberd_selinux" "8" "jabberd" "dwalsh at redhat.com" "jabberd SELinux Policy documentation"
+@@ -0,0 +1,169 @@
++.TH "jabberd_selinux" "8" "12-10-19" "jabberd" "SELinux Policy documentation for jabberd"
+.SH "NAME"
+jabberd_selinux \- Security Enhanced Linux Policy for the jabberd processes
+.SH "DESCRIPTION"
@@ -41715,7 +41908,7 @@ index 0000000..92d32e3
+
+The jabberd_t SELinux type can be entered via the "jabberd_exec_t" file type. The default entrypoint paths for the jabberd_t domain are the following:"
+
-+/usr/bin/s2s, /usr/bin/sm
++/usr/bin/sm, /usr/bin/s2s
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -41752,10 +41945,6 @@ index 0000000..92d32e3
+
+- Set files with the jabberd_exec_t type, if you want to transition an executable to the jabberd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/s2s, /usr/bin/sm
+
+.EX
+.PP
@@ -41772,10 +41961,6 @@ index 0000000..92d32e3
+
+- Set files with the jabberd_router_exec_t type, if you want to transition an executable to the jabberd_router_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/c2s, /usr/bin/router
+
+.EX
+.PP
@@ -41867,19 +42052,21 @@ index 0000000..92d32e3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), jabberd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), jabberd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, jabberd_router_selinux(8)
\ No newline at end of file
diff --git a/man/man8/jockey_selinux.8 b/man/man8/jockey_selinux.8
new file mode 100644
-index 0000000..3ae7f9e
+index 0000000..7734101
--- /dev/null
+++ b/man/man8/jockey_selinux.8
-@@ -0,0 +1,122 @@
-+.TH "jockey_selinux" "8" "jockey" "dwalsh at redhat.com" "jockey SELinux Policy documentation"
+@@ -0,0 +1,120 @@
++.TH "jockey_selinux" "8" "12-10-19" "jockey" "SELinux Policy documentation for jockey"
+.SH "NAME"
+jockey_selinux \- Security Enhanced Linux Policy for the jockey processes
+.SH "DESCRIPTION"
@@ -41950,10 +42137,6 @@ index 0000000..3ae7f9e
+
+- Set files with the jockey_var_log_t type, if you want to treat the data as jockey var log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/jockey\.log.*, /var/log/jockey(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -41997,17 +42180,19 @@ index 0000000..3ae7f9e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), jockey(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), jockey(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/kadmind_selinux.8 b/man/man8/kadmind_selinux.8
new file mode 100644
-index 0000000..6197d05
+index 0000000..fac3961
--- /dev/null
+++ b/man/man8/kadmind_selinux.8
-@@ -0,0 +1,164 @@
-+.TH "kadmind_selinux" "8" "kadmind" "dwalsh at redhat.com" "kadmind SELinux Policy documentation"
+@@ -0,0 +1,162 @@
++.TH "kadmind_selinux" "8" "12-10-19" "kadmind" "SELinux Policy documentation for kadmind"
+.SH "NAME"
+kadmind_selinux \- Security Enhanced Linux Policy for the kadmind processes
+.SH "DESCRIPTION"
@@ -42062,10 +42247,6 @@ index 0000000..6197d05
+
+- Set files with the kadmind_exec_t type, if you want to transition an executable to the kadmind_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/(kerberos/)?sbin/kadmind, /usr/kerberos/sbin/kadmin\.local
+
+.EX
+.PP
@@ -42167,17 +42348,19 @@ index 0000000..6197d05
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), kadmind(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), kadmind(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/kdump_selinux.8 b/man/man8/kdump_selinux.8
new file mode 100644
-index 0000000..d2215f7
+index 0000000..e7aed0f
--- /dev/null
+++ b/man/man8/kdump_selinux.8
-@@ -0,0 +1,171 @@
-+.TH "kdump_selinux" "8" "kdump" "dwalsh at redhat.com" "kdump SELinux Policy documentation"
+@@ -0,0 +1,165 @@
++.TH "kdump_selinux" "8" "12-10-19" "kdump" "SELinux Policy documentation for kdump"
+.SH "NAME"
+kdump_selinux \- Security Enhanced Linux Policy for the kdump processes
+.SH "DESCRIPTION"
@@ -42195,7 +42378,7 @@ index 0000000..d2215f7
+
+The kdump_t SELinux type can be entered via the "kdump_exec_t" file type. The default entrypoint paths for the kdump_t domain are the following:"
+
-+/usr/sbin/kdump, /usr/sbin/kexec, /sbin/kdump, /sbin/kexec
++/sbin/kdump, /sbin/kexec, /usr/sbin/kdump, /usr/sbin/kexec
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -42240,10 +42423,6 @@ index 0000000..d2215f7
+
+- Set files with the kdump_exec_t type, if you want to transition an executable to the kdump_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/kdump, /usr/sbin/kexec, /sbin/kdump, /sbin/kexec
+
+.EX
+.PP
@@ -42308,10 +42487,6 @@ index 0000000..d2215f7
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type kdump_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -42343,19 +42518,21 @@ index 0000000..d2215f7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), kdump(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), kdump(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, kdumpctl_selinux(8), kdumpgui_selinux(8)
\ No newline at end of file
diff --git a/man/man8/kdumpctl_selinux.8 b/man/man8/kdumpctl_selinux.8
new file mode 100644
-index 0000000..e58cb36
+index 0000000..589e27c
--- /dev/null
+++ b/man/man8/kdumpctl_selinux.8
-@@ -0,0 +1,129 @@
-+.TH "kdumpctl_selinux" "8" "kdumpctl" "dwalsh at redhat.com" "kdumpctl SELinux Policy documentation"
+@@ -0,0 +1,131 @@
++.TH "kdumpctl_selinux" "8" "12-10-19" "kdumpctl" "SELinux Policy documentation for kdumpctl"
+.SH "NAME"
+kdumpctl_selinux \- Security Enhanced Linux Policy for the kdumpctl processes
+.SH "DESCRIPTION"
@@ -42479,19 +42656,21 @@ index 0000000..e58cb36
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), kdumpctl(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), kdumpctl(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, kdump_selinux(8)
\ No newline at end of file
diff --git a/man/man8/kdumpgui_selinux.8 b/man/man8/kdumpgui_selinux.8
new file mode 100644
-index 0000000..1730a1d
+index 0000000..96bef8e
--- /dev/null
+++ b/man/man8/kdumpgui_selinux.8
-@@ -0,0 +1,195 @@
-+.TH "kdumpgui_selinux" "8" "kdumpgui" "dwalsh at redhat.com" "kdumpgui SELinux Policy documentation"
+@@ -0,0 +1,197 @@
++.TH "kdumpgui_selinux" "8" "12-10-19" "kdumpgui" "SELinux Policy documentation for kdumpgui"
+.SH "NAME"
+kdumpgui_selinux \- Security Enhanced Linux Policy for the kdumpgui processes
+.SH "DESCRIPTION"
@@ -42611,10 +42790,10 @@ index 0000000..1730a1d
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -42681,10 +42860,12 @@ index 0000000..1730a1d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), kdumpgui(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), kdumpgui(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, kdump_selinux(8)
\ No newline at end of file
diff --git a/man/man8/kerberos_selinux.8 b/man/man8/kerberos_selinux.8
@@ -42723,11 +42904,11 @@ index a8f81c8..0000000
-selinux(8), kerberos(1), chcon(1), setsebool(8)
diff --git a/man/man8/keyboardd_selinux.8 b/man/man8/keyboardd_selinux.8
new file mode 100644
-index 0000000..2adfcd3
+index 0000000..859d54a
--- /dev/null
+++ b/man/man8/keyboardd_selinux.8
-@@ -0,0 +1,142 @@
-+.TH "keyboardd_selinux" "8" "keyboardd" "dwalsh at redhat.com" "keyboardd SELinux Policy documentation"
+@@ -0,0 +1,144 @@
++.TH "keyboardd_selinux" "8" "12-10-19" "keyboardd" "SELinux Policy documentation for keyboardd"
+.SH "NAME"
+keyboardd_selinux \- Security Enhanced Linux Policy for the keyboardd processes
+.SH "DESCRIPTION"
@@ -42827,10 +43008,10 @@ index 0000000..2adfcd3
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -42865,17 +43046,19 @@ index 0000000..2adfcd3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), keyboardd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), keyboardd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/keystone_selinux.8 b/man/man8/keystone_selinux.8
new file mode 100644
-index 0000000..1f90fd7
+index 0000000..695ee4e
--- /dev/null
+++ b/man/man8/keystone_selinux.8
-@@ -0,0 +1,238 @@
-+.TH "keystone_selinux" "8" "keystone" "dwalsh at redhat.com" "keystone SELinux Policy documentation"
+@@ -0,0 +1,242 @@
++.TH "keystone_selinux" "8" "12-10-19" "keystone" "SELinux Policy documentation for keystone"
+.SH "NAME"
+keystone_selinux \- Security Enhanced Linux Policy for the keystone processes
+.SH "DESCRIPTION"
@@ -43034,6 +43217,8 @@ index 0000000..1f90fd7
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -43109,17 +43294,19 @@ index 0000000..1f90fd7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), keystone(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), keystone(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/kismet_selinux.8 b/man/man8/kismet_selinux.8
new file mode 100644
-index 0000000..e189330
+index 0000000..827042e
--- /dev/null
+++ b/man/man8/kismet_selinux.8
-@@ -0,0 +1,186 @@
-+.TH "kismet_selinux" "8" "kismet" "dwalsh at redhat.com" "kismet SELinux Policy documentation"
+@@ -0,0 +1,188 @@
++.TH "kismet_selinux" "8" "12-10-19" "kismet" "SELinux Policy documentation for kismet"
+.SH "NAME"
+kismet_selinux \- Security Enhanced Linux Policy for the kismet processes
+.SH "DESCRIPTION"
@@ -43301,17 +43488,19 @@ index 0000000..e189330
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), kismet(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), kismet(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/klogd_selinux.8 b/man/man8/klogd_selinux.8
new file mode 100644
-index 0000000..0516011
+index 0000000..8edeb20
--- /dev/null
+++ b/man/man8/klogd_selinux.8
-@@ -0,0 +1,118 @@
-+.TH "klogd_selinux" "8" "klogd" "dwalsh at redhat.com" "klogd SELinux Policy documentation"
+@@ -0,0 +1,116 @@
++.TH "klogd_selinux" "8" "12-10-19" "klogd" "SELinux Policy documentation for klogd"
+.SH "NAME"
+klogd_selinux \- Security Enhanced Linux Policy for the klogd processes
+.SH "DESCRIPTION"
@@ -43329,7 +43518,7 @@ index 0000000..0516011
+
+The klogd_t SELinux type can be entered via the "klogd_exec_t" file type. The default entrypoint paths for the klogd_t domain are the following:"
+
-+/usr/sbin/rklogd, /usr/sbin/klogd, /sbin/klogd, /sbin/rklogd
++/sbin/klogd, /sbin/rklogd, /usr/sbin/klogd, /usr/sbin/rklogd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -43366,10 +43555,6 @@ index 0000000..0516011
+
+- Set files with the klogd_exec_t type, if you want to transition an executable to the klogd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/rklogd, /usr/sbin/klogd, /sbin/klogd, /sbin/rklogd
+
+.EX
+.PP
@@ -43425,17 +43610,19 @@ index 0000000..0516011
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), klogd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), klogd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/kpropd_selinux.8 b/man/man8/kpropd_selinux.8
new file mode 100644
-index 0000000..faa7add
+index 0000000..63a00c5
--- /dev/null
+++ b/man/man8/kpropd_selinux.8
@@ -0,0 +1,168 @@
-+.TH "kpropd_selinux" "8" "kpropd" "dwalsh at redhat.com" "kpropd SELinux Policy documentation"
++.TH "kpropd_selinux" "8" "12-10-19" "kpropd" "SELinux Policy documentation for kpropd"
+.SH "NAME"
+kpropd_selinux \- Security Enhanced Linux Policy for the kpropd processes
+.SH "DESCRIPTION"
@@ -43453,7 +43640,7 @@ index 0000000..faa7add
+
+The kpropd_t SELinux type can be entered via the "kpropd_exec_t" file type. The default entrypoint paths for the kpropd_t domain are the following:"
+
-+/usr/kerberos/sbin/kpropd, /usr/sbin/kpropd
++/usr/sbin/kpropd, /usr/kerberos/sbin/kpropd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -43490,10 +43677,6 @@ index 0000000..faa7add
+
+- Set files with the kpropd_exec_t type, if you want to transition an executable to the kpropd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/kerberos/sbin/kpropd, /usr/sbin/kpropd
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -43536,6 +43719,8 @@ index 0000000..faa7add
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -43599,17 +43784,19 @@ index 0000000..faa7add
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), kpropd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), kpropd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/krb5kdc_selinux.8 b/man/man8/krb5kdc_selinux.8
new file mode 100644
-index 0000000..d23b126
+index 0000000..37c90ba
--- /dev/null
+++ b/man/man8/krb5kdc_selinux.8
-@@ -0,0 +1,186 @@
-+.TH "krb5kdc_selinux" "8" "krb5kdc" "dwalsh at redhat.com" "krb5kdc SELinux Policy documentation"
+@@ -0,0 +1,176 @@
++.TH "krb5kdc_selinux" "8" "12-10-19" "krb5kdc" "SELinux Policy documentation for krb5kdc"
+.SH "NAME"
+krb5kdc_selinux \- Security Enhanced Linux Policy for the krb5kdc processes
+.SH "DESCRIPTION"
@@ -43664,10 +43851,6 @@ index 0000000..d23b126
+
+- Set files with the krb5kdc_conf_t type, if you want to treat the files as krb5kdc configuration data, usually stored under the /etc directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/var/krb5kdc(/.*)?, /var/kerberos/krb5kdc(/.*)?, /etc/krb5kdc(/.*)?
+
+.EX
+.PP
@@ -43684,10 +43867,6 @@ index 0000000..d23b126
+
+- Set files with the krb5kdc_lock_t type, if you want to treat the files as krb5kdc lock data, stored under the /var/lock directory
+
-+.br
-+.TP 5
-+Paths:
-+/var/kerberos/krb5kdc/principal.*\.ok, /var/kerberos/krb5kdc/from_master.*
+
+.EX
+.PP
@@ -43704,10 +43883,6 @@ index 0000000..d23b126
+
+- Set files with the krb5kdc_principal_t type, if you want to treat the files as krb5kdc principal data.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/krb5kdc/principal.*, /var/kerberos/krb5kdc/principal.*, /usr/var/krb5kdc/principal.*
+
+.EX
+.PP
@@ -43791,17 +43966,19 @@ index 0000000..d23b126
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), krb5kdc(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), krb5kdc(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ksmtuned_selinux.8 b/man/man8/ksmtuned_selinux.8
new file mode 100644
-index 0000000..af55445
+index 0000000..c6a6b54
--- /dev/null
+++ b/man/man8/ksmtuned_selinux.8
-@@ -0,0 +1,144 @@
-+.TH "ksmtuned_selinux" "8" "ksmtuned" "dwalsh at redhat.com" "ksmtuned SELinux Policy documentation"
+@@ -0,0 +1,146 @@
++.TH "ksmtuned_selinux" "8" "12-10-19" "ksmtuned" "SELinux Policy documentation for ksmtuned"
+.SH "NAME"
+ksmtuned_selinux \- Security Enhanced Linux Policy for the ksmtuned processes
+.SH "DESCRIPTION"
@@ -43941,17 +44118,19 @@ index 0000000..af55445
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ksmtuned(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ksmtuned(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ktalkd_selinux.8 b/man/man8/ktalkd_selinux.8
new file mode 100644
-index 0000000..30f19a6
+index 0000000..c2f94df
--- /dev/null
+++ b/man/man8/ktalkd_selinux.8
-@@ -0,0 +1,170 @@
-+.TH "ktalkd_selinux" "8" "ktalkd" "dwalsh at redhat.com" "ktalkd SELinux Policy documentation"
+@@ -0,0 +1,168 @@
++.TH "ktalkd_selinux" "8" "12-10-19" "ktalkd" "SELinux Policy documentation for ktalkd"
+.SH "NAME"
+ktalkd_selinux \- Security Enhanced Linux Policy for the ktalkd processes
+.SH "DESCRIPTION"
@@ -43969,7 +44148,7 @@ index 0000000..30f19a6
+
+The ktalkd_t SELinux type can be entered via the "ktalkd_exec_t" file type. The default entrypoint paths for the ktalkd_t domain are the following:"
+
-+/usr/sbin/in\.talkd, /usr/bin/ktalkd, /usr/sbin/in\.ntalkd
++/usr/bin/ktalkd, /usr/sbin/in\.talkd, /usr/sbin/in\.ntalkd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -44006,10 +44185,6 @@ index 0000000..30f19a6
+
+- Set files with the ktalkd_exec_t type, if you want to transition an executable to the ktalkd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/in\.talkd, /usr/bin/ktalkd, /usr/sbin/in\.ntalkd
+
+.EX
+.PP
@@ -44117,17 +44292,19 @@ index 0000000..30f19a6
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ktalkd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ktalkd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/l2tpd_selinux.8 b/man/man8/l2tpd_selinux.8
new file mode 100644
-index 0000000..d83d4c3
+index 0000000..d65a0dc
--- /dev/null
+++ b/man/man8/l2tpd_selinux.8
-@@ -0,0 +1,168 @@
-+.TH "l2tpd_selinux" "8" "l2tpd" "dwalsh at redhat.com" "l2tpd SELinux Policy documentation"
+@@ -0,0 +1,158 @@
++.TH "l2tpd_selinux" "8" "12-10-19" "l2tpd" "SELinux Policy documentation for l2tpd"
+.SH "NAME"
+l2tpd_selinux \- Security Enhanced Linux Policy for the l2tpd processes
+.SH "DESCRIPTION"
@@ -44182,10 +44359,6 @@ index 0000000..d83d4c3
+
+- Set files with the l2tpd_exec_t type, if you want to transition an executable to the l2tpd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/xl2tpd, /usr/sbin/prol2tpd, /usr/sbin/openl2tpd
+
+.EX
+.PP
@@ -44194,10 +44367,6 @@ index 0000000..d83d4c3
+
+- Set files with the l2tpd_initrc_exec_t type, if you want to transition an executable to the l2tpd_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/xl2tpd, /etc/rc\.d/init\.d/prol2tpd, /etc/rc\.d/init\.d/openl2tpd
+
+.EX
+.PP
@@ -44214,10 +44383,6 @@ index 0000000..d83d4c3
+
+- Set files with the l2tpd_var_run_t type, if you want to store the l2tpd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/prol2tpd(/.*)?, /var/run/prol2tpd\.pid, /var/run/prol2tpd\.ctl, /var/run/xl2tpd\.pid, /var/run/openl2tpd\.pid, /var/run/xl2tpd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -44291,17 +44456,19 @@ index 0000000..d83d4c3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), l2tpd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), l2tpd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ldconfig_selinux.8 b/man/man8/ldconfig_selinux.8
new file mode 100644
-index 0000000..9ba649f
+index 0000000..a3a6175
--- /dev/null
+++ b/man/man8/ldconfig_selinux.8
-@@ -0,0 +1,160 @@
-+.TH "ldconfig_selinux" "8" "ldconfig" "dwalsh at redhat.com" "ldconfig SELinux Policy documentation"
+@@ -0,0 +1,158 @@
++.TH "ldconfig_selinux" "8" "12-10-19" "ldconfig" "SELinux Policy documentation for ldconfig"
+.SH "NAME"
+ldconfig_selinux \- Security Enhanced Linux Policy for the ldconfig processes
+.SH "DESCRIPTION"
@@ -44319,7 +44486,7 @@ index 0000000..9ba649f
+
+The ldconfig_t SELinux type can be entered via the "ldconfig_exec_t" file type. The default entrypoint paths for the ldconfig_t domain are the following:"
+
-+/usr/sbin/ldconfig, /sbin/ldconfig
++/sbin/ldconfig, /usr/sbin/ldconfig
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -44364,10 +44531,6 @@ index 0000000..9ba649f
+
+- Set files with the ldconfig_exec_t type, if you want to transition an executable to the ldconfig_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/ldconfig, /sbin/ldconfig
+
+.EX
+.PP
@@ -44457,17 +44620,19 @@ index 0000000..9ba649f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ldconfig(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ldconfig(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/lircd_selinux.8 b/man/man8/lircd_selinux.8
new file mode 100644
-index 0000000..f9c4b9d
+index 0000000..f6f4077
--- /dev/null
+++ b/man/man8/lircd_selinux.8
-@@ -0,0 +1,166 @@
-+.TH "lircd_selinux" "8" "lircd" "dwalsh at redhat.com" "lircd SELinux Policy documentation"
+@@ -0,0 +1,160 @@
++.TH "lircd_selinux" "8" "12-10-19" "lircd" "SELinux Policy documentation for lircd"
+.SH "NAME"
+lircd_selinux \- Security Enhanced Linux Policy for the lircd processes
+.SH "DESCRIPTION"
@@ -44522,10 +44687,6 @@ index 0000000..f9c4b9d
+
+- Set files with the lircd_etc_t type, if you want to store lircd files in the /etc directories.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/lircd\.conf, /etc/lirc(/.*)?
+
+.EX
+.PP
@@ -44550,10 +44711,6 @@ index 0000000..f9c4b9d
+
+- Set files with the lircd_var_run_t type, if you want to store the lircd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/lirc(/.*)?, /var/run/lircd(/.*)?, /var/run/lircd\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -44629,17 +44786,19 @@ index 0000000..f9c4b9d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), lircd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), lircd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/livecd_selinux.8 b/man/man8/livecd_selinux.8
new file mode 100644
-index 0000000..f947686
+index 0000000..bf16e67
--- /dev/null
+++ b/man/man8/livecd_selinux.8
-@@ -0,0 +1,102 @@
-+.TH "livecd_selinux" "8" "livecd" "dwalsh at redhat.com" "livecd SELinux Policy documentation"
+@@ -0,0 +1,104 @@
++.TH "livecd_selinux" "8" "12-10-19" "livecd" "SELinux Policy documentation for livecd"
+.SH "NAME"
+livecd_selinux \- Security Enhanced Linux Policy for the livecd processes
+.SH "DESCRIPTION"
@@ -44655,9 +44814,9 @@ index 0000000..f947686
+
+.SH "ENTRYPOINTS"
+
-+The livecd_t SELinux type can be entered via the "proc_type,file_type,mtrr_device_t,sysctl_type,filesystem_type,livecd_exec_t,unlabeled_t" file types. The default entrypoint paths for the livecd_t domain are the following:"
++The livecd_t SELinux type can be entered via the "unlabeled_t,proc_type,file_type,livecd_exec_t,sysctl_type,mtrr_device_t,filesystem_type" file types. The default entrypoint paths for the livecd_t domain are the following:"
+
-+/dev/cpu/mtrr, /usr/bin/livecd-creator
++all files on the system, /usr/bin/livecd-creator, /dev/cpu/mtrr
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -44737,17 +44896,19 @@ index 0000000..f947686
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), livecd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), livecd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/lldpad_selinux.8 b/man/man8/lldpad_selinux.8
new file mode 100644
-index 0000000..fe283cb
+index 0000000..698eef4
--- /dev/null
+++ b/man/man8/lldpad_selinux.8
-@@ -0,0 +1,136 @@
-+.TH "lldpad_selinux" "8" "lldpad" "dwalsh at redhat.com" "lldpad SELinux Policy documentation"
+@@ -0,0 +1,138 @@
++.TH "lldpad_selinux" "8" "12-10-19" "lldpad" "SELinux Policy documentation for lldpad"
+.SH "NAME"
+lldpad_selinux \- Security Enhanced Linux Policy for the lldpad processes
+.SH "DESCRIPTION"
@@ -44879,17 +45040,19 @@ index 0000000..fe283cb
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), lldpad(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), lldpad(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/load_policy_selinux.8 b/man/man8/load_policy_selinux.8
new file mode 100644
-index 0000000..6bd77d9
+index 0000000..89cd0f7
--- /dev/null
+++ b/man/man8/load_policy_selinux.8
-@@ -0,0 +1,97 @@
-+.TH "load_policy_selinux" "8" "load_policy" "dwalsh at redhat.com" "load_policy SELinux Policy documentation"
+@@ -0,0 +1,95 @@
++.TH "load_policy_selinux" "8" "12-10-19" "load_policy" "SELinux Policy documentation for load_policy"
+.SH "NAME"
+load_policy_selinux \- Security Enhanced Linux Policy for the load_policy processes
+.SH "DESCRIPTION"
@@ -44907,7 +45070,7 @@ index 0000000..6bd77d9
+
+The load_policy_t SELinux type can be entered via the "load_policy_exec_t" file type. The default entrypoint paths for the load_policy_t domain are the following:"
+
-+/usr/sbin/load_policy, /sbin/load_policy
++/sbin/load_policy, /usr/sbin/load_policy
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -44944,10 +45107,6 @@ index 0000000..6bd77d9
+
+- Set files with the load_policy_exec_t type, if you want to transition an executable to the load_policy_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/load_policy, /sbin/load_policy
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -44981,19 +45140,21 @@ index 0000000..6bd77d9
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), load_policy(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), load_policy(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, loadkeys_selinux(8)
\ No newline at end of file
diff --git a/man/man8/loadkeys_selinux.8 b/man/man8/loadkeys_selinux.8
new file mode 100644
-index 0000000..18f76c5
+index 0000000..32612b6
--- /dev/null
+++ b/man/man8/loadkeys_selinux.8
-@@ -0,0 +1,92 @@
-+.TH "loadkeys_selinux" "8" "loadkeys" "dwalsh at redhat.com" "loadkeys SELinux Policy documentation"
+@@ -0,0 +1,86 @@
++.TH "loadkeys_selinux" "8" "12-10-19" "loadkeys" "SELinux Policy documentation for loadkeys"
+.SH "NAME"
+loadkeys_selinux \- Security Enhanced Linux Policy for the loadkeys processes
+.SH "DESCRIPTION"
@@ -45048,10 +45209,6 @@ index 0000000..18f76c5
+
+- Set files with the loadkeys_exec_t type, if you want to transition an executable to the loadkeys_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/unikeys, /usr/bin/loadkeys
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -45060,10 +45217,6 @@ index 0000000..18f76c5
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type loadkeys_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -45081,17 +45234,19 @@ index 0000000..18f76c5
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), loadkeys(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), loadkeys(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/locate_selinux.8 b/man/man8/locate_selinux.8
new file mode 100644
-index 0000000..35b40ae
+index 0000000..ef37c45
--- /dev/null
+++ b/man/man8/locate_selinux.8
-@@ -0,0 +1,124 @@
-+.TH "locate_selinux" "8" "locate" "dwalsh at redhat.com" "locate SELinux Policy documentation"
+@@ -0,0 +1,126 @@
++.TH "locate_selinux" "8" "12-10-19" "locate" "SELinux Policy documentation for locate"
+.SH "NAME"
+locate_selinux \- Security Enhanced Linux Policy for the locate processes
+.SH "DESCRIPTION"
@@ -45211,17 +45366,19 @@ index 0000000..35b40ae
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), locate(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), locate(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/lockdev_selinux.8 b/man/man8/lockdev_selinux.8
new file mode 100644
-index 0000000..99e7812
+index 0000000..2f295fc
--- /dev/null
+++ b/man/man8/lockdev_selinux.8
-@@ -0,0 +1,100 @@
-+.TH "lockdev_selinux" "8" "lockdev" "dwalsh at redhat.com" "lockdev SELinux Policy documentation"
+@@ -0,0 +1,102 @@
++.TH "lockdev_selinux" "8" "12-10-19" "lockdev" "SELinux Policy documentation for lockdev"
+.SH "NAME"
+lockdev_selinux \- Security Enhanced Linux Policy for the lockdev processes
+.SH "DESCRIPTION"
@@ -45317,16 +45474,18 @@ index 0000000..99e7812
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), lockdev(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), lockdev(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/logadm_selinux.8 b/man/man8/logadm_selinux.8
new file mode 100644
-index 0000000..6cbdeaf
+index 0000000..ac1ff45
--- /dev/null
+++ b/man/man8/logadm_selinux.8
-@@ -0,0 +1,159 @@
+@@ -0,0 +1,161 @@
+.TH "logadm_selinux" "8" "logadm" "mgrepl at redhat.com" "logadm SELinux Policy documentation"
+.SH "NAME"
+logadm_r \- \fBLog administrator role\fP - Security Enhanced Linux Policy
@@ -45482,17 +45641,19 @@ index 0000000..6cbdeaf
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), logadm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), logadm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/logrotate_selinux.8 b/man/man8/logrotate_selinux.8
new file mode 100644
-index 0000000..7f9f90d
+index 0000000..a856329
--- /dev/null
+++ b/man/man8/logrotate_selinux.8
-@@ -0,0 +1,200 @@
-+.TH "logrotate_selinux" "8" "logrotate" "dwalsh at redhat.com" "logrotate SELinux Policy documentation"
+@@ -0,0 +1,198 @@
++.TH "logrotate_selinux" "8" "12-10-19" "logrotate" "SELinux Policy documentation for logrotate"
+.SH "NAME"
+logrotate_selinux \- Security Enhanced Linux Policy for the logrotate processes
+.SH "DESCRIPTION"
@@ -45510,7 +45671,7 @@ index 0000000..7f9f90d
+
+The logrotate_t SELinux type can be entered via the "logrotate_exec_t" file type. The default entrypoint paths for the logrotate_t domain are the following:"
+
-+/usr/sbin/logrotate, /etc/cron\.(daily|weekly)/sysklogd
++/etc/cron\.(daily|weekly)/sysklogd, /usr/sbin/logrotate
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -45547,10 +45708,6 @@ index 0000000..7f9f90d
+
+- Set files with the logrotate_exec_t type, if you want to transition an executable to the logrotate_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/logrotate, /etc/cron\.(daily|weekly)/sysklogd
+
+.EX
+.PP
@@ -45688,17 +45845,19 @@ index 0000000..7f9f90d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), logrotate(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), logrotate(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/logwatch_selinux.8 b/man/man8/logwatch_selinux.8
new file mode 100644
-index 0000000..00dabce
+index 0000000..460e128
--- /dev/null
+++ b/man/man8/logwatch_selinux.8
-@@ -0,0 +1,176 @@
-+.TH "logwatch_selinux" "8" "logwatch" "dwalsh at redhat.com" "logwatch SELinux Policy documentation"
+@@ -0,0 +1,170 @@
++.TH "logwatch_selinux" "8" "12-10-19" "logwatch" "SELinux Policy documentation for logwatch"
+.SH "NAME"
+logwatch_selinux \- Security Enhanced Linux Policy for the logwatch processes
+.SH "DESCRIPTION"
@@ -45716,7 +45875,7 @@ index 0000000..00dabce
+
+The logwatch_t SELinux type can be entered via the "logwatch_exec_t" file type. The default entrypoint paths for the logwatch_t domain are the following:"
+
-+/usr/sbin/logcheck, /usr/sbin/epylog, /usr/share/logwatch/scripts/logwatch\.pl
++/usr/sbin/epylog, /usr/sbin/logcheck, /usr/share/logwatch/scripts/logwatch\.pl
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -45753,10 +45912,6 @@ index 0000000..00dabce
+
+- Set files with the logwatch_cache_t type, if you want to store the files under the /var/cache directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/epylog(/.*)?, /var/lib/logcheck(/.*)?, /var/cache/logwatch(/.*)?
+
+.EX
+.PP
@@ -45765,10 +45920,6 @@ index 0000000..00dabce
+
+- Set files with the logwatch_exec_t type, if you want to transition an executable to the logwatch_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/logcheck, /usr/sbin/epylog, /usr/share/logwatch/scripts/logwatch\.pl
+
+.EX
+.PP
@@ -45870,17 +46021,19 @@ index 0000000..00dabce
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), logwatch(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), logwatch(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/lpd_selinux.8 b/man/man8/lpd_selinux.8
new file mode 100644
-index 0000000..e0ad0a8
+index 0000000..db665d6
--- /dev/null
+++ b/man/man8/lpd_selinux.8
-@@ -0,0 +1,159 @@
-+.TH "lpd_selinux" "8" "lpd" "dwalsh at redhat.com" "lpd SELinux Policy documentation"
+@@ -0,0 +1,164 @@
++.TH "lpd_selinux" "8" "12-10-19" "lpd" "SELinux Policy documentation for lpd"
+.SH "NAME"
+lpd_selinux \- Security Enhanced Linux Policy for the lpd processes
+.SH "DESCRIPTION"
@@ -45928,6 +46081,13 @@ index 0000000..e0ad0a8
+.B setsebool -P use_lpd_server 1
+.EE
+
++.PP
++If you want to use lpd server instead of cups, you must turn on the use_lpd_server boolean.
++
++.EX
++.B setsebool -P use_lpd_server 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -45962,10 +46122,6 @@ index 0000000..e0ad0a8
+
+- Set files with the lpd_var_run_t type, if you want to store the lpd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/spool/turboprint(/.*)?, /var/run/lprng(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -46034,19 +46190,21 @@ index 0000000..e0ad0a8
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), lpd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), lpd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), lpr_selinux(8)
\ No newline at end of file
diff --git a/man/man8/lpr_selinux.8 b/man/man8/lpr_selinux.8
new file mode 100644
-index 0000000..aee6456
+index 0000000..82f23da
--- /dev/null
+++ b/man/man8/lpr_selinux.8
-@@ -0,0 +1,114 @@
-+.TH "lpr_selinux" "8" "lpr" "dwalsh at redhat.com" "lpr SELinux Policy documentation"
+@@ -0,0 +1,108 @@
++.TH "lpr_selinux" "8" "12-10-19" "lpr" "SELinux Policy documentation for lpr"
+.SH "NAME"
+lpr_selinux \- Security Enhanced Linux Policy for the lpr processes
+.SH "DESCRIPTION"
@@ -46064,7 +46222,7 @@ index 0000000..aee6456
+
+The lpr_t SELinux type can be entered via the "lpr_exec_t" file type. The default entrypoint paths for the lpr_t domain are the following:"
+
-+/usr/sbin/accept, /opt/gutenprint/s?bin(/.*)?, /usr/bin/cancel(\.cups)?, /usr/bin/lp(\.cups)?, /usr/bin/lpstat(\.cups)?, /usr/sbin/lpc(\.cups)?, /usr/bin/lpoptions, /usr/bin/lpq(\.cups)?, /usr/sbin/lpadmin, /usr/sbin/lpinfo, /usr/bin/lpr(\.cups)?, /usr/sbin/lpmove, /usr/bin/lprm(\.cups)?, /usr/linuxprinter/bin/l?lpr
++/usr/bin/lp(\.cups)?, /usr/bin/lpq(\.cups)?, /usr/bin/lpr(\.cups)?, /usr/bin/lprm(\.cups)?, /usr/sbin/lpc(\.cups)?, /usr/bin/cancel(\.cups)?, /usr/bin/lpstat(\.cups)?, /opt/gutenprint/s?bin(/.*)?, /usr/linuxprinter/bin/l?lpr, /usr/sbin/accept, /usr/sbin/lpinfo, /usr/sbin/lpmove, /usr/sbin/lpadmin, /usr/bin/lpoptions
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -46101,10 +46259,6 @@ index 0000000..aee6456
+
+- Set files with the lpr_exec_t type, if you want to transition an executable to the lpr_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/accept, /opt/gutenprint/s?bin(/.*)?, /usr/bin/cancel(\.cups)?, /usr/bin/lp(\.cups)?, /usr/bin/lpstat(\.cups)?, /usr/sbin/lpc(\.cups)?, /usr/bin/lpoptions, /usr/bin/lpq(\.cups)?, /usr/sbin/lpadmin, /usr/sbin/lpinfo, /usr/bin/lpr(\.cups)?, /usr/sbin/lpmove, /usr/bin/lprm(\.cups)?, /usr/linuxprinter/bin/l?lpr
+
+.EX
+.PP
@@ -46121,10 +46275,6 @@ index 0000000..aee6456
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type lpr_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -46156,17 +46306,19 @@ index 0000000..aee6456
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), lpr(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), lpr(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/lsassd_selinux.8 b/man/man8/lsassd_selinux.8
new file mode 100644
-index 0000000..d9e98e3
+index 0000000..63ced1d
--- /dev/null
+++ b/man/man8/lsassd_selinux.8
@@ -0,0 +1,266 @@
-+.TH "lsassd_selinux" "8" "lsassd" "dwalsh at redhat.com" "lsassd SELinux Policy documentation"
++.TH "lsassd_selinux" "8" "12-10-19" "lsassd" "SELinux Policy documentation for lsassd"
+.SH "NAME"
+lsassd_selinux \- Security Enhanced Linux Policy for the lsassd processes
+.SH "DESCRIPTION"
@@ -46237,10 +46389,6 @@ index 0000000..d9e98e3
+
+- Set files with the lsassd_var_lib_t type, if you want to store the lsassd files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/likewise-open/krb5ccr_lsass, /var/lib/likewise-open/db/lsass-adstate\.filedb, /var/lib/likewise-open/lsasd\.err, /var/lib/likewise-open/db/lsass-adcache\.db, /var/lib/likewise-open/db/sam\.db
+
+.EX
+.PP
@@ -46257,10 +46405,6 @@ index 0000000..d9e98e3
+
+- Set files with the lsassd_var_socket_t type, if you want to treat the files as lsassd var socket data.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/likewise-open/rpc/lsass, /var/lib/likewise-open/\.lsassd, /var/lib/likewise-open/\.ntlmd
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -46306,10 +46450,10 @@ index 0000000..d9e98e3
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -46338,6 +46482,12 @@ index 0000000..d9e98e3
+.br
+ /var/ftp/etc(/.*)?
+.br
++ /var/lib/openshift/.limits.d(/.*)?
++.br
++ /var/lib/openshift/.openshift-proxy.d(/.*)?
++.br
++ /var/lib/openshift/.stickshift-proxy.d(/.*)?
++.br
+ /var/lib/stickshift/.limits.d(/.*)?
+.br
+ /var/lib/stickshift/.stickshift-proxy.d(/.*)?
@@ -46428,17 +46578,19 @@ index 0000000..d9e98e3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), lsassd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), lsassd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/lvm_selinux.8 b/man/man8/lvm_selinux.8
new file mode 100644
-index 0000000..ff7e62b
+index 0000000..b8beab1
--- /dev/null
+++ b/man/man8/lvm_selinux.8
-@@ -0,0 +1,250 @@
-+.TH "lvm_selinux" "8" "lvm" "dwalsh at redhat.com" "lvm SELinux Policy documentation"
+@@ -0,0 +1,236 @@
++.TH "lvm_selinux" "8" "12-10-19" "lvm" "SELinux Policy documentation for lvm"
+.SH "NAME"
+lvm_selinux \- Security Enhanced Linux Policy for the lvm processes
+.SH "DESCRIPTION"
@@ -46456,7 +46608,7 @@ index 0000000..ff7e62b
+
+The lvm_t SELinux type can be entered via the "lvm_exec_t" file type. The default entrypoint paths for the lvm_t domain are the following:"
+
-+/sbin/dmsetup, /usr/sbin/dmsetup, /usr/sbin/pvchange, /sbin/dmraid, /sbin/pvremove, /sbin/vgextend, /sbin/vgscan\.static, /sbin/vgrename, /usr/sbin/vgck, /sbin/lvdisplay, /usr/lib/lvm-10/.*, /sbin/lvmdiskscan, /sbin/lvresize, /sbin/vgmknodes, /usr/sbin/lvdisplay, /usr/sbin/mount\.crypt, /usr/sbin/pvs, /usr/lib/systemd/systemd-cryptsetup, /sbin/pvmove, /sbin/multipath\.static, /usr/sbin/pvcreate, /usr/sbin/lvmdiskscan, /usr/sbin/vgcfgbackup, /usr/sbin/lvmiopversion, /usr/sbin/vgimport, /sbin/vgck, /sbin/pvscan, /usr/sbin/lvmchange, /sbin/lvreduce, /sbin/vgremove, /sbin/vgscan, /sbin/vgsplit, /lib/lvm-200/.*, /usr/sbin/lvremove, /sbin/vgmerge, /usr/sbin/vgchange\.static, /sbin/pvcreate, /usr/sbin/lvm, /usr/sbin/lvrename, /usr/sbin/lvmsadc, /usr/lib/lvm-200/.*, /usr/sbin/pvdata, /usr/sbin/lvmetad, /sbin/vgchange, /sbin/lvm\.static, /sbin/vgcfgbackup, /sbin/e2fsadm, /sbin/lvm, /sbin/pvdata, /usr/sbin/lvcreate, /usr/sbin/vgextend, /sbin/lvextend, /usr/lib/udev/udisks-lvm-pv-expo
rt, /sbin/vgcfgrestore, /usr/sbin/vgscan, /sbin/vgs, /sbin/lvmchange, /sbin/vgimport, /usr/sbin/lvscan, /usr/sbin/pvscan, /usr/sbin/vgreduce, /usr/sbin/dmsetup\.static, /usr/sbin/vgexport, /usr/sbin/lvextend, /usr/sbin/cryptsetup, /usr/sbin/dmraid, /usr/sbin/lvresize, /sbin/dmsetup\.static, /sbin/lvmsar, /usr/sbin/vgs, /usr/sbin/vgrename, /usr/sbin/lvs, /sbin/vgchange\.static, /usr/sbin/pvmove, /sbin/lvmsadc, /usr/sbin/vgmknodes, /sbin/lvmetad, /sbin/lvmiopversion, /usr/sbin/pvdisplay, /usr/sbin/vgremove, /usr/sbin/vgscan\.static, /sbin/pvdisplay, /usr/sbin/vgcfgrestore, /usr/sbin/kpartx, /sbin/cryptsetup, /lib/udev/udisks-lvm-pv-export, /sbin/vgwrapper, /sbin/pvs, /sbin/lvchange, /sbin/pvchange, /usr/sbin/lvm\.static, /usr/sbin/multipathd, /sbin/mount\.crypt, /sbin/vgcreate, /usr/sbin/vgwrapper, /sbin/vgreduce, /usr/sbin/lvreduce, /sbin/lvrename, /sbin/multipathd, /usr/sbin/vgcreate, /usr/sbin/vgmerge, /usr/sbin/multipath\.static, /sbin/vgexport, /usr/sbin/lvchange, /sbin/l
vs, /usr/sbin/lvmsar, /usr/sbin/e2fsadm, /usr/sbin/vgchange, /sbin/kpartx, /usr/sbin/vgsplit, /lib/lvm-10/.*, /sbin/lvscan, /sbin/lvcreate, /sbin/vgdisplay, /usr/sbin/vgdisplay, /usr/sbin/dmeventd, /sbin/lvremove, /usr/sbin/pvremove
++/lib/lvm-10/.*, /lib/lvm-200/.*, /usr/lib/lvm-10/.*, /usr/lib/lvm-200/.*, /sbin/lvm, /sbin/lvs, /sbin/pvs, /sbin/vgs, /sbin/vgck, /sbin/dmraid, /sbin/kpartx, /sbin/lvmsar, /sbin/lvscan, /sbin/pvdata, /sbin/pvmove, /sbin/pvscan, /sbin/vgscan, /sbin/dmsetup, /sbin/e2fsadm, /sbin/lvmetad, /sbin/lvmsadc, /sbin/vgmerge, /sbin/vgsplit, /usr/sbin/lvm, /usr/sbin/lvs, /usr/sbin/pvs, /usr/sbin/vgs, /sbin/lvchange, /sbin/lvcreate, /sbin/lvextend, /sbin/lvreduce, /sbin/lvremove, /sbin/lvrename, /sbin/lvresize, /sbin/pvchange, /sbin/pvcreate, /sbin/pvremove, /sbin/vgchange, /sbin/vgcreate, /sbin/vgexport, /sbin/vgextend, /sbin/vgimport, /sbin/vgreduce, /sbin/vgremove, /sbin/vgrename, /usr/sbin/vgck, /sbin/lvdisplay, /sbin/lvmchange, /sbin/pvdisplay, /sbin/vgdisplay, /sbin/vgmknodes, /sbin/vgwrapper, /sbin/cryptsetup, /sbin/lvm\.static, /sbin/multipathd, /usr/sbin/dmraid, /usr/sbin/kpartx, /usr/sbin/lvmsar, /usr/sbin/lvscan, /usr/sbin/pvdata, /usr/sbin/pvmove, /usr/sbin/pvscan, /usr/sbin
/vgscan, /sbin/mount\.crypt, /sbin/lvmdiskscan, /sbin/vgcfgbackup, /usr/sbin/dmsetup, /usr/sbin/e2fsadm, /usr/sbin/lvmetad, /usr/sbin/lvmsadc, /usr/sbin/vgmerge, /usr/sbin/vgsplit, /sbin/vgcfgrestore, /usr/sbin/dmeventd, /usr/sbin/lvchange, /usr/sbin/lvcreate, /usr/sbin/lvextend, /usr/sbin/lvreduce, /usr/sbin/lvremove, /usr/sbin/lvrename, /usr/sbin/lvresize, /usr/sbin/pvchange, /usr/sbin/pvcreate, /usr/sbin/pvremove, /usr/sbin/vgchange, /usr/sbin/vgcreate, /usr/sbin/vgexport, /usr/sbin/vgextend, /usr/sbin/vgimport, /usr/sbin/vgreduce, /usr/sbin/vgremove, /usr/sbin/vgrename, /sbin/lvmiopversion, /sbin/vgscan\.static, /usr/sbin/lvdisplay, /usr/sbin/lvmchange, /usr/sbin/pvdisplay, /usr/sbin/vgdisplay, /usr/sbin/vgmknodes, /usr/sbin/vgwrapper, /sbin/dmsetup\.static, /usr/sbin/cryptsetup, /usr/sbin/lvm\.static, /usr/sbin/multipathd, /sbin/vgchange\.static, /usr/sbin/lvmdiskscan, /usr/sbin/mount\.crypt, /usr/sbin/vgcfgbackup, /sbin/multipath\.static, /usr/sbin/vgcfgrestore, /usr/s
bin/lvmiopversion, /usr/sbin/vgscan\.static, /usr/sbin/dmsetup\.static, /usr/sbin/vgchange\.static, /usr/sbin/multipath\.static, /lib/udev/udisks-lvm-pv-export, /usr/lib/udev/udisks-lvm-pv-export, /usr/lib/systemd/systemd-cryptsetup
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -46501,10 +46653,6 @@ index 0000000..ff7e62b
+
+- Set files with the lvm_exec_t type, if you want to transition an executable to the lvm_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/dmsetup, /usr/sbin/dmsetup, /usr/sbin/pvchange, /sbin/dmraid, /sbin/pvremove, /sbin/vgextend, /sbin/vgscan\.static, /sbin/vgrename, /usr/sbin/vgck, /sbin/lvdisplay, /usr/lib/lvm-10/.*, /sbin/lvmdiskscan, /sbin/lvresize, /sbin/vgmknodes, /usr/sbin/lvdisplay, /usr/sbin/mount\.crypt, /usr/sbin/pvs, /usr/lib/systemd/systemd-cryptsetup, /sbin/pvmove, /sbin/multipath\.static, /usr/sbin/pvcreate, /usr/sbin/lvmdiskscan, /usr/sbin/vgcfgbackup, /usr/sbin/lvmiopversion, /usr/sbin/vgimport, /sbin/vgck, /sbin/pvscan, /usr/sbin/lvmchange, /sbin/lvreduce, /sbin/vgremove, /sbin/vgscan, /sbin/vgsplit, /lib/lvm-200/.*, /usr/sbin/lvremove, /sbin/vgmerge, /usr/sbin/vgchange\.static, /sbin/pvcreate, /usr/sbin/lvm, /usr/sbin/lvrename, /usr/sbin/lvmsadc, /usr/lib/lvm-200/.*, /usr/sbin/pvdata, /usr/sbin/lvmetad, /sbin/vgchange, /sbin/lvm\.static, /sbin/vgcfgbackup, /sbin/e2fsadm, /sbin/lvm, /sbin/pvdata, /usr/sbin/lvcreate, /usr/sbin/vgextend, /sbin/lvextend, /usr/lib/udev/udisks-lvm-pv-expo
rt, /sbin/vgcfgrestore, /usr/sbin/vgscan, /sbin/vgs, /sbin/lvmchange, /sbin/vgimport, /usr/sbin/lvscan, /usr/sbin/pvscan, /usr/sbin/vgreduce, /usr/sbin/dmsetup\.static, /usr/sbin/vgexport, /usr/sbin/lvextend, /usr/sbin/cryptsetup, /usr/sbin/dmraid, /usr/sbin/lvresize, /sbin/dmsetup\.static, /sbin/lvmsar, /usr/sbin/vgs, /usr/sbin/vgrename, /usr/sbin/lvs, /sbin/vgchange\.static, /usr/sbin/pvmove, /sbin/lvmsadc, /usr/sbin/vgmknodes, /sbin/lvmetad, /sbin/lvmiopversion, /usr/sbin/pvdisplay, /usr/sbin/vgremove, /usr/sbin/vgscan\.static, /sbin/pvdisplay, /usr/sbin/vgcfgrestore, /usr/sbin/kpartx, /sbin/cryptsetup, /lib/udev/udisks-lvm-pv-export, /sbin/vgwrapper, /sbin/pvs, /sbin/lvchange, /sbin/pvchange, /usr/sbin/lvm\.static, /usr/sbin/multipathd, /sbin/mount\.crypt, /sbin/vgcreate, /usr/sbin/vgwrapper, /sbin/vgreduce, /usr/sbin/lvreduce, /sbin/lvrename, /sbin/multipathd, /usr/sbin/vgcreate, /usr/sbin/vgmerge, /usr/sbin/multipath\.static, /sbin/vgexport, /usr/sbin/lvchange, /sbin/l
vs, /usr/sbin/lvmsar, /usr/sbin/e2fsadm, /usr/sbin/vgchange, /sbin/kpartx, /usr/sbin/vgsplit, /lib/lvm-10/.*, /sbin/lvscan, /sbin/lvcreate, /sbin/vgdisplay, /usr/sbin/vgdisplay, /usr/sbin/dmeventd, /sbin/lvremove, /usr/sbin/pvremove
+
+.EX
+.PP
@@ -46513,10 +46661,6 @@ index 0000000..ff7e62b
+
+- Set files with the lvm_lock_t type, if you want to treat the files as lvm lock data, stored under the /var/lock directory
+
-+.br
-+.TP 5
-+Paths:
-+/var/lock/lvm(/.*)?, /etc/lvm/lock(/.*)?
+
+.EX
+.PP
@@ -46525,10 +46669,6 @@ index 0000000..ff7e62b
+
+- Set files with the lvm_metadata_t type, if you want to treat the files as lvm metadata data.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/lvm/\.cache, /etc/lvm/backup(/.*)?, /var/cache/multipathd(/.*)?, /etc/lvmtab\.d(/.*)?, /etc/lvmtab(/.*)?, /etc/lvm/archive(/.*)?, /etc/lvm/cache(/.*)?
+
+.EX
+.PP
@@ -46553,10 +46693,6 @@ index 0000000..ff7e62b
+
+- Set files with the lvm_var_run_t type, if you want to store the lvm files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/lvm(/.*)?, /var/run/multipathd\.sock, /var/run/dmevent.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -46684,17 +46820,19 @@ index 0000000..ff7e62b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), lvm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), lvm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/lwiod_selinux.8 b/man/man8/lwiod_selinux.8
new file mode 100644
-index 0000000..4ada3d8
+index 0000000..723d428
--- /dev/null
+++ b/man/man8/lwiod_selinux.8
-@@ -0,0 +1,128 @@
-+.TH "lwiod_selinux" "8" "lwiod" "dwalsh at redhat.com" "lwiod SELinux Policy documentation"
+@@ -0,0 +1,130 @@
++.TH "lwiod_selinux" "8" "12-10-19" "lwiod" "SELinux Policy documentation for lwiod"
+.SH "NAME"
+lwiod_selinux \- Security Enhanced Linux Policy for the lwiod processes
+.SH "DESCRIPTION"
@@ -46818,17 +46956,19 @@ index 0000000..4ada3d8
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), lwiod(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), lwiod(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/lwregd_selinux.8 b/man/man8/lwregd_selinux.8
new file mode 100644
-index 0000000..a626588
+index 0000000..00d4e0d
--- /dev/null
+++ b/man/man8/lwregd_selinux.8
-@@ -0,0 +1,130 @@
-+.TH "lwregd_selinux" "8" "lwregd" "dwalsh at redhat.com" "lwregd SELinux Policy documentation"
+@@ -0,0 +1,128 @@
++.TH "lwregd_selinux" "8" "12-10-19" "lwregd" "SELinux Policy documentation for lwregd"
+.SH "NAME"
+lwregd_selinux \- Security Enhanced Linux Policy for the lwregd processes
+.SH "DESCRIPTION"
@@ -46891,10 +47031,6 @@ index 0000000..a626588
+
+- Set files with the lwregd_var_lib_t type, if you want to store the lwregd files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/likewise-open/db/registry\.db, /var/lib/likewise-open/regsd\.err
+
+.EX
+.PP
@@ -46954,17 +47090,19 @@ index 0000000..a626588
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), lwregd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), lwregd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/lwsmd_selinux.8 b/man/man8/lwsmd_selinux.8
new file mode 100644
-index 0000000..3d0bdcc
+index 0000000..c631309
--- /dev/null
+++ b/man/man8/lwsmd_selinux.8
-@@ -0,0 +1,120 @@
-+.TH "lwsmd_selinux" "8" "lwsmd" "dwalsh at redhat.com" "lwsmd SELinux Policy documentation"
+@@ -0,0 +1,122 @@
++.TH "lwsmd_selinux" "8" "12-10-19" "lwsmd" "SELinux Policy documentation for lwsmd"
+.SH "NAME"
+lwsmd_selinux \- Security Enhanced Linux Policy for the lwsmd processes
+.SH "DESCRIPTION"
@@ -47080,17 +47218,19 @@ index 0000000..3d0bdcc
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), lwsmd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), lwsmd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/mail_munin_plugin_selinux.8 b/man/man8/mail_munin_plugin_selinux.8
new file mode 100644
-index 0000000..17f70b0
+index 0000000..ee66900
--- /dev/null
+++ b/man/man8/mail_munin_plugin_selinux.8
-@@ -0,0 +1,117 @@
-+.TH "mail_munin_plugin_selinux" "8" "mail_munin_plugin" "dwalsh at redhat.com" "mail_munin_plugin SELinux Policy documentation"
+@@ -0,0 +1,115 @@
++.TH "mail_munin_plugin_selinux" "8" "12-10-19" "mail_munin_plugin" "SELinux Policy documentation for mail_munin_plugin"
+.SH "NAME"
+mail_munin_plugin_selinux \- Security Enhanced Linux Policy for the mail_munin_plugin processes
+.SH "DESCRIPTION"
@@ -47108,7 +47248,7 @@ index 0000000..17f70b0
+
+The mail_munin_plugin_t SELinux type can be entered via the "mail_munin_plugin_exec_t" file type. The default entrypoint paths for the mail_munin_plugin_t domain are the following:"
+
-+/usr/share/munin/plugins/postfix_mail.*, /usr/share/munin/plugins/mailscanner, /usr/share/munin/plugins/courier_mta_.*, /usr/share/munin/plugins/mailman, /usr/share/munin/plugins/exim_mail.*, /usr/share/munin/plugins/qmail.*, /usr/share/munin/plugins/sendmail_.*
++/usr/share/munin/plugins/qmail.*, /usr/share/munin/plugins/exim_mail.*, /usr/share/munin/plugins/sendmail_.*, /usr/share/munin/plugins/courier_mta_.*, /usr/share/munin/plugins/postfix_mail.*, /usr/share/munin/plugins/mailman, /usr/share/munin/plugins/mailscanner
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -47145,10 +47285,6 @@ index 0000000..17f70b0
+
+- Set files with the mail_munin_plugin_exec_t type, if you want to transition an executable to the mail_munin_plugin_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/munin/plugins/postfix_mail.*, /usr/share/munin/plugins/mailscanner, /usr/share/munin/plugins/courier_mta_.*, /usr/share/munin/plugins/mailman, /usr/share/munin/plugins/exim_mail.*, /usr/share/munin/plugins/qmail.*, /usr/share/munin/plugins/sendmail_.*
+
+.EX
+.PP
@@ -47202,19 +47338,21 @@ index 0000000..17f70b0
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mail_munin_plugin(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mail_munin_plugin(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, mailman_cgi_selinux(8), mailman_mail_selinux(8), mailman_queue_selinux(8)
\ No newline at end of file
diff --git a/man/man8/mailman_cgi_selinux.8 b/man/man8/mailman_cgi_selinux.8
new file mode 100644
-index 0000000..91bfefc
+index 0000000..25d1ae1
--- /dev/null
+++ b/man/man8/mailman_cgi_selinux.8
-@@ -0,0 +1,143 @@
-+.TH "mailman_cgi_selinux" "8" "mailman_cgi" "dwalsh at redhat.com" "mailman_cgi SELinux Policy documentation"
+@@ -0,0 +1,145 @@
++.TH "mailman_cgi_selinux" "8" "12-10-19" "mailman_cgi" "SELinux Policy documentation for mailman_cgi"
+.SH "NAME"
+mailman_cgi_selinux \- Security Enhanced Linux Policy for the mailman_cgi processes
+.SH "DESCRIPTION"
@@ -47352,19 +47490,21 @@ index 0000000..91bfefc
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mailman_cgi(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mailman_cgi(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, mailman_mail_selinux(8), mailman_queue_selinux(8)
\ No newline at end of file
diff --git a/man/man8/mailman_mail_selinux.8 b/man/man8/mailman_mail_selinux.8
new file mode 100644
-index 0000000..2b83674
+index 0000000..1d6bc0b
--- /dev/null
+++ b/man/man8/mailman_mail_selinux.8
-@@ -0,0 +1,157 @@
-+.TH "mailman_mail_selinux" "8" "mailman_mail" "dwalsh at redhat.com" "mailman_mail SELinux Policy documentation"
+@@ -0,0 +1,155 @@
++.TH "mailman_mail_selinux" "8" "12-10-19" "mailman_mail" "SELinux Policy documentation for mailman_mail"
+.SH "NAME"
+mailman_mail_selinux \- Security Enhanced Linux Policy for the mailman_mail processes
+.SH "DESCRIPTION"
@@ -47382,7 +47522,7 @@ index 0000000..2b83674
+
+The mailman_mail_t SELinux type can be entered via the "mailman_mail_exec_t" file type. The default entrypoint paths for the mailman_mail_t domain are the following:"
+
-+/usr/lib/mailman.*/mail/mailman, /usr/lib/mailman.*/bin/mm-handler.*, /usr/share/doc/mailman.*/mm-handler.*, /usr/lib/mailman.*/bin/mailmanctl, /usr/lib/mailman.*/scripts/mailman
++/usr/lib/mailman.*/mail/mailman, /usr/lib/mailman.*/bin/mailmanctl, /usr/lib/mailman.*/scripts/mailman, /usr/lib/mailman.*/bin/mm-handler.*, /usr/share/doc/mailman.*/mm-handler.*
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -47419,10 +47559,6 @@ index 0000000..2b83674
+
+- Set files with the mailman_mail_exec_t type, if you want to transition an executable to the mailman_mail_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/mailman.*/mail/mailman, /usr/lib/mailman.*/bin/mm-handler.*, /usr/share/doc/mailman.*/mm-handler.*, /usr/lib/mailman.*/bin/mailmanctl, /usr/lib/mailman.*/scripts/mailman
+
+.EX
+.PP
@@ -47516,19 +47652,21 @@ index 0000000..2b83674
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mailman_mail(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mailman_mail(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, mailman_cgi_selinux(8), mailman_queue_selinux(8)
\ No newline at end of file
diff --git a/man/man8/mailman_queue_selinux.8 b/man/man8/mailman_queue_selinux.8
new file mode 100644
-index 0000000..1640bf2
+index 0000000..6daeb08
--- /dev/null
+++ b/man/man8/mailman_queue_selinux.8
-@@ -0,0 +1,173 @@
-+.TH "mailman_queue_selinux" "8" "mailman_queue" "dwalsh at redhat.com" "mailman_queue SELinux Policy documentation"
+@@ -0,0 +1,171 @@
++.TH "mailman_queue_selinux" "8" "12-10-19" "mailman_queue" "SELinux Policy documentation for mailman_queue"
+.SH "NAME"
+mailman_queue_selinux \- Security Enhanced Linux Policy for the mailman_queue processes
+.SH "DESCRIPTION"
@@ -47583,10 +47721,6 @@ index 0000000..1640bf2
+
+- Set files with the mailman_queue_exec_t type, if you want to transition an executable to the mailman_queue_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/mailman.*/cron/.*, /usr/lib/mailman.*/bin/qrunner
+
+.EX
+.PP
@@ -47696,19 +47830,131 @@ index 0000000..1640bf2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mailman_queue(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mailman_queue(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, mailman_cgi_selinux(8), mailman_mail_selinux(8)
\ No newline at end of file
+diff --git a/man/man8/mandb_selinux.8 b/man/man8/mandb_selinux.8
+new file mode 100644
+index 0000000..ea1d158
+--- /dev/null
++++ b/man/man8/mandb_selinux.8
+@@ -0,0 +1,104 @@
++.TH "mandb_selinux" "8" "12-10-19" "mandb" "SELinux Policy documentation for mandb"
++.SH "NAME"
++mandb_selinux \- Security Enhanced Linux Policy for the mandb processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the mandb processes via flexible mandatory access control.
++
++The mandb processes execute with the mandb_t SELinux type. You can check if you have these processes running by executing the \fBps\fP command with the \fB\-Z\fP qualifier.
++
++For example:
++
++.B ps -eZ | grep mandb_t
++
++
++.SH "ENTRYPOINTS"
++
++The mandb_t SELinux type can be entered via the "mandb_exec_t" file type. The default entrypoint paths for the mandb_t domain are the following:"
++
++/usr/bin/mandb
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux mandb policy is very flexible allowing users to setup their mandb processes in as secure a method as possible.
++.PP
++The following process types are defined for mandb:
++
++.EX
++.B mandb_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux mandb policy is very flexible allowing users to setup their mandb processes in as secure a method as possible.
++.PP
++The following file types are defined for mandb:
++
++
++.EX
++.PP
++.B mandb_cache_t
++.EE
++
++- Set files with the mandb_cache_t type, if you want to store the files under the /var/cache directory.
++
++
++.EX
++.PP
++.B mandb_exec_t
++.EE
++
++- Set files with the mandb_exec_t type, if you want to transition an executable to the mandb_t domain.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH "MANAGED FILES"
++
++The SELinux process type mandb_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B mandb_cache_t
++
++ /var/cache/man(/.*)?
++.br
++
++.SH NSSWITCH DOMAIN
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
++
++.SH "SEE ALSO"
++selinux(8), mandb(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/mcelog_selinux.8 b/man/man8/mcelog_selinux.8
new file mode 100644
-index 0000000..eac4c72
+index 0000000..4a8e9c2
--- /dev/null
+++ b/man/man8/mcelog_selinux.8
-@@ -0,0 +1,122 @@
-+.TH "mcelog_selinux" "8" "mcelog" "dwalsh at redhat.com" "mcelog SELinux Policy documentation"
+@@ -0,0 +1,124 @@
++.TH "mcelog_selinux" "8" "12-10-19" "mcelog" "SELinux Policy documentation for mcelog"
+.SH "NAME"
+mcelog_selinux \- Security Enhanced Linux Policy for the mcelog processes
+.SH "DESCRIPTION"
@@ -47826,17 +48072,19 @@ index 0000000..eac4c72
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mcelog(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mcelog(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/mdadm_selinux.8 b/man/man8/mdadm_selinux.8
new file mode 100644
-index 0000000..5a26cad
+index 0000000..801d879
--- /dev/null
+++ b/man/man8/mdadm_selinux.8
-@@ -0,0 +1,134 @@
-+.TH "mdadm_selinux" "8" "mdadm" "dwalsh at redhat.com" "mdadm SELinux Policy documentation"
+@@ -0,0 +1,128 @@
++.TH "mdadm_selinux" "8" "12-10-19" "mdadm" "SELinux Policy documentation for mdadm"
+.SH "NAME"
+mdadm_selinux \- Security Enhanced Linux Policy for the mdadm processes
+.SH "DESCRIPTION"
@@ -47854,7 +48102,7 @@ index 0000000..5a26cad
+
+The mdadm_t SELinux type can be entered via the "mdadm_exec_t" file type. The default entrypoint paths for the mdadm_t domain are the following:"
+
-+/usr/sbin/raid-check, /sbin/mdmpd, /usr/sbin/iprinit, /usr/sbin/mdadm, /usr/sbin/iprupdate, /sbin/mdadm, /usr/sbin/mdmpd, /usr/sbin/iprdump
++/sbin/mdadm, /sbin/mdmpd, /usr/sbin/mdadm, /usr/sbin/mdmpd, /usr/sbin/iprdump, /usr/sbin/iprinit, /usr/sbin/iprupdate, /usr/sbin/raid-check
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -47891,10 +48139,6 @@ index 0000000..5a26cad
+
+- Set files with the mdadm_exec_t type, if you want to transition an executable to the mdadm_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/raid-check, /sbin/mdmpd, /usr/sbin/iprinit, /usr/sbin/mdadm, /usr/sbin/iprupdate, /sbin/mdadm, /usr/sbin/mdmpd, /usr/sbin/iprdump
+
+.EX
+.PP
@@ -47903,10 +48147,6 @@ index 0000000..5a26cad
+
+- Set files with the mdadm_var_run_t type, if you want to store the mdadm files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/mdadm(/.*)?, /dev/md/.*, /dev/.mdadm\.map
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -47966,17 +48206,19 @@ index 0000000..5a26cad
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mdadm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mdadm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/memcached_selinux.8 b/man/man8/memcached_selinux.8
new file mode 100644
-index 0000000..59f6f76
+index 0000000..5e860f7
--- /dev/null
+++ b/man/man8/memcached_selinux.8
-@@ -0,0 +1,173 @@
-+.TH "memcached_selinux" "8" "memcached" "dwalsh at redhat.com" "memcached SELinux Policy documentation"
+@@ -0,0 +1,178 @@
++.TH "memcached_selinux" "8" "12-10-19" "memcached" "SELinux Policy documentation for memcached"
+.SH "NAME"
+memcached_selinux \- Security Enhanced Linux Policy for the memcached processes
+.SH "DESCRIPTION"
@@ -48024,6 +48266,13 @@ index 0000000..59f6f76
+.B setsebool -P httpd_can_network_memcache 1
+.EE
+
++.PP
++If you want to allow httpd to connect to memcache server, you must turn on the httpd_can_network_memcache boolean.
++
++.EX
++.B setsebool -P httpd_can_network_memcache 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -48058,10 +48307,6 @@ index 0000000..59f6f76
+
+- Set files with the memcached_var_run_t type, if you want to store the memcached files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/ipa_memcached(/.*)?, /var/run/memcached(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -48144,19 +48389,21 @@ index 0000000..59f6f76
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), memcached(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), memcached(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/mencoder_selinux.8 b/man/man8/mencoder_selinux.8
new file mode 100644
-index 0000000..ae09edd
+index 0000000..4139292
--- /dev/null
+++ b/man/man8/mencoder_selinux.8
-@@ -0,0 +1,98 @@
-+.TH "mencoder_selinux" "8" "mencoder" "dwalsh at redhat.com" "mencoder SELinux Policy documentation"
+@@ -0,0 +1,100 @@
++.TH "mencoder_selinux" "8" "12-10-19" "mencoder" "SELinux Policy documentation for mencoder"
+.SH "NAME"
+mencoder_selinux \- Security Enhanced Linux Policy for the mencoder processes
+.SH "DESCRIPTION"
@@ -48250,17 +48497,19 @@ index 0000000..ae09edd
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mencoder(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mencoder(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/mock_build_selinux.8 b/man/man8/mock_build_selinux.8
new file mode 100644
-index 0000000..39884f3
+index 0000000..1ea082b
--- /dev/null
+++ b/man/man8/mock_build_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "mock_build_selinux" "8" "mock_build" "dwalsh at redhat.com" "mock_build SELinux Policy documentation"
+@@ -0,0 +1,129 @@
++.TH "mock_build_selinux" "8" "12-10-19" "mock_build" "SELinux Policy documentation for mock_build"
+.SH "NAME"
+mock_build_selinux \- Security Enhanced Linux Policy for the mock_build processes
+.SH "DESCRIPTION"
@@ -48382,19 +48631,21 @@ index 0000000..39884f3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mock_build(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mock_build(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, mock_selinux(8), mock_selinux(8)
\ No newline at end of file
diff --git a/man/man8/mock_selinux.8 b/man/man8/mock_selinux.8
new file mode 100644
-index 0000000..8578fa1
+index 0000000..4eca5ec
--- /dev/null
+++ b/man/man8/mock_selinux.8
-@@ -0,0 +1,181 @@
-+.TH "mock_selinux" "8" "mock" "dwalsh at redhat.com" "mock SELinux Policy documentation"
+@@ -0,0 +1,190 @@
++.TH "mock_selinux" "8" "12-10-19" "mock" "SELinux Policy documentation for mock"
+.SH "NAME"
+mock_selinux \- Security Enhanced Linux Policy for the mock processes
+.SH "DESCRIPTION"
@@ -48442,6 +48693,13 @@ index 0000000..8578fa1
+.B setsebool -P mock_enable_homedirs 1
+.EE
+
++.PP
++If you want to allow mock to read files in home directories, you must turn on the mock_enable_homedirs boolean.
++
++.EX
++.B setsebool -P mock_enable_homedirs 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -48570,19 +48828,21 @@ index 0000000..8578fa1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mock(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mock(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), mock_build_selinux(8)
\ No newline at end of file
diff --git a/man/man8/modemmanager_selinux.8 b/man/man8/modemmanager_selinux.8
new file mode 100644
-index 0000000..2b380b7
+index 0000000..0661efe
--- /dev/null
+++ b/man/man8/modemmanager_selinux.8
-@@ -0,0 +1,88 @@
-+.TH "modemmanager_selinux" "8" "modemmanager" "dwalsh at redhat.com" "modemmanager SELinux Policy documentation"
+@@ -0,0 +1,86 @@
++.TH "modemmanager_selinux" "8" "12-10-19" "modemmanager" "SELinux Policy documentation for modemmanager"
+.SH "NAME"
+modemmanager_selinux \- Security Enhanced Linux Policy for the modemmanager processes
+.SH "DESCRIPTION"
@@ -48645,10 +48905,6 @@ index 0000000..2b380b7
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type modemmanager_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -48666,17 +48922,19 @@ index 0000000..2b380b7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), modemmanager(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), modemmanager(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/mongod_selinux.8 b/man/man8/mongod_selinux.8
new file mode 100644
-index 0000000..80552d2
+index 0000000..e098099
--- /dev/null
+++ b/man/man8/mongod_selinux.8
-@@ -0,0 +1,196 @@
-+.TH "mongod_selinux" "8" "mongod" "dwalsh at redhat.com" "mongod SELinux Policy documentation"
+@@ -0,0 +1,186 @@
++.TH "mongod_selinux" "8" "12-10-19" "mongod" "SELinux Policy documentation for mongod"
+.SH "NAME"
+mongod_selinux \- Security Enhanced Linux Policy for the mongod processes
+.SH "DESCRIPTION"
@@ -48731,10 +48989,6 @@ index 0000000..80552d2
+
+- Set files with the mongod_exec_t type, if you want to transition an executable to the mongod_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/mongod, /usr/share/aeolus-conductor/dbomatic/dbomatic
+
+.EX
+.PP
@@ -48751,10 +49005,6 @@ index 0000000..80552d2
+
+- Set files with the mongod_log_t type, if you want to treat the data as mongod log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/mongo/mongod\.log.*, /var/log/aeolus-conductor/dbomatic\.log.*, /var/log/mongodb(/.*)?, /var/log/mongo(/.*)?
+
+.EX
+.PP
@@ -48779,10 +49029,6 @@ index 0000000..80552d2
+
+- Set files with the mongod_var_run_t type, if you want to store the mongod files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/aeolus/dbomatic\.pid, /var/run/mongodb(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -48868,17 +49114,19 @@ index 0000000..80552d2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mongod(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mongod(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/mount_ecryptfs_selinux.8 b/man/man8/mount_ecryptfs_selinux.8
new file mode 100644
-index 0000000..a23a28f
+index 0000000..738b214
--- /dev/null
+++ b/man/man8/mount_ecryptfs_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "mount_ecryptfs_selinux" "8" "mount_ecryptfs" "dwalsh at redhat.com" "mount_ecryptfs SELinux Policy documentation"
+@@ -0,0 +1,125 @@
++.TH "mount_ecryptfs_selinux" "8" "12-10-19" "mount_ecryptfs" "SELinux Policy documentation for mount_ecryptfs"
+.SH "NAME"
+mount_ecryptfs_selinux \- Security Enhanced Linux Policy for the mount_ecryptfs processes
+.SH "DESCRIPTION"
@@ -48896,7 +49144,7 @@ index 0000000..a23a28f
+
+The mount_ecryptfs_t SELinux type can be entered via the "mount_ecryptfs_exec_t" file type. The default entrypoint paths for the mount_ecryptfs_t domain are the following:"
+
-+/usr/sbin/mount\.ecryptfs_private, /usr/sbin/mount\.ecryptfs, /usr/sbin/umount\.ecryptfs, /usr/sbin/umount\.ecryptfs_private
++/usr/sbin/mount\.ecryptfs, /usr/sbin/umount\.ecryptfs, /usr/sbin/mount\.ecryptfs_private, /usr/sbin/umount\.ecryptfs_private
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -48933,10 +49181,6 @@ index 0000000..a23a28f
+
+- Set files with the mount_ecryptfs_exec_t type, if you want to transition an executable to the mount_ecryptfs_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/mount\.ecryptfs_private, /usr/sbin/mount\.ecryptfs, /usr/sbin/umount\.ecryptfs, /usr/sbin/umount\.ecryptfs_private
+
+.EX
+.PP
@@ -49000,19 +49244,21 @@ index 0000000..a23a28f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mount_ecryptfs(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mount_ecryptfs(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, mount_selinux(8), mount_selinux(8)
\ No newline at end of file
diff --git a/man/man8/mount_selinux.8 b/man/man8/mount_selinux.8
new file mode 100644
-index 0000000..ba6d166
+index 0000000..0165b6b
--- /dev/null
+++ b/man/man8/mount_selinux.8
-@@ -0,0 +1,238 @@
-+.TH "mount_selinux" "8" "mount" "dwalsh at redhat.com" "mount SELinux Policy documentation"
+@@ -0,0 +1,242 @@
++.TH "mount_selinux" "8" "12-10-19" "mount" "SELinux Policy documentation for mount"
+.SH "NAME"
+mount_selinux \- Security Enhanced Linux Policy for the mount processes
+.SH "DESCRIPTION"
@@ -49028,9 +49274,9 @@ index 0000000..ba6d166
+
+.SH "ENTRYPOINTS"
+
-+The mount_t SELinux type can be entered via the "mount_exec_t,fusermount_exec_t" file types. The default entrypoint paths for the mount_t domain are the following:"
++The mount_t SELinux type can be entered via the "fusermount_exec_t,mount_exec_t" file types. The default entrypoint paths for the mount_t domain are the following:"
+
-+/sbin/mount.*, /usr/bin/umount.*, /usr/sbin/umount.*, /bin/umount.*, /sbin/umount.*, /usr/bin/mount.*, /bin/mount.*, /usr/sbin/mount.*, /usr/bin/fusermount, /bin/fusermount
++/bin/fusermount, /usr/bin/fusermount, /bin/mount.*, /bin/umount.*, /sbin/mount.*, /sbin/umount.*, /usr/bin/mount.*, /usr/bin/umount.*, /usr/sbin/mount.*, /usr/sbin/umount.*
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -49054,6 +49300,13 @@ index 0000000..ba6d166
+
+
+.PP
++If you want to allow xguest users to mount removable media, you must turn on the xguest_mount_media boolean.
++
++.EX
++.B setsebool -P xguest_mount_media 1
++.EE
++
++.PP
+If you want to allow the mount command to mount any directory or file, you must turn on the mount_anyfile boolean.
+
+.EX
@@ -49067,6 +49320,13 @@ index 0000000..ba6d166
+.B setsebool -P xguest_mount_media 1
+.EE
+
++.PP
++If you want to allow the mount command to mount any directory or file, you must turn on the mount_anyfile boolean.
++
++.EX
++.B setsebool -P mount_anyfile 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -49085,10 +49345,6 @@ index 0000000..ba6d166
+
+- Set files with the mount_ecryptfs_exec_t type, if you want to transition an executable to the mount_ecryptfs_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/mount\.ecryptfs_private, /usr/sbin/mount\.ecryptfs, /usr/sbin/umount\.ecryptfs, /usr/sbin/umount\.ecryptfs_private
+
+.EX
+.PP
@@ -49105,10 +49361,6 @@ index 0000000..ba6d166
+
+- Set files with the mount_exec_t type, if you want to transition an executable to the mount_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/mount.*, /usr/bin/umount.*, /usr/sbin/umount.*, /bin/umount.*, /sbin/umount.*, /usr/bin/mount.*, /bin/mount.*, /usr/sbin/mount.*
+
+.EX
+.PP
@@ -49133,10 +49385,6 @@ index 0000000..ba6d166
+
+- Set files with the mount_var_run_t type, if you want to store the mount files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/run/mount(/.*)?, /dev/\.mount(/.*)?, /var/run/mount(/.*)?, /var/run/davfs2(/.*)?, /var/cache/davfs2(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -49182,10 +49430,10 @@ index 0000000..ba6d166
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -49245,19 +49493,21 @@ index 0000000..ba6d166
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mount(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mount(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), mount_ecryptfs_selinux(8)
\ No newline at end of file
diff --git a/man/man8/mozilla_plugin_config_selinux.8 b/man/man8/mozilla_plugin_config_selinux.8
new file mode 100644
-index 0000000..079fa2d
+index 0000000..7eeda9a
--- /dev/null
+++ b/man/man8/mozilla_plugin_config_selinux.8
-@@ -0,0 +1,231 @@
-+.TH "mozilla_plugin_config_selinux" "8" "mozilla_plugin_config" "dwalsh at redhat.com" "mozilla_plugin_config SELinux Policy documentation"
+@@ -0,0 +1,233 @@
++.TH "mozilla_plugin_config_selinux" "8" "12-10-19" "mozilla_plugin_config" "SELinux Policy documentation for mozilla_plugin_config"
+.SH "NAME"
+mozilla_plugin_config_selinux \- Security Enhanced Linux Policy for the mozilla_plugin_config processes
+.SH "DESCRIPTION"
@@ -49483,19 +49733,21 @@ index 0000000..079fa2d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mozilla_plugin_config(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mozilla_plugin_config(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, mozilla_selinux(8), mozilla_selinux(8), mozilla_plugin_selinux(8), mozilla_plugin_selinux(8)
\ No newline at end of file
diff --git a/man/man8/mozilla_plugin_selinux.8 b/man/man8/mozilla_plugin_selinux.8
new file mode 100644
-index 0000000..8d73958
+index 0000000..4d7ef86
--- /dev/null
+++ b/man/man8/mozilla_plugin_selinux.8
-@@ -0,0 +1,361 @@
-+.TH "mozilla_plugin_selinux" "8" "mozilla_plugin" "dwalsh at redhat.com" "mozilla_plugin SELinux Policy documentation"
+@@ -0,0 +1,390 @@
++.TH "mozilla_plugin_selinux" "8" "12-10-19" "mozilla_plugin" "SELinux Policy documentation for mozilla_plugin"
+.SH "NAME"
+mozilla_plugin_selinux \- Security Enhanced Linux Policy for the mozilla_plugin processes
+.SH "DESCRIPTION"
@@ -49513,7 +49765,7 @@ index 0000000..8d73958
+
+The mozilla_plugin_t SELinux type can be entered via the "mozilla_plugin_exec_t" file type. The default entrypoint paths for the mozilla_plugin_t domain are the following:"
+
-+/usr/bin/nspluginscan, /usr/lib/nspluginwrapper/npviewer.bin, /usr/lib/xulrunner[^/]*/plugin-container, /usr/bin/nspluginviewer
++/usr/lib/xulrunner[^/]*/plugin-container, /usr/lib/nspluginwrapper/npviewer.bin, /usr/bin/nspluginscan, /usr/bin/nspluginviewer
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -49537,10 +49789,10 @@ index 0000000..8d73958
+
+
+.PP
-+If you want to allow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container, you must turn on the unconfined_mozilla_plugin_transition boolean.
++If you want to allow mozilla plugin domain to connect to the network using TCP, you must turn on the mozilla_plugin_can_network_connect boolean.
+
+.EX
-+.B setsebool -P unconfined_mozilla_plugin_transition 1
++.B setsebool -P mozilla_plugin_can_network_connect 1
+.EE
+
+.PP
@@ -49551,12 +49803,33 @@ index 0000000..8d73958
+.EE
+
+.PP
++If you want to allow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container, you must turn on the unconfined_mozilla_plugin_transition boolean.
++
++.EX
++.B setsebool -P unconfined_mozilla_plugin_transition 1
++.EE
++
++.PP
+If you want to allow mozilla plugin domain to connect to the network using TCP, you must turn on the mozilla_plugin_can_network_connect boolean.
+
+.EX
+.B setsebool -P mozilla_plugin_can_network_connect 1
+.EE
+
++.PP
++If you want to allow mozilla_plugins to create random content in the users home directory, you must turn on the mozilla_plugin_enable_homedirs boolean.
++
++.EX
++.B setsebool -P mozilla_plugin_enable_homedirs 1
++.EE
++
++.PP
++If you want to allow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container, you must turn on the unconfined_mozilla_plugin_transition boolean.
++
++.EX
++.B setsebool -P unconfined_mozilla_plugin_transition 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -49583,10 +49856,6 @@ index 0000000..8d73958
+
+- Set files with the mozilla_plugin_exec_t type, if you want to transition an executable to the mozilla_plugin_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/nspluginscan, /usr/lib/nspluginwrapper/npviewer.bin, /usr/lib/xulrunner[^/]*/plugin-container, /usr/bin/nspluginviewer
+
+.EX
+.PP
@@ -49754,6 +50023,16 @@ index 0000000..8d73958
+
+
+.br
++.B mplayer_home_t
++
++ /home/[^/]*/\.mplayer(/.*)?
++.br
++ /home/dwalsh/\.mplayer(/.*)?
++.br
++ /var/lib/xguest/home/xguest/\.mplayer(/.*)?
++.br
++
++.br
+.B pulseaudio_home_t
+
+ /root/\.pulse(/.*)?
@@ -49851,19 +50130,21 @@ index 0000000..8d73958
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mozilla_plugin(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mozilla_plugin(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), mozilla_selinux(8), mozilla_selinux(8), mozilla_plugin_config_selinux(8)
\ No newline at end of file
diff --git a/man/man8/mozilla_selinux.8 b/man/man8/mozilla_selinux.8
new file mode 100644
-index 0000000..2bb7657
+index 0000000..c941a7d
--- /dev/null
+++ b/man/man8/mozilla_selinux.8
-@@ -0,0 +1,400 @@
-+.TH "mozilla_selinux" "8" "mozilla" "dwalsh at redhat.com" "mozilla SELinux Policy documentation"
+@@ -0,0 +1,422 @@
++.TH "mozilla_selinux" "8" "12-10-19" "mozilla" "SELinux Policy documentation for mozilla"
+.SH "NAME"
+mozilla_selinux \- Security Enhanced Linux Policy for the mozilla processes
+.SH "DESCRIPTION"
@@ -49881,7 +50162,7 @@ index 0000000..2bb7657
+
+The mozilla_t SELinux type can be entered via the "mozilla_exec_t" file type. The default entrypoint paths for the mozilla_t domain are the following:"
+
-+/usr/lib/[^/]*firefox[^/]*/firefox, /usr/lib/galeon/galeon, /usr/lib/netscape/.+/communicator/communicator-smotif\.real, /usr/bin/netscape, /usr/bin/mozilla-bin-[0-9].*, /usr/bin/epiphany-bin, /usr/lib/mozilla[^/]*/reg.+, /usr/lib/netscape/base-4/wrapper, /usr/bin/mozilla-snapshot, /usr/lib/[^/]*firefox[^/]*/firefox-bin, /usr/bin/mozilla-[0-9].*, /usr/lib/firefox[^/]*/mozilla-.*, /usr/lib/mozilla[^/]*/mozilla-.*, /usr/bin/mozilla, /usr/bin/epiphany
++/usr/lib/[^/]*firefox[^/]*/firefox, /usr/lib/[^/]*firefox[^/]*/firefox-bin, /usr/lib/mozilla[^/]*/reg.+, /usr/lib/mozilla[^/]*/mozilla-.*, /usr/lib/firefox[^/]*/mozilla-.*, /usr/bin/mozilla-[0-9].*, /usr/lib/netscape/.+/communicator/communicator-smotif\.real, /usr/bin/mozilla-bin-[0-9].*, /usr/bin/mozilla, /usr/bin/netscape, /usr/bin/epiphany, /usr/bin/epiphany-bin, /usr/lib/galeon/galeon, /usr/bin/mozilla-snapshot, /usr/lib/netscape/base-4/wrapper
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -49905,6 +50186,13 @@ index 0000000..2bb7657
+
+
+.PP
++If you want to allow mozilla plugin domain to connect to the network using TCP, you must turn on the mozilla_plugin_can_network_connect boolean.
++
++.EX
++.B setsebool -P mozilla_plugin_can_network_connect 1
++.EE
++
++.PP
+If you want to allow confined web browsers to read home directory content, you must turn on the mozilla_read_content boolean.
+
+.EX
@@ -49912,6 +50200,13 @@ index 0000000..2bb7657
+.EE
+
+.PP
++If you want to allow mozilla_plugins to create random content in the users home directory, you must turn on the mozilla_plugin_enable_homedirs boolean.
++
++.EX
++.B setsebool -P mozilla_plugin_enable_homedirs 1
++.EE
++
++.PP
+If you want to allow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container, you must turn on the unconfined_mozilla_plugin_transition boolean.
+
+.EX
@@ -49919,6 +50214,20 @@ index 0000000..2bb7657
+.EE
+
+.PP
++If you want to allow mozilla plugin domain to connect to the network using TCP, you must turn on the mozilla_plugin_can_network_connect boolean.
++
++.EX
++.B setsebool -P mozilla_plugin_can_network_connect 1
++.EE
++
++.PP
++If you want to allow confined web browsers to read home directory content, you must turn on the mozilla_read_content boolean.
++
++.EX
++.B setsebool -P mozilla_read_content 1
++.EE
++
++.PP
+If you want to allow mozilla_plugins to create random content in the users home directory, you must turn on the mozilla_plugin_enable_homedirs boolean.
+
+.EX
@@ -49926,10 +50235,10 @@ index 0000000..2bb7657
+.EE
+
+.PP
-+If you want to allow mozilla plugin domain to connect to the network using TCP, you must turn on the mozilla_plugin_can_network_connect boolean.
++If you want to allow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container, you must turn on the unconfined_mozilla_plugin_transition boolean.
+
+.EX
-+.B setsebool -P mozilla_plugin_can_network_connect 1
++.B setsebool -P unconfined_mozilla_plugin_transition 1
+.EE
+
+.SH FILE CONTEXTS
@@ -49958,10 +50267,6 @@ index 0000000..2bb7657
+
+- Set files with the mozilla_exec_t type, if you want to transition an executable to the mozilla_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/[^/]*firefox[^/]*/firefox, /usr/lib/galeon/galeon, /usr/lib/netscape/.+/communicator/communicator-smotif\.real, /usr/bin/netscape, /usr/bin/mozilla-bin-[0-9].*, /usr/bin/epiphany-bin, /usr/lib/mozilla[^/]*/reg.+, /usr/lib/netscape/base-4/wrapper, /usr/bin/mozilla-snapshot, /usr/lib/[^/]*firefox[^/]*/firefox-bin, /usr/bin/mozilla-[0-9].*, /usr/lib/firefox[^/]*/mozilla-.*, /usr/lib/mozilla[^/]*/mozilla-.*, /usr/bin/mozilla, /usr/bin/epiphany
+
+.EX
+.PP
@@ -49986,10 +50291,6 @@ index 0000000..2bb7657
+
+- Set files with the mozilla_plugin_exec_t type, if you want to transition an executable to the mozilla_plugin_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/nspluginscan, /usr/lib/nspluginwrapper/npviewer.bin, /usr/lib/xulrunner[^/]*/plugin-container, /usr/bin/nspluginviewer
+
+.EX
+.PP
@@ -50258,19 +50559,21 @@ index 0000000..2bb7657
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mozilla(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mozilla(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), mozilla_plugin_selinux(8), mozilla_plugin_config_selinux(8)
\ No newline at end of file
diff --git a/man/man8/mpd_selinux.8 b/man/man8/mpd_selinux.8
new file mode 100644
-index 0000000..8318e91
+index 0000000..582aed8
--- /dev/null
+++ b/man/man8/mpd_selinux.8
-@@ -0,0 +1,263 @@
-+.TH "mpd_selinux" "8" "mpd" "dwalsh at redhat.com" "mpd SELinux Policy documentation"
+@@ -0,0 +1,296 @@
++.TH "mpd_selinux" "8" "12-10-19" "mpd" "SELinux Policy documentation for mpd"
+.SH "NAME"
+mpd_selinux \- Security Enhanced Linux Policy for the mpd processes
+.SH "DESCRIPTION"
@@ -50319,6 +50622,13 @@ index 0000000..8318e91
+.EE
+
+.PP
++If you want to allow all daemons to write corefiles to /, you must turn on the daemons_dump_core boolean.
++
++.EX
++.B setsebool -P daemons_dump_core 1
++.EE
++
++.PP
+If you want to allow gssd to read temp directory. For access to kerberos tgt, you must turn on the gssd_read_tmp boolean.
+
+.EX
@@ -50340,12 +50650,40 @@ index 0000000..8318e91
+.EE
+
+.PP
++If you want to allow mplayer executable stack, you must turn on the mplayer_execstack boolean.
++
++.EX
++.B setsebool -P mplayer_execstack 1
++.EE
++
++.PP
+If you want to allow all daemons to write corefiles to /, you must turn on the daemons_dump_core boolean.
+
+.EX
+.B setsebool -P daemons_dump_core 1
+.EE
+
++.PP
++If you want to allow gssd to read temp directory. For access to kerberos tgt, you must turn on the gssd_read_tmp boolean.
++
++.EX
++.B setsebool -P gssd_read_tmp 1
++.EE
++
++.PP
++If you want to allow Apache to execute tmp content, you must turn on the httpd_tmp_exec boolean.
++
++.EX
++.B setsebool -P httpd_tmp_exec 1
++.EE
++
++.PP
++If you want to allow video playing tools to run unconfined, you must turn on the unconfined_mplayer boolean.
++
++.EX
++.B setsebool -P unconfined_mplayer 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -50364,10 +50702,6 @@ index 0000000..8318e91
+
+- Set files with the mpd_data_t type, if you want to treat the files as mpd content.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/mpd/playlists(/.*)?, /var/lib/mpd/music(/.*)?
+
+.EX
+.PP
@@ -50528,19 +50862,21 @@ index 0000000..8318e91
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mpd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mpd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), mplayer_selinux(8)
\ No newline at end of file
diff --git a/man/man8/mplayer_selinux.8 b/man/man8/mplayer_selinux.8
new file mode 100644
-index 0000000..3b66aed
+index 0000000..338bdfa
--- /dev/null
+++ b/man/man8/mplayer_selinux.8
-@@ -0,0 +1,194 @@
-+.TH "mplayer_selinux" "8" "mplayer" "dwalsh at redhat.com" "mplayer SELinux Policy documentation"
+@@ -0,0 +1,206 @@
++.TH "mplayer_selinux" "8" "12-10-19" "mplayer" "SELinux Policy documentation for mplayer"
+.SH "NAME"
+mplayer_selinux \- Security Enhanced Linux Policy for the mplayer processes
+.SH "DESCRIPTION"
@@ -50558,7 +50894,7 @@ index 0000000..3b66aed
+
+The mplayer_t SELinux type can be entered via the "mplayer_exec_t" file type. The default entrypoint paths for the mplayer_t domain are the following:"
+
-+/usr/bin/mplayer, /usr/bin/xine, /usr/bin/vlc
++/usr/bin/vlc, /usr/bin/xine, /usr/bin/mplayer
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -50595,6 +50931,20 @@ index 0000000..3b66aed
+.B setsebool -P unconfined_mplayer 1
+.EE
+
++.PP
++If you want to allow mplayer executable stack, you must turn on the mplayer_execstack boolean.
++
++.EX
++.B setsebool -P mplayer_execstack 1
++.EE
++
++.PP
++If you want to allow video playing tools to run unconfined, you must turn on the unconfined_mplayer boolean.
++
++.EX
++.B setsebool -P unconfined_mplayer 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -50621,10 +50971,6 @@ index 0000000..3b66aed
+
+- Set files with the mplayer_exec_t type, if you want to transition an executable to the mplayer_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/mplayer, /usr/bin/xine, /usr/bin/vlc
+
+.EX
+.PP
@@ -50729,19 +51075,21 @@ index 0000000..3b66aed
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mplayer(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mplayer(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/mrtg_selinux.8 b/man/man8/mrtg_selinux.8
new file mode 100644
-index 0000000..5d72e79
+index 0000000..425785f
--- /dev/null
+++ b/man/man8/mrtg_selinux.8
-@@ -0,0 +1,212 @@
-+.TH "mrtg_selinux" "8" "mrtg" "dwalsh at redhat.com" "mrtg SELinux Policy documentation"
+@@ -0,0 +1,210 @@
++.TH "mrtg_selinux" "8" "12-10-19" "mrtg" "SELinux Policy documentation for mrtg"
+.SH "NAME"
+mrtg_selinux \- Security Enhanced Linux Policy for the mrtg processes
+.SH "DESCRIPTION"
@@ -50812,10 +51160,6 @@ index 0000000..5d72e79
+
+- Set files with the mrtg_lock_t type, if you want to treat the files as mrtg lock data, stored under the /var/lock directory
+
-+.br
-+.TP 5
-+Paths:
-+/var/lock/mrtg(/.*)?, /etc/mrtg/mrtg\.ok
+
+.EX
+.PP
@@ -50949,17 +51293,19 @@ index 0000000..5d72e79
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mrtg(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mrtg(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/mscan_selinux.8 b/man/man8/mscan_selinux.8
new file mode 100644
-index 0000000..f6d5283
+index 0000000..5e9afdf
--- /dev/null
+++ b/man/man8/mscan_selinux.8
-@@ -0,0 +1,192 @@
-+.TH "mscan_selinux" "8" "mscan" "dwalsh at redhat.com" "mscan SELinux Policy documentation"
+@@ -0,0 +1,204 @@
++.TH "mscan_selinux" "8" "12-10-19" "mscan" "SELinux Policy documentation for mscan"
+.SH "NAME"
+mscan_selinux \- Security Enhanced Linux Policy for the mscan processes
+.SH "DESCRIPTION"
@@ -51001,6 +51347,13 @@ index 0000000..f6d5283
+
+
+.PP
++If you want to allow clamscan to non security files on a system, you must turn on the clamscan_can_scan_system boolean.
++
++.EX
++.B setsebool -P clamscan_can_scan_system 1
++.EE
++
++.PP
+If you want to allow clamscan to read user content, you must turn on the clamscan_read_user_content boolean.
+
+.EX
@@ -51014,6 +51367,13 @@ index 0000000..f6d5283
+.B setsebool -P clamscan_can_scan_system 1
+.EE
+
++.PP
++If you want to allow clamscan to read user content, you must turn on the clamscan_read_user_content boolean.
++
++.EX
++.B setsebool -P clamscan_read_user_content 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -51032,10 +51392,6 @@ index 0000000..f6d5283
+
+- Set files with the mscan_etc_t type, if you want to store mscan files in the /etc directories.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/sysconfig/MailScanner, /etc/MailScanner(/.*)?, /etc/sysconfig/update_spamassassin
+
+.EX
+.PP
@@ -51146,19 +51502,21 @@ index 0000000..f6d5283
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mscan(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mscan(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/munin_selinux.8 b/man/man8/munin_selinux.8
new file mode 100644
-index 0000000..f29c4de
+index 0000000..3dd443d
--- /dev/null
+++ b/man/man8/munin_selinux.8
-@@ -0,0 +1,224 @@
-+.TH "munin_selinux" "8" "munin" "dwalsh at redhat.com" "munin SELinux Policy documentation"
+@@ -0,0 +1,222 @@
++.TH "munin_selinux" "8" "12-10-19" "munin" "SELinux Policy documentation for munin"
+.SH "NAME"
+munin_selinux \- Security Enhanced Linux Policy for the munin processes
+.SH "DESCRIPTION"
@@ -51176,7 +51534,7 @@ index 0000000..f29c4de
+
+The munin_t SELinux type can be entered via the "munin_exec_t" file type. The default entrypoint paths for the munin_t domain are the following:"
+
-+/usr/sbin/munin-.*, /usr/share/munin/munin-.*, /usr/share/munin/plugins/.*, /usr/bin/munin-.*
++/usr/bin/munin-.*, /usr/sbin/munin-.*, /usr/share/munin/munin-.*, /usr/share/munin/plugins/.*
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -51221,10 +51579,6 @@ index 0000000..f29c4de
+
+- Set files with the munin_exec_t type, if you want to transition an executable to the munin_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/munin-.*, /usr/share/munin/munin-.*, /usr/share/munin/plugins/.*, /usr/bin/munin-.*
+
+.EX
+.PP
@@ -51378,17 +51732,19 @@ index 0000000..f29c4de
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), munin(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), munin(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/mysqld_safe_selinux.8 b/man/man8/mysqld_safe_selinux.8
new file mode 100644
-index 0000000..3346da5
+index 0000000..cfdbddd
--- /dev/null
+++ b/man/man8/mysqld_safe_selinux.8
-@@ -0,0 +1,109 @@
-+.TH "mysqld_safe_selinux" "8" "mysqld_safe" "dwalsh at redhat.com" "mysqld_safe SELinux Policy documentation"
+@@ -0,0 +1,111 @@
++.TH "mysqld_safe_selinux" "8" "12-10-19" "mysqld_safe" "SELinux Policy documentation for mysqld_safe"
+.SH "NAME"
+mysqld_safe_selinux \- Security Enhanced Linux Policy for the mysqld_safe processes
+.SH "DESCRIPTION"
@@ -51492,19 +51848,21 @@ index 0000000..3346da5
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mysqld_safe(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mysqld_safe(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, mysqld_selinux(8), mysqld_selinux(8)
\ No newline at end of file
diff --git a/man/man8/mysqld_selinux.8 b/man/man8/mysqld_selinux.8
new file mode 100644
-index 0000000..f42b27f
+index 0000000..353b095
--- /dev/null
+++ b/man/man8/mysqld_selinux.8
-@@ -0,0 +1,279 @@
-+.TH "mysqld_selinux" "8" "mysqld" "dwalsh at redhat.com" "mysqld SELinux Policy documentation"
+@@ -0,0 +1,283 @@
++.TH "mysqld_selinux" "8" "12-10-19" "mysqld" "SELinux Policy documentation for mysqld"
+.SH "NAME"
+mysqld_selinux \- Security Enhanced Linux Policy for the mysqld processes
+.SH "DESCRIPTION"
@@ -51522,7 +51880,7 @@ index 0000000..f42b27f
+
+The mysqld_t SELinux type can be entered via the "mysqld_exec_t" file type. The default entrypoint paths for the mysqld_t domain are the following:"
+
-+/usr/libexec/mysqld, /usr/bin/mysql_upgrade, /usr/sbin/mysqld(-max)?, /usr/sbin/ndbd
++/usr/sbin/mysqld(-max)?, /usr/sbin/ndbd, /usr/libexec/mysqld, /usr/bin/mysql_upgrade
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -51559,6 +51917,20 @@ index 0000000..f42b27f
+.B setsebool -P selinuxuser_mysql_connect_enabled 1
+.EE
+
++.PP
++If you want to allow mysqld to connect to all ports, you must turn on the mysql_connect_any boolean.
++
++.EX
++.B setsebool -P mysql_connect_any 1
++.EE
++
++.PP
++If you want to allow users to connect to the local mysql server, you must turn on the selinuxuser_mysql_connect_enabled boolean.
++
++.EX
++.B setsebool -P selinuxuser_mysql_connect_enabled 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -51585,10 +51957,6 @@ index 0000000..f42b27f
+
+- Set files with the mysqld_etc_t type, if you want to store mysqld files in the /etc directories.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/my\.cnf, /etc/mysql(/.*)?
+
+.EX
+.PP
@@ -51597,10 +51965,6 @@ index 0000000..f42b27f
+
+- Set files with the mysqld_exec_t type, if you want to transition an executable to the mysqld_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/mysqld, /usr/bin/mysql_upgrade, /usr/sbin/mysqld(-max)?, /usr/sbin/ndbd
+
+.EX
+.PP
@@ -51657,10 +52021,6 @@ index 0000000..f42b27f
+
+- Set files with the mysqld_var_run_t type, if you want to store the mysqld files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/mysqld(/.*)?, /var/lib/mysql/mysql\.sock
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -51778,19 +52138,21 @@ index 0000000..f42b27f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mysqld(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mysqld(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), mysqld_safe_selinux(8), mysqlmanagerd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/mysqlmanagerd_selinux.8 b/man/man8/mysqlmanagerd_selinux.8
new file mode 100644
-index 0000000..ee79494
+index 0000000..2669008
--- /dev/null
+++ b/man/man8/mysqlmanagerd_selinux.8
-@@ -0,0 +1,136 @@
-+.TH "mysqlmanagerd_selinux" "8" "mysqlmanagerd" "dwalsh at redhat.com" "mysqlmanagerd SELinux Policy documentation"
+@@ -0,0 +1,138 @@
++.TH "mysqlmanagerd_selinux" "8" "12-10-19" "mysqlmanagerd" "SELinux Policy documentation for mysqlmanagerd"
+.SH "NAME"
+mysqlmanagerd_selinux \- Security Enhanced Linux Policy for the mysqlmanagerd processes
+.SH "DESCRIPTION"
@@ -51922,17 +52284,19 @@ index 0000000..ee79494
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), mysqlmanagerd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), mysqlmanagerd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/nagios_admin_plugin_selinux.8 b/man/man8/nagios_admin_plugin_selinux.8
new file mode 100644
-index 0000000..0c53f7d
+index 0000000..0cdcd8d
--- /dev/null
+++ b/man/man8/nagios_admin_plugin_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "nagios_admin_plugin_selinux" "8" "nagios_admin_plugin" "dwalsh at redhat.com" "nagios_admin_plugin SELinux Policy documentation"
+@@ -0,0 +1,87 @@
++.TH "nagios_admin_plugin_selinux" "8" "12-10-19" "nagios_admin_plugin" "SELinux Policy documentation for nagios_admin_plugin"
+.SH "NAME"
+nagios_admin_plugin_selinux \- Security Enhanced Linux Policy for the nagios_admin_plugin processes
+.SH "DESCRIPTION"
@@ -51995,10 +52359,6 @@ index 0000000..0c53f7d
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type nagios_admin_plugin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -52016,19 +52376,21 @@ index 0000000..0c53f7d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nagios_admin_plugin(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nagios_admin_plugin(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nagios_selinux(8), nagios_selinux(8), nagios_checkdisk_plugin_selinux(8), nagios_eventhandler_plugin_selinux(8), nagios_mail_plugin_selinux(8), nagios_services_plugin_selinux(8), nagios_system_plugin_selinux(8), nagios_unconfined_plugin_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nagios_checkdisk_plugin_selinux.8 b/man/man8/nagios_checkdisk_plugin_selinux.8
new file mode 100644
-index 0000000..21fd651
+index 0000000..43b8d3f
--- /dev/null
+++ b/man/man8/nagios_checkdisk_plugin_selinux.8
-@@ -0,0 +1,93 @@
-+.TH "nagios_checkdisk_plugin_selinux" "8" "nagios_checkdisk_plugin" "dwalsh at redhat.com" "nagios_checkdisk_plugin SELinux Policy documentation"
+@@ -0,0 +1,87 @@
++.TH "nagios_checkdisk_plugin_selinux" "8" "12-10-19" "nagios_checkdisk_plugin" "SELinux Policy documentation for nagios_checkdisk_plugin"
+.SH "NAME"
+nagios_checkdisk_plugin_selinux \- Security Enhanced Linux Policy for the nagios_checkdisk_plugin processes
+.SH "DESCRIPTION"
@@ -52046,7 +52408,7 @@ index 0000000..21fd651
+
+The nagios_checkdisk_plugin_t SELinux type can be entered via the "nagios_checkdisk_plugin_exec_t" file type. The default entrypoint paths for the nagios_checkdisk_plugin_t domain are the following:"
+
-+/usr/lib/nagios/plugins/check_linux_raid, /usr/lib/nagios/plugins/check_disk_smb, /usr/lib/nagios/plugins/check_ide_smart, /usr/lib/nagios/plugins/check_disk
++/usr/lib/nagios/plugins/check_disk, /usr/lib/nagios/plugins/check_disk_smb, /usr/lib/nagios/plugins/check_ide_smart, /usr/lib/nagios/plugins/check_linux_raid
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -52083,10 +52445,6 @@ index 0000000..21fd651
+
+- Set files with the nagios_checkdisk_plugin_exec_t type, if you want to transition an executable to the nagios_checkdisk_plugin_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/nagios/plugins/check_linux_raid, /usr/lib/nagios/plugins/check_disk_smb, /usr/lib/nagios/plugins/check_ide_smart, /usr/lib/nagios/plugins/check_disk
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -52095,10 +52453,6 @@ index 0000000..21fd651
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type nagios_checkdisk_plugin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -52116,19 +52470,21 @@ index 0000000..21fd651
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nagios_checkdisk_plugin(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nagios_checkdisk_plugin(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nagios_selinux(8), nagios_selinux(8), nagios_admin_plugin_selinux(8), nagios_eventhandler_plugin_selinux(8), nagios_mail_plugin_selinux(8), nagios_services_plugin_selinux(8), nagios_system_plugin_selinux(8), nagios_unconfined_plugin_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nagios_eventhandler_plugin_selinux.8 b/man/man8/nagios_eventhandler_plugin_selinux.8
new file mode 100644
-index 0000000..12b6701
+index 0000000..6062bdf
--- /dev/null
+++ b/man/man8/nagios_eventhandler_plugin_selinux.8
-@@ -0,0 +1,109 @@
-+.TH "nagios_eventhandler_plugin_selinux" "8" "nagios_eventhandler_plugin" "dwalsh at redhat.com" "nagios_eventhandler_plugin SELinux Policy documentation"
+@@ -0,0 +1,111 @@
++.TH "nagios_eventhandler_plugin_selinux" "8" "12-10-19" "nagios_eventhandler_plugin" "SELinux Policy documentation for nagios_eventhandler_plugin"
+.SH "NAME"
+nagios_eventhandler_plugin_selinux \- Security Enhanced Linux Policy for the nagios_eventhandler_plugin processes
+.SH "DESCRIPTION"
@@ -52232,19 +52588,21 @@ index 0000000..12b6701
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nagios_eventhandler_plugin(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nagios_eventhandler_plugin(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nagios_selinux(8), nagios_selinux(8), nagios_admin_plugin_selinux(8), nagios_checkdisk_plugin_selinux(8), nagios_mail_plugin_selinux(8), nagios_services_plugin_selinux(8), nagios_system_plugin_selinux(8), nagios_unconfined_plugin_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nagios_mail_plugin_selinux.8 b/man/man8/nagios_mail_plugin_selinux.8
new file mode 100644
-index 0000000..2b34de1
+index 0000000..0267447
--- /dev/null
+++ b/man/man8/nagios_mail_plugin_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "nagios_mail_plugin_selinux" "8" "nagios_mail_plugin" "dwalsh at redhat.com" "nagios_mail_plugin SELinux Policy documentation"
+@@ -0,0 +1,87 @@
++.TH "nagios_mail_plugin_selinux" "8" "12-10-19" "nagios_mail_plugin" "SELinux Policy documentation for nagios_mail_plugin"
+.SH "NAME"
+nagios_mail_plugin_selinux \- Security Enhanced Linux Policy for the nagios_mail_plugin processes
+.SH "DESCRIPTION"
@@ -52307,10 +52665,6 @@ index 0000000..2b34de1
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type nagios_mail_plugin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -52328,19 +52682,21 @@ index 0000000..2b34de1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nagios_mail_plugin(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nagios_mail_plugin(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nagios_selinux(8), nagios_selinux(8), nagios_admin_plugin_selinux(8), nagios_checkdisk_plugin_selinux(8), nagios_eventhandler_plugin_selinux(8), nagios_services_plugin_selinux(8), nagios_system_plugin_selinux(8), nagios_unconfined_plugin_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nagios_selinux.8 b/man/man8/nagios_selinux.8
new file mode 100644
-index 0000000..a236021
+index 0000000..8bc7a6f
--- /dev/null
+++ b/man/man8/nagios_selinux.8
-@@ -0,0 +1,275 @@
-+.TH "nagios_selinux" "8" "nagios" "dwalsh at redhat.com" "nagios SELinux Policy documentation"
+@@ -0,0 +1,257 @@
++.TH "nagios_selinux" "8" "12-10-19" "nagios" "SELinux Policy documentation for nagios"
+.SH "NAME"
+nagios_selinux \- Security Enhanced Linux Policy for the nagios processes
+.SH "DESCRIPTION"
@@ -52403,10 +52759,6 @@ index 0000000..a236021
+
+- Set files with the nagios_checkdisk_plugin_exec_t type, if you want to transition an executable to the nagios_checkdisk_plugin_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/nagios/plugins/check_linux_raid, /usr/lib/nagios/plugins/check_disk_smb, /usr/lib/nagios/plugins/check_ide_smart, /usr/lib/nagios/plugins/check_disk
+
+.EX
+.PP
@@ -52447,10 +52799,6 @@ index 0000000..a236021
+
+- Set files with the nagios_initrc_exec_t type, if you want to transition an executable to the nagios_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/nagios, /etc/rc\.d/init\.d/nrpe
+
+.EX
+.PP
@@ -52459,10 +52807,6 @@ index 0000000..a236021
+
+- Set files with the nagios_log_t type, if you want to treat the data as nagios log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/netsaint(/.*)?, /var/log/nagios(/.*)?
+
+.EX
+.PP
@@ -52479,10 +52823,6 @@ index 0000000..a236021
+
+- Set files with the nagios_services_plugin_exec_t type, if you want to transition an executable to the nagios_services_plugin_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/nagios/plugins/check_time, /usr/lib/nagios/plugins/check_dhcp, /usr/lib/nagios/plugins/check_radius, /usr/lib/nagios/plugins/check_nrpe, /usr/lib/nagios/plugins/check_smtp, /usr/lib/nagios/plugins/check_cluster, /usr/lib/nagios/plugins/check_sip, /usr/lib/nagios/plugins/check_ssh, /usr/lib/nagios/plugins/check_pgsql, /usr/lib/nagios/plugins/check_ntp.*, /usr/lib/nagios/plugins/check_ldap, /usr/lib/nagios/plugins/check_real, /usr/lib/nagios/plugins/check_dummy, /usr/lib/nagios/plugins/check_ping, /usr/lib/nagios/plugins/check_nt, /usr/lib/nagios/plugins/check_game, /usr/lib/nagios/plugins/check_breeze, /usr/lib/nagios/plugins/check_tcp, /usr/lib/nagios/plugins/check_rpc, /usr/lib/nagios/plugins/check_oracle, /usr/lib/nagios/plugins/check_ups, /usr/lib/nagios/plugins/check_dns, /usr/lib/nagios/plugins/check_ircd, /usr/lib/nagios/plugins/check_dig, /usr/lib/nagios/plugins/check_mysql_query, /usr/lib/nagios/plugins/check_hpjd, /usr/lib/nagios/plugins/check_mysql, /usr/
lib/nagios/plugins/check_icmp, /usr/lib/nagios/plugins/check_http, /usr/lib/nagios/plugins/check_snmp.*, /usr/lib/nagios/plugins/check_fping
+
+.EX
+.PP
@@ -52499,10 +52839,6 @@ index 0000000..a236021
+
+- Set files with the nagios_system_plugin_exec_t type, if you want to transition an executable to the nagios_system_plugin_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/nagios/plugins/check_log, /usr/lib/nagios/plugins/check_load, /usr/lib/nagios/plugins/check_nwstat, /usr/lib/nagios/plugins/check_nagios, /usr/lib/nagios/plugins/check_flexlm, /usr/lib/nagios/plugins/check_swap, /usr/lib/nagios/plugins/check_users, /usr/lib/nagios/plugins/check_ifstatus, /usr/lib/nagios/plugins/check_ifoperstatus, /usr/lib/nagios/plugins/check_wave, /usr/lib/nagios/plugins/check_mrtgtraf, /usr/lib/nagios/plugins/check_procs, /usr/lib/nagios/plugins/check_sensors, /usr/lib/nagios/plugins/check_mrtg, /usr/lib/nagios/plugins/check_overcr
+
+.EX
+.PP
@@ -52610,19 +52946,21 @@ index 0000000..a236021
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nagios(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nagios(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nagios_admin_plugin_selinux(8), nagios_checkdisk_plugin_selinux(8), nagios_eventhandler_plugin_selinux(8), nagios_mail_plugin_selinux(8), nagios_services_plugin_selinux(8), nagios_system_plugin_selinux(8), nagios_unconfined_plugin_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nagios_services_plugin_selinux.8 b/man/man8/nagios_services_plugin_selinux.8
new file mode 100644
-index 0000000..0a6760e
+index 0000000..235655f
--- /dev/null
+++ b/man/man8/nagios_services_plugin_selinux.8
-@@ -0,0 +1,107 @@
-+.TH "nagios_services_plugin_selinux" "8" "nagios_services_plugin" "dwalsh at redhat.com" "nagios_services_plugin SELinux Policy documentation"
+@@ -0,0 +1,101 @@
++.TH "nagios_services_plugin_selinux" "8" "12-10-19" "nagios_services_plugin" "SELinux Policy documentation for nagios_services_plugin"
+.SH "NAME"
+nagios_services_plugin_selinux \- Security Enhanced Linux Policy for the nagios_services_plugin processes
+.SH "DESCRIPTION"
@@ -52640,7 +52978,7 @@ index 0000000..0a6760e
+
+The nagios_services_plugin_t SELinux type can be entered via the "nagios_services_plugin_exec_t" file type. The default entrypoint paths for the nagios_services_plugin_t domain are the following:"
+
-+/usr/lib/nagios/plugins/check_time, /usr/lib/nagios/plugins/check_dhcp, /usr/lib/nagios/plugins/check_radius, /usr/lib/nagios/plugins/check_nrpe, /usr/lib/nagios/plugins/check_smtp, /usr/lib/nagios/plugins/check_cluster, /usr/lib/nagios/plugins/check_sip, /usr/lib/nagios/plugins/check_ssh, /usr/lib/nagios/plugins/check_pgsql, /usr/lib/nagios/plugins/check_ntp.*, /usr/lib/nagios/plugins/check_ldap, /usr/lib/nagios/plugins/check_real, /usr/lib/nagios/plugins/check_dummy, /usr/lib/nagios/plugins/check_ping, /usr/lib/nagios/plugins/check_nt, /usr/lib/nagios/plugins/check_game, /usr/lib/nagios/plugins/check_breeze, /usr/lib/nagios/plugins/check_tcp, /usr/lib/nagios/plugins/check_rpc, /usr/lib/nagios/plugins/check_oracle, /usr/lib/nagios/plugins/check_ups, /usr/lib/nagios/plugins/check_dns, /usr/lib/nagios/plugins/check_ircd, /usr/lib/nagios/plugins/check_dig, /usr/lib/nagios/plugins/check_mysql_query, /usr/lib/nagios/plugins/check_hpjd, /usr/lib/nagios/plugins/check_mysql, /usr/
lib/nagios/plugins/check_icmp, /usr/lib/nagios/plugins/check_http, /usr/lib/nagios/plugins/check_snmp.*, /usr/lib/nagios/plugins/check_fping
++/usr/lib/nagios/plugins/check_ntp.*, /usr/lib/nagios/plugins/check_snmp.*, /usr/lib/nagios/plugins/check_nt, /usr/lib/nagios/plugins/check_dig, /usr/lib/nagios/plugins/check_dns, /usr/lib/nagios/plugins/check_rpc, /usr/lib/nagios/plugins/check_tcp, /usr/lib/nagios/plugins/check_sip, /usr/lib/nagios/plugins/check_ssh, /usr/lib/nagios/plugins/check_ups, /usr/lib/nagios/plugins/check_dhcp, /usr/lib/nagios/plugins/check_game, /usr/lib/nagios/plugins/check_hpjd, /usr/lib/nagios/plugins/check_http, /usr/lib/nagios/plugins/check_icmp, /usr/lib/nagios/plugins/check_ircd, /usr/lib/nagios/plugins/check_ldap, /usr/lib/nagios/plugins/check_nrpe, /usr/lib/nagios/plugins/check_ping, /usr/lib/nagios/plugins/check_real, /usr/lib/nagios/plugins/check_time, /usr/lib/nagios/plugins/check_smtp, /usr/lib/nagios/plugins/check_dummy, /usr/lib/nagios/plugins/check_fping, /usr/lib/nagios/plugins/check_mysql, /usr/lib/nagios/plugins/check_pgsql, /usr/lib/nagios/plugins/check_breeze, /usr/lib/nagios/
plugins/check_oracle, /usr/lib/nagios/plugins/check_radius, /usr/lib/nagios/plugins/check_cluster, /usr/lib/nagios/plugins/check_mysql_query
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -52677,10 +53015,6 @@ index 0000000..0a6760e
+
+- Set files with the nagios_services_plugin_exec_t type, if you want to transition an executable to the nagios_services_plugin_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/nagios/plugins/check_time, /usr/lib/nagios/plugins/check_dhcp, /usr/lib/nagios/plugins/check_radius, /usr/lib/nagios/plugins/check_nrpe, /usr/lib/nagios/plugins/check_smtp, /usr/lib/nagios/plugins/check_cluster, /usr/lib/nagios/plugins/check_sip, /usr/lib/nagios/plugins/check_ssh, /usr/lib/nagios/plugins/check_pgsql, /usr/lib/nagios/plugins/check_ntp.*, /usr/lib/nagios/plugins/check_ldap, /usr/lib/nagios/plugins/check_real, /usr/lib/nagios/plugins/check_dummy, /usr/lib/nagios/plugins/check_ping, /usr/lib/nagios/plugins/check_nt, /usr/lib/nagios/plugins/check_game, /usr/lib/nagios/plugins/check_breeze, /usr/lib/nagios/plugins/check_tcp, /usr/lib/nagios/plugins/check_rpc, /usr/lib/nagios/plugins/check_oracle, /usr/lib/nagios/plugins/check_ups, /usr/lib/nagios/plugins/check_dns, /usr/lib/nagios/plugins/check_ircd, /usr/lib/nagios/plugins/check_dig, /usr/lib/nagios/plugins/check_mysql_query, /usr/lib/nagios/plugins/check_hpjd, /usr/lib/nagios/plugins/check_mysql, /usr/
lib/nagios/plugins/check_icmp, /usr/lib/nagios/plugins/check_http, /usr/lib/nagios/plugins/check_snmp.*, /usr/lib/nagios/plugins/check_fping
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -52689,10 +53023,6 @@ index 0000000..0a6760e
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type nagios_services_plugin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -52724,19 +53054,21 @@ index 0000000..0a6760e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nagios_services_plugin(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nagios_services_plugin(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nagios_selinux(8), nagios_selinux(8), nagios_admin_plugin_selinux(8), nagios_checkdisk_plugin_selinux(8), nagios_eventhandler_plugin_selinux(8), nagios_mail_plugin_selinux(8), nagios_system_plugin_selinux(8), nagios_unconfined_plugin_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nagios_system_plugin_selinux.8 b/man/man8/nagios_system_plugin_selinux.8
new file mode 100644
-index 0000000..b69a301
+index 0000000..acea398
--- /dev/null
+++ b/man/man8/nagios_system_plugin_selinux.8
-@@ -0,0 +1,105 @@
-+.TH "nagios_system_plugin_selinux" "8" "nagios_system_plugin" "dwalsh at redhat.com" "nagios_system_plugin SELinux Policy documentation"
+@@ -0,0 +1,103 @@
++.TH "nagios_system_plugin_selinux" "8" "12-10-19" "nagios_system_plugin" "SELinux Policy documentation for nagios_system_plugin"
+.SH "NAME"
+nagios_system_plugin_selinux \- Security Enhanced Linux Policy for the nagios_system_plugin processes
+.SH "DESCRIPTION"
@@ -52754,7 +53086,7 @@ index 0000000..b69a301
+
+The nagios_system_plugin_t SELinux type can be entered via the "nagios_system_plugin_exec_t" file type. The default entrypoint paths for the nagios_system_plugin_t domain are the following:"
+
-+/usr/lib/nagios/plugins/check_log, /usr/lib/nagios/plugins/check_load, /usr/lib/nagios/plugins/check_nwstat, /usr/lib/nagios/plugins/check_nagios, /usr/lib/nagios/plugins/check_flexlm, /usr/lib/nagios/plugins/check_swap, /usr/lib/nagios/plugins/check_users, /usr/lib/nagios/plugins/check_ifstatus, /usr/lib/nagios/plugins/check_ifoperstatus, /usr/lib/nagios/plugins/check_wave, /usr/lib/nagios/plugins/check_mrtgtraf, /usr/lib/nagios/plugins/check_procs, /usr/lib/nagios/plugins/check_sensors, /usr/lib/nagios/plugins/check_mrtg, /usr/lib/nagios/plugins/check_overcr
++/usr/lib/nagios/plugins/check_log, /usr/lib/nagios/plugins/check_load, /usr/lib/nagios/plugins/check_mrtg, /usr/lib/nagios/plugins/check_swap, /usr/lib/nagios/plugins/check_wave, /usr/lib/nagios/plugins/check_procs, /usr/lib/nagios/plugins/check_users, /usr/lib/nagios/plugins/check_flexlm, /usr/lib/nagios/plugins/check_nagios, /usr/lib/nagios/plugins/check_nwstat, /usr/lib/nagios/plugins/check_overcr, /usr/lib/nagios/plugins/check_sensors, /usr/lib/nagios/plugins/check_ifstatus, /usr/lib/nagios/plugins/check_mrtgtraf, /usr/lib/nagios/plugins/check_ifoperstatus
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -52791,10 +53123,6 @@ index 0000000..b69a301
+
+- Set files with the nagios_system_plugin_exec_t type, if you want to transition an executable to the nagios_system_plugin_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/nagios/plugins/check_log, /usr/lib/nagios/plugins/check_load, /usr/lib/nagios/plugins/check_nwstat, /usr/lib/nagios/plugins/check_nagios, /usr/lib/nagios/plugins/check_flexlm, /usr/lib/nagios/plugins/check_swap, /usr/lib/nagios/plugins/check_users, /usr/lib/nagios/plugins/check_ifstatus, /usr/lib/nagios/plugins/check_ifoperstatus, /usr/lib/nagios/plugins/check_wave, /usr/lib/nagios/plugins/check_mrtgtraf, /usr/lib/nagios/plugins/check_procs, /usr/lib/nagios/plugins/check_sensors, /usr/lib/nagios/plugins/check_mrtg, /usr/lib/nagios/plugins/check_overcr
+
+.EX
+.PP
@@ -52836,19 +53164,21 @@ index 0000000..b69a301
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nagios_system_plugin(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nagios_system_plugin(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nagios_selinux(8), nagios_selinux(8), nagios_admin_plugin_selinux(8), nagios_checkdisk_plugin_selinux(8), nagios_eventhandler_plugin_selinux(8), nagios_mail_plugin_selinux(8), nagios_services_plugin_selinux(8), nagios_unconfined_plugin_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nagios_unconfined_plugin_selinux.8 b/man/man8/nagios_unconfined_plugin_selinux.8
new file mode 100644
-index 0000000..ee1da91
+index 0000000..536ef0a
--- /dev/null
+++ b/man/man8/nagios_unconfined_plugin_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "nagios_unconfined_plugin_selinux" "8" "nagios_unconfined_plugin" "dwalsh at redhat.com" "nagios_unconfined_plugin SELinux Policy documentation"
+@@ -0,0 +1,87 @@
++.TH "nagios_unconfined_plugin_selinux" "8" "12-10-19" "nagios_unconfined_plugin" "SELinux Policy documentation for nagios_unconfined_plugin"
+.SH "NAME"
+nagios_unconfined_plugin_selinux \- Security Enhanced Linux Policy for the nagios_unconfined_plugin processes
+.SH "DESCRIPTION"
@@ -52911,10 +53241,6 @@ index 0000000..ee1da91
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type nagios_unconfined_plugin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -52932,17 +53258,19 @@ index 0000000..ee1da91
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nagios_unconfined_plugin(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nagios_unconfined_plugin(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nagios_selinux(8), nagios_selinux(8), nagios_admin_plugin_selinux(8), nagios_checkdisk_plugin_selinux(8), nagios_eventhandler_plugin_selinux(8), nagios_mail_plugin_selinux(8), nagios_services_plugin_selinux(8), nagios_system_plugin_selinux(8)
\ No newline at end of file
diff --git a/man/man8/named_selinux.8 b/man/man8/named_selinux.8
-index fce0b48..08398a7 100644
+index fce0b48..1f725c7 100644
--- a/man/man8/named_selinux.8
+++ b/man/man8/named_selinux.8
-@@ -1,30 +1,280 @@
+@@ -1,30 +1,288 @@
-.TH "named_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "named Selinux Policy documentation"
-.de EX
-.nf
@@ -52952,7 +53280,7 @@ index fce0b48..08398a7 100644
-.ft R
-.fi
-..
-+.TH "named_selinux" "8" "named" "dwalsh at redhat.com" "named SELinux Policy documentation"
++.TH "named_selinux" "8" "12-10-19" "named" "SELinux Policy documentation for named"
.SH "NAME"
-named_selinux \- Security Enhanced Linux Policy for the Internet Name server (named) daemon
+named_selinux \- Security Enhanced Linux Policy for the named processes
@@ -52973,7 +53301,7 @@ index fce0b48..08398a7 100644
+
+The named_t SELinux type can be entered via the "named_checkconf_exec_t,named_exec_t" file types. The default entrypoint paths for the named_t domain are the following:"
+
-+/usr/sbin/named-checkconf, /usr/sbin/lwresd, /usr/sbin/named, /usr/sbin/unbound
++/usr/sbin/named-checkconf, /usr/sbin/named, /usr/sbin/lwresd, /usr/sbin/unbound
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -53018,6 +53346,20 @@ index fce0b48..08398a7 100644
+.B setsebool -P named_bind_http_port 1
+.EE
+
++.PP
++If you want to allow BIND to write the master zone files. Generally this is used for dynamic DNS or zone transfers, you must turn on the named_write_master_zones boolean.
++
++.EX
++.B setsebool -P named_write_master_zones 1
++.EE
++
++.PP
++If you want to allow BIND to bind apache port, you must turn on the named_bind_http_port boolean.
++
++.EX
++.B setsebool -P named_bind_http_port 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -53036,10 +53378,6 @@ index fce0b48..08398a7 100644
+
+- Set files with the named_cache_t type, if you want to store the files under the /var/cache directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/named/chroot/var/named/data(/.*)?, /var/named/chroot/var/tmp(/.*)?, /var/named/data(/.*)?, /var/named/chroot/var/named/slaves(/.*)?, /var/named/dynamic(/.*)?, /var/named/slaves(/.*)?, /var/named/chroot/var/named/dynamic(/.*)?
+
+.EX
+.PP
@@ -53056,10 +53394,6 @@ index fce0b48..08398a7 100644
+
+- Set files with the named_conf_t type, if you want to treat the files as named configuration data, usually stored under the /etc directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/named/chroot/etc/named\.root\.hints, /var/named/chroot(/.*)?, /var/named/named\.ca, /etc/unbound(/.*)?, /var/named/chroot/etc/named\.caching-nameserver\.conf, /etc/named\.rfc1912.zones, /etc/named\.caching-nameserver\.conf, /etc/named\.conf, /var/named/chroot/var/named/named\.ca, /var/named/chroot/etc/named\.conf, /etc/rndc.*, /var/named/chroot/etc/named\.rfc1912.zones, /etc/named\.root\.hints
+
+.EX
+.PP
@@ -53068,10 +53402,6 @@ index fce0b48..08398a7 100644
+
+- Set files with the named_exec_t type, if you want to transition an executable to the named_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/lwresd, /usr/sbin/named, /usr/sbin/unbound
+
+.EX
+.PP
@@ -53080,10 +53410,6 @@ index fce0b48..08398a7 100644
+
+- Set files with the named_initrc_exec_t type, if you want to transition an executable to the named_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/named, /etc/rc\.d/init\.d/unbound
+
+.EX
+.PP
@@ -53091,8 +53417,8 @@ index fce0b48..08398a7 100644
+.EE
+
+- Set files with the named_keytab_t type, if you want to treat the files as kerberos keytab files.
-
-
++
++
+.EX
+.PP
+.B named_log_t
@@ -53100,10 +53426,6 @@ index fce0b48..08398a7 100644
+
+- Set files with the named_log_t type, if you want to treat the data as named log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/named.*, /var/named/chroot/var/log/named.*
+
+.EX
+.PP
@@ -53120,10 +53442,6 @@ index fce0b48..08398a7 100644
+
+- Set files with the named_unit_file_t type, if you want to treat the files as named unit content.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/systemd/system/unbound.*, /usr/lib/systemd/system/named.*
+
+.EX
+.PP
@@ -53132,10 +53450,6 @@ index fce0b48..08398a7 100644
+
+- Set files with the named_var_run_t type, if you want to store the named files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/named/chroot/var/run/named.*, /var/run/ndc, /var/run/bind(/.*)?, /var/run/named(/.*)?, /var/run/unbound(/.*)?
+
+.EX
+.PP
@@ -53143,12 +53457,8 @@ index fce0b48..08398a7 100644
+.EE
+
+- Set files with the named_zone_t type, if you want to treat the files as named zone data.
-+
-+.br
-+.TP 5
-+Paths:
-+/var/named/chroot/var/named(/.*)?, /var/named(/.*)?
-+
+
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
@@ -53161,6 +53471,30 @@ index fce0b48..08398a7 100644
+The SELinux process type named_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/DNS_25
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
+.B named_cache_t
+
+ /var/named/data(/.*)?
@@ -53238,19 +53572,21 @@ index fce0b48..08398a7 100644
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), named(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), named(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), namespace_init_selinux(8)
\ No newline at end of file
diff --git a/man/man8/namespace_init_selinux.8 b/man/man8/namespace_init_selinux.8
new file mode 100644
-index 0000000..db6ac93
+index 0000000..b68fcda
--- /dev/null
+++ b/man/man8/namespace_init_selinux.8
-@@ -0,0 +1,118 @@
-+.TH "namespace_init_selinux" "8" "namespace_init" "dwalsh at redhat.com" "namespace_init SELinux Policy documentation"
+@@ -0,0 +1,120 @@
++.TH "namespace_init_selinux" "8" "12-10-19" "namespace_init" "SELinux Policy documentation for namespace_init"
+.SH "NAME"
+namespace_init_selinux \- Security Enhanced Linux Policy for the namespace_init processes
+.SH "DESCRIPTION"
@@ -53364,17 +53700,19 @@ index 0000000..db6ac93
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), namespace_init(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), namespace_init(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ncftool_selinux.8 b/man/man8/ncftool_selinux.8
new file mode 100644
-index 0000000..c060e2c
+index 0000000..b4b75af
--- /dev/null
+++ b/man/man8/ncftool_selinux.8
-@@ -0,0 +1,136 @@
-+.TH "ncftool_selinux" "8" "ncftool" "dwalsh at redhat.com" "ncftool SELinux Policy documentation"
+@@ -0,0 +1,138 @@
++.TH "ncftool_selinux" "8" "12-10-19" "ncftool" "SELinux Policy documentation for ncftool"
+.SH "NAME"
+ncftool_selinux \- Security Enhanced Linux Policy for the ncftool processes
+.SH "DESCRIPTION"
@@ -53506,17 +53844,19 @@ index 0000000..c060e2c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ncftool(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ncftool(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ndc_selinux.8 b/man/man8/ndc_selinux.8
new file mode 100644
-index 0000000..e5eb770
+index 0000000..62b5184
--- /dev/null
+++ b/man/man8/ndc_selinux.8
-@@ -0,0 +1,102 @@
-+.TH "ndc_selinux" "8" "ndc" "dwalsh at redhat.com" "ndc SELinux Policy documentation"
+@@ -0,0 +1,100 @@
++.TH "ndc_selinux" "8" "12-10-19" "ndc" "SELinux Policy documentation for ndc"
+.SH "NAME"
+ndc_selinux \- Security Enhanced Linux Policy for the ndc processes
+.SH "DESCRIPTION"
@@ -53579,10 +53919,6 @@ index 0000000..e5eb770
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type ndc_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -53614,17 +53950,19 @@ index 0000000..e5eb770
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ndc(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ndc(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/netlabel_mgmt_selinux.8 b/man/man8/netlabel_mgmt_selinux.8
new file mode 100644
-index 0000000..3bfa93e
+index 0000000..e6101c2
--- /dev/null
+++ b/man/man8/netlabel_mgmt_selinux.8
-@@ -0,0 +1,92 @@
-+.TH "netlabel_mgmt_selinux" "8" "netlabel_mgmt" "dwalsh at redhat.com" "netlabel_mgmt SELinux Policy documentation"
+@@ -0,0 +1,86 @@
++.TH "netlabel_mgmt_selinux" "8" "12-10-19" "netlabel_mgmt" "SELinux Policy documentation for netlabel_mgmt"
+.SH "NAME"
+netlabel_mgmt_selinux \- Security Enhanced Linux Policy for the netlabel_mgmt processes
+.SH "DESCRIPTION"
@@ -53679,10 +54017,6 @@ index 0000000..3bfa93e
+
+- Set files with the netlabel_mgmt_exec_t type, if you want to transition an executable to the netlabel_mgmt_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/netlabelctl, /usr/sbin/netlabelctl
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -53691,10 +54025,6 @@ index 0000000..3bfa93e
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type netlabel_mgmt_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -53712,17 +54042,19 @@ index 0000000..3bfa93e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), netlabel_mgmt(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), netlabel_mgmt(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/netlogond_selinux.8 b/man/man8/netlogond_selinux.8
new file mode 100644
-index 0000000..f85063c
+index 0000000..95003f9
--- /dev/null
+++ b/man/man8/netlogond_selinux.8
-@@ -0,0 +1,136 @@
-+.TH "netlogond_selinux" "8" "netlogond" "dwalsh at redhat.com" "netlogond SELinux Policy documentation"
+@@ -0,0 +1,134 @@
++.TH "netlogond_selinux" "8" "12-10-19" "netlogond" "SELinux Policy documentation for netlogond"
+.SH "NAME"
+netlogond_selinux \- Security Enhanced Linux Policy for the netlogond processes
+.SH "DESCRIPTION"
@@ -53785,10 +54117,6 @@ index 0000000..f85063c
+
+- Set files with the netlogond_var_lib_t type, if you want to store the netlogond files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/likewise-open/krb5-affinity.conf, /var/lib/likewise-open/LWNetsd\.err
+
+.EX
+.PP
@@ -53854,17 +54182,19 @@ index 0000000..f85063c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), netlogond(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), netlogond(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/netutils_selinux.8 b/man/man8/netutils_selinux.8
new file mode 100644
-index 0000000..039109f
+index 0000000..a051c1e
--- /dev/null
+++ b/man/man8/netutils_selinux.8
-@@ -0,0 +1,118 @@
-+.TH "netutils_selinux" "8" "netutils" "dwalsh at redhat.com" "netutils SELinux Policy documentation"
+@@ -0,0 +1,116 @@
++.TH "netutils_selinux" "8" "12-10-19" "netutils" "SELinux Policy documentation for netutils"
+.SH "NAME"
+netutils_selinux \- Security Enhanced Linux Policy for the netutils processes
+.SH "DESCRIPTION"
@@ -53919,10 +54249,6 @@ index 0000000..039109f
+
+- Set files with the netutils_exec_t type, if you want to transition an executable to the netutils_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/arping, /usr/sbin/arping, /usr/sbin/tcpdump
+
+.EX
+.PP
@@ -53978,17 +54304,19 @@ index 0000000..039109f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), netutils(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), netutils(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/newrole_selinux.8 b/man/man8/newrole_selinux.8
new file mode 100644
-index 0000000..804d237
+index 0000000..d224330
--- /dev/null
+++ b/man/man8/newrole_selinux.8
-@@ -0,0 +1,174 @@
-+.TH "newrole_selinux" "8" "newrole" "dwalsh at redhat.com" "newrole SELinux Policy documentation"
+@@ -0,0 +1,178 @@
++.TH "newrole_selinux" "8" "12-10-19" "newrole" "SELinux Policy documentation for newrole"
+.SH "NAME"
+newrole_selinux \- Security Enhanced Linux Policy for the newrole processes
+.SH "DESCRIPTION"
@@ -54086,6 +54414,8 @@ index 0000000..804d237
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -54158,10 +54488,12 @@ index 0000000..804d237
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), newrole(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), newrole(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/nfs_selinux.8 b/man/man8/nfs_selinux.8
deleted file mode 100644
index 8e30c4c..0000000
@@ -54201,11 +54533,11 @@ index 8e30c4c..0000000
-selinux(8), chcon(1), setsebool(8)
diff --git a/man/man8/nfsd_selinux.8 b/man/man8/nfsd_selinux.8
new file mode 100644
-index 0000000..e7206ec
+index 0000000..088af1b
--- /dev/null
+++ b/man/man8/nfsd_selinux.8
-@@ -0,0 +1,337 @@
-+.TH "nfsd_selinux" "8" "nfsd" "dwalsh at redhat.com" "nfsd SELinux Policy documentation"
+@@ -0,0 +1,447 @@
++.TH "nfsd_selinux" "8" "12-10-19" "nfsd" "SELinux Policy documentation for nfsd"
+.SH "NAME"
+nfsd_selinux \- Security Enhanced Linux Policy for the nfsd processes
+.SH "DESCRIPTION"
@@ -54223,7 +54555,7 @@ index 0000000..e7206ec
+
+The nfsd_t SELinux type can be entered via the "nfsd_exec_t" file type. The default entrypoint paths for the nfsd_t domain are the following:"
+
-+/usr/sbin/rpc\.mountd, /usr/sbin/rpc\.nfsd
++/usr/sbin/rpc\.nfsd, /usr/sbin/rpc\.mountd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -54247,10 +54579,24 @@ index 0000000..e7206ec
+
+
+.PP
-+If you want to allow xen to manage nfs files, you must turn on the xen_use_nfs boolean.
++If you want to allow ftp servers to use nfs used for public file transfer services, you must turn on the ftpd_use_nfs boolean.
+
+.EX
-+.B setsebool -P xen_use_nfs 1
++.B setsebool -P ftpd_use_nfs 1
++.EE
++
++.PP
++If you want to allow httpd to access nfs file systems, you must turn on the httpd_use_nfs boolean.
++
++.EX
++.B setsebool -P httpd_use_nfs 1
++.EE
++
++.PP
++If you want to allow any files/directories to be exported read/only via NFS, you must turn on the nfs_export_all_ro boolean.
++
++.EX
++.B setsebool -P nfs_export_all_ro 1
+.EE
+
+.PP
@@ -54261,24 +54607,24 @@ index 0000000..e7206ec
+.EE
+
+.PP
-+If you want to determine whether Git system daemon can access nfs file systems, you must turn on the git_system_use_nfs boolean.
++If you want to allow sge to access nfs file systems, you must turn on the sge_use_nfs boolean.
+
+.EX
-+.B setsebool -P git_system_use_nfs 1
++.B setsebool -P sge_use_nfs 1
+.EE
+
+.PP
-+If you want to allow qemu to use nfs file systems, you must turn on the qemu_use_nfs boolean.
++If you want to allow Cobbler to access nfs file systems, you must turn on the cobbler_use_nfs boolean.
+
+.EX
-+.B setsebool -P qemu_use_nfs 1
++.B setsebool -P cobbler_use_nfs 1
+.EE
+
+.PP
-+If you want to determine whether Git CGI can access nfs file systems, you must turn on the git_cgi_use_nfs boolean.
++If you want to determine whether Git system daemon can access nfs file systems, you must turn on the git_system_use_nfs boolean.
+
+.EX
-+.B setsebool -P git_cgi_use_nfs 1
++.B setsebool -P git_system_use_nfs 1
+.EE
+
+.PP
@@ -54289,6 +54635,48 @@ index 0000000..e7206ec
+.EE
+
+.PP
++If you want to allow samba to export NFS volumes, you must turn on the samba_share_nfs boolean.
++
++.EX
++.B setsebool -P samba_share_nfs 1
++.EE
++
++.PP
++If you want to allow xen to manage nfs files, you must turn on the xen_use_nfs boolean.
++
++.EX
++.B setsebool -P xen_use_nfs 1
++.EE
++
++.PP
++If you want to determine whether Polipo can access nfs file systems, you must turn on the polipo_use_nfs boolean.
++
++.EX
++.B setsebool -P polipo_use_nfs 1
++.EE
++
++.PP
++If you want to allow any files/directories to be exported read/write via NFS, you must turn on the nfs_export_all_rw boolean.
++
++.EX
++.B setsebool -P nfs_export_all_rw 1
++.EE
++
++.PP
++If you want to allow sanlock to manage nfs files, you must turn on the sanlock_use_nfs boolean.
++
++.EX
++.B setsebool -P sanlock_use_nfs 1
++.EE
++
++.PP
++If you want to determine whether Git CGI can access nfs file systems, you must turn on the git_cgi_use_nfs boolean.
++
++.EX
++.B setsebool -P git_cgi_use_nfs 1
++.EE
++
++.PP
+If you want to support NFS home directories, you must turn on the use_nfs_home_dirs boolean.
+
+.EX
@@ -54296,10 +54684,10 @@ index 0000000..e7206ec
+.EE
+
+.PP
-+If you want to allow Cobbler to access nfs file systems, you must turn on the cobbler_use_nfs boolean.
++If you want to allow ftp servers to use nfs used for public file transfer services, you must turn on the ftpd_use_nfs boolean.
+
+.EX
-+.B setsebool -P cobbler_use_nfs 1
++.B setsebool -P ftpd_use_nfs 1
+.EE
+
+.PP
@@ -54310,6 +54698,20 @@ index 0000000..e7206ec
+.EE
+
+.PP
++If you want to allow any files/directories to be exported read/only via NFS, you must turn on the nfs_export_all_ro boolean.
++
++.EX
++.B setsebool -P nfs_export_all_ro 1
++.EE
++
++.PP
++If you want to allow confined virtual guests to manage nfs files, you must turn on the virt_use_nfs boolean.
++
++.EX
++.B setsebool -P virt_use_nfs 1
++.EE
++
++.PP
+If you want to allow sge to access nfs file systems, you must turn on the sge_use_nfs boolean.
+
+.EX
@@ -54317,17 +54719,24 @@ index 0000000..e7206ec
+.EE
+
+.PP
-+If you want to allow any files/directories to be exported read/write via NFS, you must turn on the nfs_export_all_rw boolean.
++If you want to allow Cobbler to access nfs file systems, you must turn on the cobbler_use_nfs boolean.
+
+.EX
-+.B setsebool -P nfs_export_all_rw 1
++.B setsebool -P cobbler_use_nfs 1
+.EE
+
+.PP
-+If you want to allow sanlock to manage nfs files, you must turn on the sanlock_use_nfs boolean.
++If you want to determine whether Git system daemon can access nfs file systems, you must turn on the git_system_use_nfs boolean.
+
+.EX
-+.B setsebool -P sanlock_use_nfs 1
++.B setsebool -P git_system_use_nfs 1
++.EE
++
++.PP
++If you want to allow rsync servers to share nfs files systems, you must turn on the rsync_use_nfs boolean.
++
++.EX
++.B setsebool -P rsync_use_nfs 1
+.EE
+
+.PP
@@ -54338,10 +54747,10 @@ index 0000000..e7206ec
+.EE
+
+.PP
-+If you want to allow ftp servers to use nfs used for public file transfer services, you must turn on the ftpd_use_nfs boolean.
++If you want to allow xen to manage nfs files, you must turn on the xen_use_nfs boolean.
+
+.EX
-+.B setsebool -P ftpd_use_nfs 1
++.B setsebool -P xen_use_nfs 1
+.EE
+
+.PP
@@ -54352,17 +54761,31 @@ index 0000000..e7206ec
+.EE
+
+.PP
-+If you want to allow the portage domains to use NFS mounts (regular nfs_t), you must turn on the portage_use_nfs boolean.
++If you want to allow any files/directories to be exported read/write via NFS, you must turn on the nfs_export_all_rw boolean.
+
+.EX
-+.B setsebool -P portage_use_nfs 1
++.B setsebool -P nfs_export_all_rw 1
+.EE
+
+.PP
-+If you want to allow any files/directories to be exported read/only via NFS, you must turn on the nfs_export_all_ro boolean.
++If you want to allow sanlock to manage nfs files, you must turn on the sanlock_use_nfs boolean.
+
+.EX
-+.B setsebool -P nfs_export_all_ro 1
++.B setsebool -P sanlock_use_nfs 1
++.EE
++
++.PP
++If you want to determine whether Git CGI can access nfs file systems, you must turn on the git_cgi_use_nfs boolean.
++
++.EX
++.B setsebool -P git_cgi_use_nfs 1
++.EE
++
++.PP
++If you want to support NFS home directories, you must turn on the use_nfs_home_dirs boolean.
++
++.EX
++.B setsebool -P use_nfs_home_dirs 1
+.EE
+
+.SH SHARING FILES
@@ -54391,6 +54814,13 @@ index 0000000..e7206ec
+.B setsebool -P nfsd_anon_write 1
+.EE
+
++.PP
++If you want to allow nfs servers to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t., you must turn on the nfsd_anon_write boolean.
++
++.EX
++.B setsebool -P nfsd_anon_write 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -54409,10 +54839,6 @@ index 0000000..e7206ec
+
+- Set files with the nfsd_exec_t type, if you want to transition an executable to the nfsd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/rpc\.mountd, /usr/sbin/rpc\.nfsd
+
+.EX
+.PP
@@ -54483,6 +54909,20 @@ index 0000000..e7206ec
+The SELinux process type nfsd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
++.B mount_var_run_t
++
++ /run/mount(/.*)?
++.br
++ /dev/\.mount(/.*)?
++.br
++ /var/run/mount(/.*)?
++.br
++ /var/run/davfs2(/.*)?
++.br
++ /var/cache/davfs2(/.*)?
++.br
++
++.br
+.B nfsd_fs_t
+
+
@@ -54537,10 +54977,12 @@ index 0000000..e7206ec
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nfsd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nfsd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/nis_selinux.8 b/man/man8/nis_selinux.8
@@ -54552,11 +54994,11 @@ index 6271c95..0000000
-.so man8/ypbind_selinux.8
diff --git a/man/man8/nmbd_selinux.8 b/man/man8/nmbd_selinux.8
new file mode 100644
-index 0000000..b7322db
+index 0000000..c6afa84
--- /dev/null
+++ b/man/man8/nmbd_selinux.8
-@@ -0,0 +1,172 @@
-+.TH "nmbd_selinux" "8" "nmbd" "dwalsh at redhat.com" "nmbd SELinux Policy documentation"
+@@ -0,0 +1,170 @@
++.TH "nmbd_selinux" "8" "12-10-19" "nmbd" "SELinux Policy documentation for nmbd"
+.SH "NAME"
+nmbd_selinux \- Security Enhanced Linux Policy for the nmbd processes
+.SH "DESCRIPTION"
@@ -54619,10 +55061,6 @@ index 0000000..b7322db
+
+- Set files with the nmbd_var_run_t type, if you want to store the nmbd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/samba/nmbd\.pid, /var/run/samba/nmbd(/.*)?, /var/run/samba/messages\.tdb, /var/run/samba/namelist\.debug, /var/run/nmbd(/.*)?, /var/run/samba/unexpected\.tdb
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -54724,17 +55162,19 @@ index 0000000..b7322db
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nmbd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nmbd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/nova_ajax_selinux.8 b/man/man8/nova_ajax_selinux.8
new file mode 100644
-index 0000000..4f8600d
+index 0000000..7eb6a33
--- /dev/null
+++ b/man/man8/nova_ajax_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "nova_ajax_selinux" "8" "nova_ajax" "dwalsh at redhat.com" "nova_ajax SELinux Policy documentation"
+@@ -0,0 +1,129 @@
++.TH "nova_ajax_selinux" "8" "12-10-19" "nova_ajax" "SELinux Policy documentation for nova_ajax"
+.SH "NAME"
+nova_ajax_selinux \- Security Enhanced Linux Policy for the nova_ajax processes
+.SH "DESCRIPTION"
@@ -54856,19 +55296,21 @@ index 0000000..4f8600d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nova_ajax(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nova_ajax(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nova_api_selinux(8), nova_cert_selinux(8), nova_compute_selinux(8), nova_console_selinux(8), nova_direct_selinux(8), nova_network_selinux(8), nova_objectstore_selinux(8), nova_scheduler_selinux(8), nova_vncproxy_selinux(8), nova_volume_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nova_api_selinux.8 b/man/man8/nova_api_selinux.8
new file mode 100644
-index 0000000..0ac13a0
+index 0000000..c144242
--- /dev/null
+++ b/man/man8/nova_api_selinux.8
-@@ -0,0 +1,135 @@
-+.TH "nova_api_selinux" "8" "nova_api" "dwalsh at redhat.com" "nova_api SELinux Policy documentation"
+@@ -0,0 +1,129 @@
++.TH "nova_api_selinux" "8" "12-10-19" "nova_api" "SELinux Policy documentation for nova_api"
+.SH "NAME"
+nova_api_selinux \- Security Enhanced Linux Policy for the nova_api processes
+.SH "DESCRIPTION"
@@ -54923,10 +55365,6 @@ index 0000000..0ac13a0
+
+- Set files with the nova_api_exec_t type, if you want to transition an executable to the nova_api_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/nova-api, /usr//bin/nova-api-metadata
+
+.EX
+.PP
@@ -54943,10 +55381,6 @@ index 0000000..0ac13a0
+
+- Set files with the nova_api_unit_file_t type, if you want to treat the files as nova api unit content.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/systemd/system/openstack-nova-metadata-api.service.*, /usr/lib/systemd/system/openstack-nova-api.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -54998,19 +55432,21 @@ index 0000000..0ac13a0
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nova_api(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nova_api(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nova_ajax_selinux(8), nova_cert_selinux(8), nova_compute_selinux(8), nova_console_selinux(8), nova_direct_selinux(8), nova_network_selinux(8), nova_objectstore_selinux(8), nova_scheduler_selinux(8), nova_vncproxy_selinux(8), nova_volume_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nova_cert_selinux.8 b/man/man8/nova_cert_selinux.8
new file mode 100644
-index 0000000..0d44163
+index 0000000..b4f04e2
--- /dev/null
+++ b/man/man8/nova_cert_selinux.8
-@@ -0,0 +1,141 @@
-+.TH "nova_cert_selinux" "8" "nova_cert" "dwalsh at redhat.com" "nova_cert SELinux Policy documentation"
+@@ -0,0 +1,143 @@
++.TH "nova_cert_selinux" "8" "12-10-19" "nova_cert" "SELinux Policy documentation for nova_cert"
+.SH "NAME"
+nova_cert_selinux \- Security Enhanced Linux Policy for the nova_cert processes
+.SH "DESCRIPTION"
@@ -55146,19 +55582,21 @@ index 0000000..0d44163
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nova_cert(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nova_cert(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nova_ajax_selinux(8), nova_api_selinux(8), nova_compute_selinux(8), nova_console_selinux(8), nova_direct_selinux(8), nova_network_selinux(8), nova_objectstore_selinux(8), nova_scheduler_selinux(8), nova_vncproxy_selinux(8), nova_volume_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nova_compute_selinux.8 b/man/man8/nova_compute_selinux.8
new file mode 100644
-index 0000000..0740566
+index 0000000..d93f328
--- /dev/null
+++ b/man/man8/nova_compute_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "nova_compute_selinux" "8" "nova_compute" "dwalsh at redhat.com" "nova_compute SELinux Policy documentation"
+@@ -0,0 +1,129 @@
++.TH "nova_compute_selinux" "8" "12-10-19" "nova_compute" "SELinux Policy documentation for nova_compute"
+.SH "NAME"
+nova_compute_selinux \- Security Enhanced Linux Policy for the nova_compute processes
+.SH "DESCRIPTION"
@@ -55280,19 +55718,21 @@ index 0000000..0740566
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nova_compute(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nova_compute(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nova_ajax_selinux(8), nova_api_selinux(8), nova_cert_selinux(8), nova_console_selinux(8), nova_direct_selinux(8), nova_network_selinux(8), nova_objectstore_selinux(8), nova_scheduler_selinux(8), nova_vncproxy_selinux(8), nova_volume_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nova_console_selinux.8 b/man/man8/nova_console_selinux.8
new file mode 100644
-index 0000000..163d41d
+index 0000000..b0333a4
--- /dev/null
+++ b/man/man8/nova_console_selinux.8
-@@ -0,0 +1,141 @@
-+.TH "nova_console_selinux" "8" "nova_console" "dwalsh at redhat.com" "nova_console SELinux Policy documentation"
+@@ -0,0 +1,143 @@
++.TH "nova_console_selinux" "8" "12-10-19" "nova_console" "SELinux Policy documentation for nova_console"
+.SH "NAME"
+nova_console_selinux \- Security Enhanced Linux Policy for the nova_console processes
+.SH "DESCRIPTION"
@@ -55428,19 +55868,21 @@ index 0000000..163d41d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nova_console(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nova_console(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nova_ajax_selinux(8), nova_api_selinux(8), nova_cert_selinux(8), nova_compute_selinux(8), nova_direct_selinux(8), nova_network_selinux(8), nova_objectstore_selinux(8), nova_scheduler_selinux(8), nova_vncproxy_selinux(8), nova_volume_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nova_direct_selinux.8 b/man/man8/nova_direct_selinux.8
new file mode 100644
-index 0000000..a890cdb
+index 0000000..db206cf
--- /dev/null
+++ b/man/man8/nova_direct_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "nova_direct_selinux" "8" "nova_direct" "dwalsh at redhat.com" "nova_direct SELinux Policy documentation"
+@@ -0,0 +1,129 @@
++.TH "nova_direct_selinux" "8" "12-10-19" "nova_direct" "SELinux Policy documentation for nova_direct"
+.SH "NAME"
+nova_direct_selinux \- Security Enhanced Linux Policy for the nova_direct processes
+.SH "DESCRIPTION"
@@ -55562,19 +56004,21 @@ index 0000000..a890cdb
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nova_direct(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nova_direct(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nova_ajax_selinux(8), nova_api_selinux(8), nova_cert_selinux(8), nova_compute_selinux(8), nova_console_selinux(8), nova_network_selinux(8), nova_objectstore_selinux(8), nova_scheduler_selinux(8), nova_vncproxy_selinux(8), nova_volume_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nova_network_selinux.8 b/man/man8/nova_network_selinux.8
new file mode 100644
-index 0000000..a7f0264
+index 0000000..ca87e70
--- /dev/null
+++ b/man/man8/nova_network_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "nova_network_selinux" "8" "nova_network" "dwalsh at redhat.com" "nova_network SELinux Policy documentation"
+@@ -0,0 +1,129 @@
++.TH "nova_network_selinux" "8" "12-10-19" "nova_network" "SELinux Policy documentation for nova_network"
+.SH "NAME"
+nova_network_selinux \- Security Enhanced Linux Policy for the nova_network processes
+.SH "DESCRIPTION"
@@ -55696,19 +56140,21 @@ index 0000000..a7f0264
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nova_network(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nova_network(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nova_ajax_selinux(8), nova_api_selinux(8), nova_cert_selinux(8), nova_compute_selinux(8), nova_console_selinux(8), nova_direct_selinux(8), nova_objectstore_selinux(8), nova_scheduler_selinux(8), nova_vncproxy_selinux(8), nova_volume_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nova_objectstore_selinux.8 b/man/man8/nova_objectstore_selinux.8
new file mode 100644
-index 0000000..d20507b
+index 0000000..98ad758
--- /dev/null
+++ b/man/man8/nova_objectstore_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "nova_objectstore_selinux" "8" "nova_objectstore" "dwalsh at redhat.com" "nova_objectstore SELinux Policy documentation"
+@@ -0,0 +1,129 @@
++.TH "nova_objectstore_selinux" "8" "12-10-19" "nova_objectstore" "SELinux Policy documentation for nova_objectstore"
+.SH "NAME"
+nova_objectstore_selinux \- Security Enhanced Linux Policy for the nova_objectstore processes
+.SH "DESCRIPTION"
@@ -55830,19 +56276,21 @@ index 0000000..d20507b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nova_objectstore(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nova_objectstore(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nova_ajax_selinux(8), nova_api_selinux(8), nova_cert_selinux(8), nova_compute_selinux(8), nova_console_selinux(8), nova_direct_selinux(8), nova_network_selinux(8), nova_scheduler_selinux(8), nova_vncproxy_selinux(8), nova_volume_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nova_scheduler_selinux.8 b/man/man8/nova_scheduler_selinux.8
new file mode 100644
-index 0000000..3d83e0a
+index 0000000..ef06647
--- /dev/null
+++ b/man/man8/nova_scheduler_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "nova_scheduler_selinux" "8" "nova_scheduler" "dwalsh at redhat.com" "nova_scheduler SELinux Policy documentation"
+@@ -0,0 +1,129 @@
++.TH "nova_scheduler_selinux" "8" "12-10-19" "nova_scheduler" "SELinux Policy documentation for nova_scheduler"
+.SH "NAME"
+nova_scheduler_selinux \- Security Enhanced Linux Policy for the nova_scheduler processes
+.SH "DESCRIPTION"
@@ -55964,19 +56412,21 @@ index 0000000..3d83e0a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nova_scheduler(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nova_scheduler(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nova_ajax_selinux(8), nova_api_selinux(8), nova_cert_selinux(8), nova_compute_selinux(8), nova_console_selinux(8), nova_direct_selinux(8), nova_network_selinux(8), nova_objectstore_selinux(8), nova_vncproxy_selinux(8), nova_volume_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nova_vncproxy_selinux.8 b/man/man8/nova_vncproxy_selinux.8
new file mode 100644
-index 0000000..fc14781
+index 0000000..95d51b9
--- /dev/null
+++ b/man/man8/nova_vncproxy_selinux.8
-@@ -0,0 +1,135 @@
-+.TH "nova_vncproxy_selinux" "8" "nova_vncproxy" "dwalsh at redhat.com" "nova_vncproxy SELinux Policy documentation"
+@@ -0,0 +1,129 @@
++.TH "nova_vncproxy_selinux" "8" "12-10-19" "nova_vncproxy" "SELinux Policy documentation for nova_vncproxy"
+.SH "NAME"
+nova_vncproxy_selinux \- Security Enhanced Linux Policy for the nova_vncproxy processes
+.SH "DESCRIPTION"
@@ -56031,10 +56481,6 @@ index 0000000..fc14781
+
+- Set files with the nova_vncproxy_exec_t type, if you want to transition an executable to the nova_vncproxy_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/nova-vncproxy, /usr/bin/nova-xvpvncproxy
+
+.EX
+.PP
@@ -56051,10 +56497,6 @@ index 0000000..fc14781
+
+- Set files with the nova_vncproxy_unit_file_t type, if you want to treat the files as nova vncproxy unit content.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/systemd/system/openstack-nova-xvpvncproxy.*, /usr/lib/systemd/system/openstack-nova-vncproxy.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -56106,19 +56548,21 @@ index 0000000..fc14781
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nova_vncproxy(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nova_vncproxy(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nova_ajax_selinux(8), nova_api_selinux(8), nova_cert_selinux(8), nova_compute_selinux(8), nova_console_selinux(8), nova_direct_selinux(8), nova_network_selinux(8), nova_objectstore_selinux(8), nova_scheduler_selinux(8), nova_volume_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nova_volume_selinux.8 b/man/man8/nova_volume_selinux.8
new file mode 100644
-index 0000000..d7d149e
+index 0000000..9c3e42f
--- /dev/null
+++ b/man/man8/nova_volume_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "nova_volume_selinux" "8" "nova_volume" "dwalsh at redhat.com" "nova_volume SELinux Policy documentation"
+@@ -0,0 +1,129 @@
++.TH "nova_volume_selinux" "8" "12-10-19" "nova_volume" "SELinux Policy documentation for nova_volume"
+.SH "NAME"
+nova_volume_selinux \- Security Enhanced Linux Policy for the nova_volume processes
+.SH "DESCRIPTION"
@@ -56240,19 +56684,21 @@ index 0000000..d7d149e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nova_volume(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nova_volume(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nova_ajax_selinux(8), nova_api_selinux(8), nova_cert_selinux(8), nova_compute_selinux(8), nova_console_selinux(8), nova_direct_selinux(8), nova_network_selinux(8), nova_objectstore_selinux(8), nova_scheduler_selinux(8), nova_vncproxy_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nrpe_selinux.8 b/man/man8/nrpe_selinux.8
new file mode 100644
-index 0000000..e4518db
+index 0000000..0b95b02
--- /dev/null
+++ b/man/man8/nrpe_selinux.8
-@@ -0,0 +1,122 @@
-+.TH "nrpe_selinux" "8" "nrpe" "dwalsh at redhat.com" "nrpe SELinux Policy documentation"
+@@ -0,0 +1,124 @@
++.TH "nrpe_selinux" "8" "12-10-19" "nrpe" "SELinux Policy documentation for nrpe"
+.SH "NAME"
+nrpe_selinux \- Security Enhanced Linux Policy for the nrpe processes
+.SH "DESCRIPTION"
@@ -56370,17 +56816,19 @@ index 0000000..e4518db
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nrpe(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nrpe(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/nscd_selinux.8 b/man/man8/nscd_selinux.8
new file mode 100644
-index 0000000..0aaac5e
+index 0000000..67e669f
--- /dev/null
+++ b/man/man8/nscd_selinux.8
-@@ -0,0 +1,179 @@
-+.TH "nscd_selinux" "8" "nscd" "dwalsh at redhat.com" "nscd SELinux Policy documentation"
+@@ -0,0 +1,184 @@
++.TH "nscd_selinux" "8" "12-10-19" "nscd" "SELinux Policy documentation for nscd"
+.SH "NAME"
+nscd_selinux \- Security Enhanced Linux Policy for the nscd processes
+.SH "DESCRIPTION"
@@ -56428,6 +56876,13 @@ index 0000000..0aaac5e
+.B setsebool -P nscd_use_shm 1
+.EE
+
++.PP
++If you want to allow confined applications to use nscd shared memory, you must turn on the nscd_use_shm boolean.
++
++.EX
++.B setsebool -P nscd_use_shm 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -56478,10 +56933,6 @@ index 0000000..0aaac5e
+
+- Set files with the nscd_var_run_t type, if you want to store the nscd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/nscd\.pid, /var/run/nscd(/.*)?, /var/db/nscd(/.*)?, /var/run/\.nscd_socket, /var/cache/nscd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -56554,19 +57005,21 @@ index 0000000..0aaac5e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nscd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nscd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/nslcd_selinux.8 b/man/man8/nslcd_selinux.8
new file mode 100644
-index 0000000..c4426c1
+index 0000000..bb8f39c
--- /dev/null
+++ b/man/man8/nslcd_selinux.8
-@@ -0,0 +1,132 @@
-+.TH "nslcd_selinux" "8" "nslcd" "dwalsh at redhat.com" "nslcd SELinux Policy documentation"
+@@ -0,0 +1,134 @@
++.TH "nslcd_selinux" "8" "12-10-19" "nslcd" "SELinux Policy documentation for nslcd"
+.SH "NAME"
+nslcd_selinux \- Security Enhanced Linux Policy for the nslcd processes
+.SH "DESCRIPTION"
@@ -56694,17 +57147,19 @@ index 0000000..c4426c1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nslcd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nslcd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ntop_selinux.8 b/man/man8/ntop_selinux.8
new file mode 100644
-index 0000000..3fdc8b0
+index 0000000..cf42caa
--- /dev/null
+++ b/man/man8/ntop_selinux.8
-@@ -0,0 +1,186 @@
-+.TH "ntop_selinux" "8" "ntop" "dwalsh at redhat.com" "ntop SELinux Policy documentation"
+@@ -0,0 +1,188 @@
++.TH "ntop_selinux" "8" "12-10-19" "ntop" "SELinux Policy documentation for ntop"
+.SH "NAME"
+ntop_selinux \- Security Enhanced Linux Policy for the ntop processes
+.SH "DESCRIPTION"
@@ -56886,17 +57341,19 @@ index 0000000..3fdc8b0
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ntop(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ntop(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ntpd_selinux.8 b/man/man8/ntpd_selinux.8
new file mode 100644
-index 0000000..ff6d5c6
+index 0000000..ab90d8e
--- /dev/null
+++ b/man/man8/ntpd_selinux.8
-@@ -0,0 +1,250 @@
-+.TH "ntpd_selinux" "8" "ntpd" "dwalsh at redhat.com" "ntpd SELinux Policy documentation"
+@@ -0,0 +1,240 @@
++.TH "ntpd_selinux" "8" "12-10-19" "ntpd" "SELinux Policy documentation for ntpd"
+.SH "NAME"
+ntpd_selinux \- Security Enhanced Linux Policy for the ntpd processes
+.SH "DESCRIPTION"
@@ -56914,7 +57371,7 @@ index 0000000..ff6d5c6
+
+The ntpd_t SELinux type can be entered via the "ntpd_exec_t,ntpdate_exec_t" file types. The default entrypoint paths for the ntpd_t domain are the following:"
+
-+/usr/sbin/ntpd, /etc/cron\.(daily|weekly)/ntp-server, /etc/cron\.(daily|weekly)/ntp-simple, /usr/sbin/ntpdate
++/etc/cron\.(daily|weekly)/ntp-simple, /etc/cron\.(daily|weekly)/ntp-server, /usr/sbin/ntpd, /usr/sbin/ntpdate
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -56951,10 +57408,6 @@ index 0000000..ff6d5c6
+
+- Set files with the ntpd_exec_t type, if you want to transition an executable to the ntpd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/ntpd, /etc/cron\.(daily|weekly)/ntp-server, /etc/cron\.(daily|weekly)/ntp-simple
+
+.EX
+.PP
@@ -56971,10 +57424,6 @@ index 0000000..ff6d5c6
+
+- Set files with the ntpd_key_t type, if you want to treat the files as ntpd key data.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/ntp/crypto(/.*)?, /etc/ntp/keys
+
+.EX
+.PP
@@ -56983,10 +57432,6 @@ index 0000000..ff6d5c6
+
+- Set files with the ntpd_log_t type, if you want to treat the data as ntpd log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/ntpstats(/.*)?, /var/log/xntpd.*, /var/log/ntp.*
+
+.EX
+.PP
@@ -57142,17 +57587,19 @@ index 0000000..ff6d5c6
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ntpd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ntpd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/numad_selinux.8 b/man/man8/numad_selinux.8
new file mode 100644
-index 0000000..eeb28c0
+index 0000000..eda773e
--- /dev/null
+++ b/man/man8/numad_selinux.8
-@@ -0,0 +1,124 @@
-+.TH "numad_selinux" "8" "numad" "dwalsh at redhat.com" "numad SELinux Policy documentation"
+@@ -0,0 +1,126 @@
++.TH "numad_selinux" "8" "12-10-19" "numad" "SELinux Policy documentation for numad"
+.SH "NAME"
+numad_selinux \- Security Enhanced Linux Policy for the numad processes
+.SH "DESCRIPTION"
@@ -57272,17 +57719,19 @@ index 0000000..eeb28c0
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), numad(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), numad(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/nut_upsd_selinux.8 b/man/man8/nut_upsd_selinux.8
new file mode 100644
-index 0000000..9849ffd
+index 0000000..721a4d9
--- /dev/null
+++ b/man/man8/nut_upsd_selinux.8
-@@ -0,0 +1,121 @@
-+.TH "nut_upsd_selinux" "8" "nut_upsd" "dwalsh at redhat.com" "nut_upsd SELinux Policy documentation"
+@@ -0,0 +1,119 @@
++.TH "nut_upsd_selinux" "8" "12-10-19" "nut_upsd" "SELinux Policy documentation for nut_upsd"
+.SH "NAME"
+nut_upsd_selinux \- Security Enhanced Linux Policy for the nut_upsd processes
+.SH "DESCRIPTION"
@@ -57345,10 +57794,6 @@ index 0000000..9849ffd
+
+- Set files with the nut_upsdrvctl_exec_t type, if you want to transition an executable to the nut_upsdrvctl_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/upsdrvctl, /sbin/upsdrvctl
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -57398,19 +57843,21 @@ index 0000000..9849ffd
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nut_upsd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nut_upsd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nut_upsdrvctl_selinux(8), nut_upsmon_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nut_upsdrvctl_selinux.8 b/man/man8/nut_upsdrvctl_selinux.8
new file mode 100644
-index 0000000..6c6f730
+index 0000000..f6bbfce
--- /dev/null
+++ b/man/man8/nut_upsdrvctl_selinux.8
-@@ -0,0 +1,113 @@
-+.TH "nut_upsdrvctl_selinux" "8" "nut_upsdrvctl" "dwalsh at redhat.com" "nut_upsdrvctl SELinux Policy documentation"
+@@ -0,0 +1,111 @@
++.TH "nut_upsdrvctl_selinux" "8" "12-10-19" "nut_upsdrvctl" "SELinux Policy documentation for nut_upsdrvctl"
+.SH "NAME"
+nut_upsdrvctl_selinux \- Security Enhanced Linux Policy for the nut_upsdrvctl processes
+.SH "DESCRIPTION"
@@ -57428,7 +57875,7 @@ index 0000000..6c6f730
+
+The nut_upsdrvctl_t SELinux type can be entered via the "nut_upsdrvctl_exec_t" file type. The default entrypoint paths for the nut_upsdrvctl_t domain are the following:"
+
-+/usr/sbin/upsdrvctl, /sbin/upsdrvctl
++/sbin/upsdrvctl, /usr/sbin/upsdrvctl
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -57465,10 +57912,6 @@ index 0000000..6c6f730
+
+- Set files with the nut_upsdrvctl_exec_t type, if you want to transition an executable to the nut_upsdrvctl_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/upsdrvctl, /sbin/upsdrvctl
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -57518,19 +57961,21 @@ index 0000000..6c6f730
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nut_upsdrvctl(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nut_upsdrvctl(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nut_upsd_selinux(8), nut_upsd_selinux(8), nut_upsmon_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nut_upsmon_selinux.8 b/man/man8/nut_upsmon_selinux.8
new file mode 100644
-index 0000000..0628e55
+index 0000000..6b55c40
--- /dev/null
+++ b/man/man8/nut_upsmon_selinux.8
-@@ -0,0 +1,183 @@
-+.TH "nut_upsmon_selinux" "8" "nut_upsmon" "dwalsh at redhat.com" "nut_upsmon SELinux Policy documentation"
+@@ -0,0 +1,185 @@
++.TH "nut_upsmon_selinux" "8" "12-10-19" "nut_upsmon" "SELinux Policy documentation for nut_upsmon"
+.SH "NAME"
+nut_upsmon_selinux \- Security Enhanced Linux Policy for the nut_upsmon processes
+.SH "DESCRIPTION"
@@ -57630,10 +58075,10 @@ index 0000000..0628e55
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -57708,18 +58153,20 @@ index 0000000..0628e55
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nut_upsmon(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nut_upsmon(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, nut_upsd_selinux(8), nut_upsdrvctl_selinux(8)
\ No newline at end of file
diff --git a/man/man8/nx_server_selinux.8 b/man/man8/nx_server_selinux.8
new file mode 100644
-index 0000000..9640baa
+index 0000000..837cca0
--- /dev/null
+++ b/man/man8/nx_server_selinux.8
-@@ -0,0 +1,125 @@
+@@ -0,0 +1,129 @@
+.TH "nx_server_selinux" "8" "nx_server" "mgrepl at redhat.com" "nx_server SELinux Policy documentation"
+.SH "NAME"
+nx_server_r \- \fBnx_server user role\fP - Security Enhanced Linux Policy
@@ -57801,6 +58248,8 @@ index 0000000..9640baa
+
+ /root/\.ssh(/.*)?
+.br
++ /var/lib/openshift/[^/]+/\.ssh(/.*)?
++.br
+ /var/lib/amanda/\.ssh(/.*)?
+.br
+ /var/lib/stickshift/[^/]+/\.ssh(/.*)?
@@ -57841,17 +58290,19 @@ index 0000000..9640baa
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), nx_server(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), nx_server(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/obex_selinux.8 b/man/man8/obex_selinux.8
new file mode 100644
-index 0000000..40bb313
+index 0000000..5e777f8
--- /dev/null
+++ b/man/man8/obex_selinux.8
-@@ -0,0 +1,88 @@
-+.TH "obex_selinux" "8" "obex" "dwalsh at redhat.com" "obex SELinux Policy documentation"
+@@ -0,0 +1,86 @@
++.TH "obex_selinux" "8" "12-10-19" "obex" "SELinux Policy documentation for obex"
+.SH "NAME"
+obex_selinux \- Security Enhanced Linux Policy for the obex processes
+.SH "DESCRIPTION"
@@ -57914,10 +58365,6 @@ index 0000000..40bb313
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type obex_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -57935,17 +58382,19 @@ index 0000000..40bb313
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), obex(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), obex(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/oddjob_mkhomedir_selinux.8 b/man/man8/oddjob_mkhomedir_selinux.8
new file mode 100644
-index 0000000..9596017
+index 0000000..f619392
--- /dev/null
+++ b/man/man8/oddjob_mkhomedir_selinux.8
-@@ -0,0 +1,119 @@
-+.TH "oddjob_mkhomedir_selinux" "8" "oddjob_mkhomedir" "dwalsh at redhat.com" "oddjob_mkhomedir SELinux Policy documentation"
+@@ -0,0 +1,117 @@
++.TH "oddjob_mkhomedir_selinux" "8" "12-10-19" "oddjob_mkhomedir" "SELinux Policy documentation for oddjob_mkhomedir"
+.SH "NAME"
+oddjob_mkhomedir_selinux \- Security Enhanced Linux Policy for the oddjob_mkhomedir processes
+.SH "DESCRIPTION"
@@ -57963,7 +58412,7 @@ index 0000000..9596017
+
+The oddjob_mkhomedir_t SELinux type can be entered via the "oddjob_mkhomedir_exec_t" file type. The default entrypoint paths for the oddjob_mkhomedir_t domain are the following:"
+
-+/usr/libexec/oddjob/mkhomedir, /usr/lib/oddjob/mkhomedir
++/usr/lib/oddjob/mkhomedir, /usr/sbin/mkhomedir_helper, /usr/libexec/oddjob/mkhomedir
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -58000,10 +58449,6 @@ index 0000000..9596017
+
+- Set files with the oddjob_mkhomedir_exec_t type, if you want to transition an executable to the oddjob_mkhomedir_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/oddjob/mkhomedir, /usr/lib/oddjob/mkhomedir
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -58059,19 +58504,21 @@ index 0000000..9596017
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), oddjob_mkhomedir(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), oddjob_mkhomedir(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, oddjob_selinux(8), oddjob_selinux(8)
\ No newline at end of file
diff --git a/man/man8/oddjob_selinux.8 b/man/man8/oddjob_selinux.8
new file mode 100644
-index 0000000..9b761d1
+index 0000000..837278d
--- /dev/null
+++ b/man/man8/oddjob_selinux.8
-@@ -0,0 +1,149 @@
-+.TH "oddjob_selinux" "8" "oddjob" "dwalsh at redhat.com" "oddjob SELinux Policy documentation"
+@@ -0,0 +1,154 @@
++.TH "oddjob_selinux" "8" "12-10-19" "oddjob" "SELinux Policy documentation for oddjob"
+.SH "NAME"
+oddjob_selinux \- Security Enhanced Linux Policy for the oddjob processes
+.SH "DESCRIPTION"
@@ -58119,6 +58566,13 @@ index 0000000..9b761d1
+.B setsebool -P httpd_use_oddjob 1
+.EE
+
++.PP
++If you want to allow httpd to communicate with oddjob to start up a service, you must turn on the httpd_use_oddjob boolean.
++
++.EX
++.B setsebool -P httpd_use_oddjob 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -58145,10 +58599,6 @@ index 0000000..9b761d1
+
+- Set files with the oddjob_mkhomedir_exec_t type, if you want to transition an executable to the oddjob_mkhomedir_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/oddjob/mkhomedir, /usr/lib/oddjob/mkhomedir
+
+.EX
+.PP
@@ -58215,19 +58665,21 @@ index 0000000..9b761d1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), oddjob(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), oddjob(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), oddjob_mkhomedir_selinux(8)
\ No newline at end of file
diff --git a/man/man8/openct_selinux.8 b/man/man8/openct_selinux.8
new file mode 100644
-index 0000000..40c6bc9
+index 0000000..8cb1739
--- /dev/null
+++ b/man/man8/openct_selinux.8
-@@ -0,0 +1,110 @@
-+.TH "openct_selinux" "8" "openct" "dwalsh at redhat.com" "openct SELinux Policy documentation"
+@@ -0,0 +1,108 @@
++.TH "openct_selinux" "8" "12-10-19" "openct" "SELinux Policy documentation for openct"
+.SH "NAME"
+openct_selinux \- Security Enhanced Linux Policy for the openct processes
+.SH "DESCRIPTION"
@@ -58282,10 +58734,6 @@ index 0000000..40c6bc9
+
+- Set files with the openct_exec_t type, if you want to transition an executable to the openct_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/ifdhandler, /usr/sbin/openct-control
+
+.EX
+.PP
@@ -58333,17 +58781,19 @@ index 0000000..40c6bc9
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), openct(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), openct(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/openshift_cgroup_read_selinux.8 b/man/man8/openshift_cgroup_read_selinux.8
new file mode 100644
-index 0000000..a594edd
+index 0000000..1e648b4
--- /dev/null
+++ b/man/man8/openshift_cgroup_read_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "openshift_cgroup_read_selinux" "8" "openshift_cgroup_read" "dwalsh at redhat.com" "openshift_cgroup_read SELinux Policy documentation"
+@@ -0,0 +1,87 @@
++.TH "openshift_cgroup_read_selinux" "8" "12-10-19" "openshift_cgroup_read" "SELinux Policy documentation for openshift_cgroup_read"
+.SH "NAME"
+openshift_cgroup_read_selinux \- Security Enhanced Linux Policy for the openshift_cgroup_read processes
+.SH "DESCRIPTION"
@@ -58361,7 +58811,7 @@ index 0000000..a594edd
+
+The openshift_cgroup_read_t SELinux type can be entered via the "openshift_cgroup_read_exec_t" file type. The default entrypoint paths for the openshift_cgroup_read_t domain are the following:"
+
-+/usr/bin/rhc-cgroup-read
++/usr/bin/(oo|rhc)-cgroup-read
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -58406,10 +58856,6 @@ index 0000000..a594edd
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type openshift_cgroup_read_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -58427,19 +58873,21 @@ index 0000000..a594edd
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), openshift_cgroup_read(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), openshift_cgroup_read(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, openshift_initrc_selinux(8)
\ No newline at end of file
diff --git a/man/man8/openshift_initrc_selinux.8 b/man/man8/openshift_initrc_selinux.8
new file mode 100644
-index 0000000..7c72a08
+index 0000000..e42e9e2
--- /dev/null
+++ b/man/man8/openshift_initrc_selinux.8
-@@ -0,0 +1,107 @@
-+.TH "openshift_initrc_selinux" "8" "openshift_initrc" "dwalsh at redhat.com" "openshift_initrc SELinux Policy documentation"
+@@ -0,0 +1,105 @@
++.TH "openshift_initrc_selinux" "8" "12-10-19" "openshift_initrc" "SELinux Policy documentation for openshift_initrc"
+.SH "NAME"
+openshift_initrc_selinux \- Security Enhanced Linux Policy for the openshift_initrc processes
+.SH "DESCRIPTION"
@@ -58455,9 +58903,9 @@ index 0000000..7c72a08
+
+.SH "ENTRYPOINTS"
+
-+The openshift_initrc_t SELinux type can be entered via the "proc_type,file_type,mtrr_device_t,openshift_initrc_exec_t,sysctl_type,filesystem_type,unlabeled_t" file types. The default entrypoint paths for the openshift_initrc_t domain are the following:"
++The openshift_initrc_t SELinux type can be entered via the "unlabeled_t,proc_type,file_type,sysctl_type,mtrr_device_t,openshift_initrc_exec_t,filesystem_type" file types. The default entrypoint paths for the openshift_initrc_t domain are the following:"
+
-+/dev/cpu/mtrr, /usr/bin/rhc-restorer, /etc/rc\.d/init\.d/mcollective, /etc/rc\.d/init\.d/libra
++all files on the system, /dev/cpu/mtrr, /usr/bin/(oo|rhc)-restorer, /etc/rc\.d/init\.d/libra, /usr/bin/oo-admin-ctl-gears, /etc/rc\.d/init\.d/mcollective
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -58494,10 +58942,6 @@ index 0000000..7c72a08
+
+- Set files with the openshift_initrc_exec_t type, if you want to transition an executable to the openshift_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/rhc-restorer, /etc/rc\.d/init\.d/mcollective, /etc/rc\.d/init\.d/libra
+
+.EX
+.PP
@@ -58541,19 +58985,21 @@ index 0000000..7c72a08
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), openshift_initrc(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), openshift_initrc(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, openshift_cgroup_read_selinux(8)
\ No newline at end of file
diff --git a/man/man8/openvpn_selinux.8 b/man/man8/openvpn_selinux.8
new file mode 100644
-index 0000000..9b045d6
+index 0000000..ba95b2b
--- /dev/null
+++ b/man/man8/openvpn_selinux.8
-@@ -0,0 +1,307 @@
-+.TH "openvpn_selinux" "8" "openvpn" "dwalsh at redhat.com" "openvpn SELinux Policy documentation"
+@@ -0,0 +1,314 @@
++.TH "openvpn_selinux" "8" "12-10-19" "openvpn" "SELinux Policy documentation for openvpn"
+.SH "NAME"
+openvpn_selinux \- Security Enhanced Linux Policy for the openvpn processes
+.SH "DESCRIPTION"
@@ -58601,6 +59047,13 @@ index 0000000..9b045d6
+.B setsebool -P openvpn_enable_homedirs 1
+.EE
+
++.PP
++If you want to allow openvpn to read home directories, you must turn on the openvpn_enable_homedirs boolean.
++
++.EX
++.B setsebool -P openvpn_enable_homedirs 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -58667,10 +59120,6 @@ index 0000000..9b045d6
+
+- Set files with the openvpn_var_run_t type, if you want to store the openvpn files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/openvpn(/.*)?, /var/run/openvpn\.client.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -58727,6 +59176,8 @@ index 0000000..9b045d6
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -58855,19 +59306,21 @@ index 0000000..9b045d6
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), openvpn(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), openvpn(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/pacemaker_selinux.8 b/man/man8/pacemaker_selinux.8
new file mode 100644
-index 0000000..41d4bf5
+index 0000000..fd6ed2c
--- /dev/null
+++ b/man/man8/pacemaker_selinux.8
-@@ -0,0 +1,152 @@
-+.TH "pacemaker_selinux" "8" "pacemaker" "dwalsh at redhat.com" "pacemaker SELinux Policy documentation"
+@@ -0,0 +1,150 @@
++.TH "pacemaker_selinux" "8" "12-10-19" "pacemaker" "SELinux Policy documentation for pacemaker"
+.SH "NAME"
+pacemaker_selinux \- Security Enhanced Linux Policy for the pacemaker processes
+.SH "DESCRIPTION"
@@ -58946,10 +59399,6 @@ index 0000000..41d4bf5
+
+- Set files with the pacemaker_var_lib_t type, if you want to store the pacemaker files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/pengine(/.*)?, /var/lib/heartbeat/crm(/.*)?
+
+.EX
+.PP
@@ -59015,17 +59464,19 @@ index 0000000..41d4bf5
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), pacemaker(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), pacemaker(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/pads_selinux.8 b/man/man8/pads_selinux.8
new file mode 100644
-index 0000000..7bcd0e1
+index 0000000..92993ef
--- /dev/null
+++ b/man/man8/pads_selinux.8
-@@ -0,0 +1,142 @@
-+.TH "pads_selinux" "8" "pads" "dwalsh at redhat.com" "pads SELinux Policy documentation"
+@@ -0,0 +1,140 @@
++.TH "pads_selinux" "8" "12-10-19" "pads" "SELinux Policy documentation for pads"
+.SH "NAME"
+pads_selinux \- Security Enhanced Linux Policy for the pads processes
+.SH "DESCRIPTION"
@@ -59080,10 +59531,6 @@ index 0000000..7bcd0e1
+
+- Set files with the pads_config_t type, if you want to treat the files as pads configuration data, usually stored under the /etc directory.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/pads-assets.csv, /etc/pads-ether-codes, /etc/pads\.conf, /etc/pads-signature-list
+
+.EX
+.PP
@@ -59163,17 +59610,19 @@ index 0000000..7bcd0e1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), pads(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), pads(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/pam_console_selinux.8 b/man/man8/pam_console_selinux.8
new file mode 100644
-index 0000000..cb82cbb
+index 0000000..5541f20
--- /dev/null
+++ b/man/man8/pam_console_selinux.8
-@@ -0,0 +1,107 @@
-+.TH "pam_console_selinux" "8" "pam_console" "dwalsh at redhat.com" "pam_console SELinux Policy documentation"
+@@ -0,0 +1,101 @@
++.TH "pam_console_selinux" "8" "12-10-19" "pam_console" "SELinux Policy documentation for pam_console"
+.SH "NAME"
+pam_console_selinux \- Security Enhanced Linux Policy for the pam_console processes
+.SH "DESCRIPTION"
@@ -59228,10 +59677,6 @@ index 0000000..cb82cbb
+
+- Set files with the pam_console_exec_t type, if you want to transition an executable to the pam_console_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/pam_console_apply, /usr/sbin/pam_console_apply
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -59240,10 +59685,6 @@ index 0000000..cb82cbb
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type pam_console_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -59275,19 +59716,21 @@ index 0000000..cb82cbb
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), pam_console(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), pam_console(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, pam_timestamp_selinux(8)
\ No newline at end of file
diff --git a/man/man8/pam_timestamp_selinux.8 b/man/man8/pam_timestamp_selinux.8
new file mode 100644
-index 0000000..59c55cc
+index 0000000..c6ed7bf
--- /dev/null
+++ b/man/man8/pam_timestamp_selinux.8
-@@ -0,0 +1,119 @@
-+.TH "pam_timestamp_selinux" "8" "pam_timestamp" "dwalsh at redhat.com" "pam_timestamp SELinux Policy documentation"
+@@ -0,0 +1,117 @@
++.TH "pam_timestamp_selinux" "8" "12-10-19" "pam_timestamp" "SELinux Policy documentation for pam_timestamp"
+.SH "NAME"
+pam_timestamp_selinux \- Security Enhanced Linux Policy for the pam_timestamp processes
+.SH "DESCRIPTION"
@@ -59342,10 +59785,6 @@ index 0000000..59c55cc
+
+- Set files with the pam_timestamp_exec_t type, if you want to transition an executable to the pam_timestamp_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/pam_timestamp_check, /usr/sbin/pam_timestamp_check
+
+.EX
+.PP
@@ -59401,19 +59840,21 @@ index 0000000..59c55cc
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), pam_timestamp(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), pam_timestamp(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, pam_console_selinux(8)
\ No newline at end of file
diff --git a/man/man8/passenger_selinux.8 b/man/man8/passenger_selinux.8
new file mode 100644
-index 0000000..731330b
+index 0000000..95e71d2
--- /dev/null
+++ b/man/man8/passenger_selinux.8
-@@ -0,0 +1,172 @@
-+.TH "passenger_selinux" "8" "passenger" "dwalsh at redhat.com" "passenger SELinux Policy documentation"
+@@ -0,0 +1,166 @@
++.TH "passenger_selinux" "8" "12-10-19" "passenger" "SELinux Policy documentation for passenger"
+.SH "NAME"
+passenger_selinux \- Security Enhanced Linux Policy for the passenger processes
+.SH "DESCRIPTION"
@@ -59431,7 +59872,7 @@ index 0000000..731330b
+
+The passenger_t SELinux type can be entered via the "passenger_exec_t" file type. The default entrypoint paths for the passenger_t domain are the following:"
+
-+/usr/share/gems/.*/ApplicationPoolServerExecutable, /usr/lib/gems/.*/Passenger.*, /usr/share/gems/.*/Passenger.*, /usr/lib/gems/.*/ApplicationPoolServerExecutable
++/usr/lib/gems/.*/Passenger.*, /usr/lib/gems/.*/ApplicationPoolServerExecutable, /usr/share/gems/.*/Passenger.*, /usr/share/gems/.*/ApplicationPoolServerExecutable
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -59468,10 +59909,6 @@ index 0000000..731330b
+
+- Set files with the passenger_exec_t type, if you want to transition an executable to the passenger_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/gems/.*/ApplicationPoolServerExecutable, /usr/lib/gems/.*/Passenger.*, /usr/share/gems/.*/Passenger.*, /usr/lib/gems/.*/ApplicationPoolServerExecutable
+
+.EX
+.PP
@@ -59480,10 +59917,6 @@ index 0000000..731330b
+
+- Set files with the passenger_log_t type, if you want to treat the data as passenger log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/passenger.*, /var/log/passenger(/.*)?
+
+.EX
+.PP
@@ -59581,17 +60014,19 @@ index 0000000..731330b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), passenger(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), passenger(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/passwd_selinux.8 b/man/man8/passwd_selinux.8
new file mode 100644
-index 0000000..20f2645
+index 0000000..63df2e7
--- /dev/null
+++ b/man/man8/passwd_selinux.8
-@@ -0,0 +1,212 @@
-+.TH "passwd_selinux" "8" "passwd" "dwalsh at redhat.com" "passwd SELinux Policy documentation"
+@@ -0,0 +1,208 @@
++.TH "passwd_selinux" "8" "12-10-19" "passwd" "SELinux Policy documentation for passwd"
+.SH "NAME"
+passwd_selinux \- Security Enhanced Linux Policy for the passwd processes
+.SH "DESCRIPTION"
@@ -59609,7 +60044,7 @@ index 0000000..20f2645
+
+The passwd_t SELinux type can be entered via the "passwd_exec_t" file type. The default entrypoint paths for the passwd_t domain are the following:"
+
-+/usr/bin/passwd, /usr/bin/chage
++/usr/bin/chage, /usr/bin/passwd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -59646,10 +60081,6 @@ index 0000000..20f2645
+
+- Set files with the passwd_exec_t type, if you want to transition an executable to the passwd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/passwd, /usr/bin/chage
+
+.EX
+.PP
@@ -59658,10 +60089,6 @@ index 0000000..20f2645
+
+- Set files with the passwd_file_t type, if you want to treat the files as passwd content.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/passwd\.OLD, /etc/ptmptmp, /etc/group[-\+]?, /etc/passwd[-\+]?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -59693,6 +60120,8 @@ index 0000000..20f2645
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -59799,17 +60228,19 @@ index 0000000..20f2645
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), passwd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), passwd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/pcscd_selinux.8 b/man/man8/pcscd_selinux.8
new file mode 100644
-index 0000000..538030f
+index 0000000..6f21ece
--- /dev/null
+++ b/man/man8/pcscd_selinux.8
-@@ -0,0 +1,118 @@
-+.TH "pcscd_selinux" "8" "pcscd" "dwalsh at redhat.com" "pcscd SELinux Policy documentation"
+@@ -0,0 +1,116 @@
++.TH "pcscd_selinux" "8" "12-10-19" "pcscd" "SELinux Policy documentation for pcscd"
+.SH "NAME"
+pcscd_selinux \- Security Enhanced Linux Policy for the pcscd processes
+.SH "DESCRIPTION"
@@ -59872,10 +60303,6 @@ index 0000000..538030f
+
+- Set files with the pcscd_var_run_t type, if you want to store the pcscd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/pcscd\.pid, /var/run/pcscd\.comm, /var/run/pcscd\.events(/.*)?, /var/run/pcscd\.pub, /var/run/pcscd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -59923,17 +60350,19 @@ index 0000000..538030f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), pcscd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), pcscd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/pegasus_selinux.8 b/man/man8/pegasus_selinux.8
new file mode 100644
-index 0000000..a249ffd
+index 0000000..2f672cd
--- /dev/null
+++ b/man/man8/pegasus_selinux.8
-@@ -0,0 +1,285 @@
-+.TH "pegasus_selinux" "8" "pegasus" "dwalsh at redhat.com" "pegasus SELinux Policy documentation"
+@@ -0,0 +1,279 @@
++.TH "pegasus_selinux" "8" "12-10-19" "pegasus" "SELinux Policy documentation for pegasus"
+.SH "NAME"
+pegasus_selinux \- Security Enhanced Linux Policy for the pegasus processes
+.SH "DESCRIPTION"
@@ -59951,7 +60380,7 @@ index 0000000..a249ffd
+
+The pegasus_t SELinux type can be entered via the "pegasus_exec_t" file type. The default entrypoint paths for the pegasus_t domain are the following:"
+
-+/usr/sbin/init_repository, /usr/sbin/cimserver
++/usr/sbin/cimserver, /usr/sbin/init_repository
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -60004,10 +60433,6 @@ index 0000000..a249ffd
+
+- Set files with the pegasus_data_t type, if you want to treat the files as pegasus content.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/Pegasus/pegasus_current\.conf, /var/lib/Pegasus(/.*)?
+
+.EX
+.PP
@@ -60016,10 +60441,6 @@ index 0000000..a249ffd
+
+- Set files with the pegasus_exec_t type, if you want to transition an executable to the pegasus_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/init_repository, /usr/sbin/cimserver
+
+.EX
+.PP
@@ -60214,17 +60635,19 @@ index 0000000..a249ffd
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), pegasus(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), pegasus(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/phpfpm_selinux.8 b/man/man8/phpfpm_selinux.8
new file mode 100644
-index 0000000..dc7297c
+index 0000000..28e06cf
--- /dev/null
+++ b/man/man8/phpfpm_selinux.8
-@@ -0,0 +1,138 @@
-+.TH "phpfpm_selinux" "8" "phpfpm" "dwalsh at redhat.com" "phpfpm SELinux Policy documentation"
+@@ -0,0 +1,140 @@
++.TH "phpfpm_selinux" "8" "12-10-19" "phpfpm" "SELinux Policy documentation for phpfpm"
+.SH "NAME"
+phpfpm_selinux \- Security Enhanced Linux Policy for the phpfpm processes
+.SH "DESCRIPTION"
@@ -60358,17 +60781,19 @@ index 0000000..dc7297c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), phpfpm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), phpfpm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ping_selinux.8 b/man/man8/ping_selinux.8
new file mode 100644
-index 0000000..7d6ea3c
+index 0000000..a84179c
--- /dev/null
+++ b/man/man8/ping_selinux.8
-@@ -0,0 +1,175 @@
-+.TH "ping_selinux" "8" "ping" "dwalsh at redhat.com" "ping SELinux Policy documentation"
+@@ -0,0 +1,180 @@
++.TH "ping_selinux" "8" "12-10-19" "ping" "SELinux Policy documentation for ping"
+.SH "NAME"
+ping_selinux \- Security Enhanced Linux Policy for the ping processes
+.SH "DESCRIPTION"
@@ -60386,7 +60811,7 @@ index 0000000..7d6ea3c
+
+The ping_t SELinux type can be entered via the "ping_exec_t" file type. The default entrypoint paths for the ping_t domain are the following:"
+
-+/usr/bin/ping.*, /usr/sbin/hping2, /usr/sbin/fping.*, /bin/ping.*, /usr/sbin/send_arp
++/bin/ping.*, /usr/bin/ping.*, /usr/sbin/fping.*, /usr/sbin/hping2, /usr/sbin/send_arp
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -60416,6 +60841,13 @@ index 0000000..7d6ea3c
+.B setsebool -P selinuxuser_ping 1
+.EE
+
++.PP
++If you want to allow confined users the ability to execute the ping and traceroute commands, you must turn on the selinuxuser_ping boolean.
++
++.EX
++.B setsebool -P selinuxuser_ping 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -60434,10 +60866,6 @@ index 0000000..7d6ea3c
+
+- Set files with the ping_exec_t type, if you want to transition an executable to the ping_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/ping.*, /usr/sbin/hping2, /usr/sbin/fping.*, /bin/ping.*, /usr/sbin/send_arp
+
+.EX
+.PP
@@ -60538,19 +60966,21 @@ index 0000000..7d6ea3c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ping(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ping(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), pingd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/pingd_selinux.8 b/man/man8/pingd_selinux.8
new file mode 100644
-index 0000000..e313ff3
+index 0000000..28ae51c
--- /dev/null
+++ b/man/man8/pingd_selinux.8
-@@ -0,0 +1,167 @@
-+.TH "pingd_selinux" "8" "pingd" "dwalsh at redhat.com" "pingd SELinux Policy documentation"
+@@ -0,0 +1,172 @@
++.TH "pingd_selinux" "8" "12-10-19" "pingd" "SELinux Policy documentation for pingd"
+.SH "NAME"
+pingd_selinux \- Security Enhanced Linux Policy for the pingd processes
+.SH "DESCRIPTION"
@@ -60598,6 +61028,13 @@ index 0000000..e313ff3
+.B setsebool -P selinuxuser_ping 1
+.EE
+
++.PP
++If you want to allow confined users the ability to execute the ping and traceroute commands, you must turn on the selinuxuser_ping boolean.
++
++.EX
++.B setsebool -P selinuxuser_ping 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -60671,10 +61108,6 @@ index 0000000..e313ff3
+Default Defined Ports:
+tcp 9125
+.EE
-+.SH "MANAGED FILES"
-+
-+The SELinux process type pingd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -60712,19 +61145,21 @@ index 0000000..e313ff3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), pingd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), pingd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), ping_selinux(8), ping_selinux(8)
\ No newline at end of file
diff --git a/man/man8/piranha_fos_selinux.8 b/man/man8/piranha_fos_selinux.8
new file mode 100644
-index 0000000..e2eb49c
+index 0000000..070fa48
--- /dev/null
+++ b/man/man8/piranha_fos_selinux.8
-@@ -0,0 +1,117 @@
-+.TH "piranha_fos_selinux" "8" "piranha_fos" "dwalsh at redhat.com" "piranha_fos SELinux Policy documentation"
+@@ -0,0 +1,119 @@
++.TH "piranha_fos_selinux" "8" "12-10-19" "piranha_fos" "SELinux Policy documentation for piranha_fos"
+.SH "NAME"
+piranha_fos_selinux \- Security Enhanced Linux Policy for the piranha_fos processes
+.SH "DESCRIPTION"
@@ -60836,19 +61271,21 @@ index 0000000..e2eb49c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), piranha_fos(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), piranha_fos(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, piranha_lvs_selinux(8), piranha_pulse_selinux(8), piranha_web_selinux(8)
\ No newline at end of file
diff --git a/man/man8/piranha_lvs_selinux.8 b/man/man8/piranha_lvs_selinux.8
new file mode 100644
-index 0000000..66e33aa
+index 0000000..b28e9fc
--- /dev/null
+++ b/man/man8/piranha_lvs_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "piranha_lvs_selinux" "8" "piranha_lvs" "dwalsh at redhat.com" "piranha_lvs SELinux Policy documentation"
+@@ -0,0 +1,140 @@
++.TH "piranha_lvs_selinux" "8" "12-10-19" "piranha_lvs" "SELinux Policy documentation for piranha_lvs"
+.SH "NAME"
+piranha_lvs_selinux \- Security Enhanced Linux Policy for the piranha_lvs processes
+.SH "DESCRIPTION"
@@ -60896,6 +61333,13 @@ index 0000000..66e33aa
+.B setsebool -P piranha_lvs_can_network_connect 1
+.EE
+
++.PP
++If you want to allow piranha-lvs domain to connect to the network using TCP, you must turn on the piranha_lvs_can_network_connect boolean.
++
++.EX
++.B setsebool -P piranha_lvs_can_network_connect 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -60974,19 +61418,21 @@ index 0000000..66e33aa
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), piranha_lvs(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), piranha_lvs(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), piranha_fos_selinux(8), piranha_pulse_selinux(8), piranha_web_selinux(8)
\ No newline at end of file
diff --git a/man/man8/piranha_pulse_selinux.8 b/man/man8/piranha_pulse_selinux.8
new file mode 100644
-index 0000000..5cfee79
+index 0000000..f550c5b
--- /dev/null
+++ b/man/man8/piranha_pulse_selinux.8
-@@ -0,0 +1,149 @@
-+.TH "piranha_pulse_selinux" "8" "piranha_pulse" "dwalsh at redhat.com" "piranha_pulse SELinux Policy documentation"
+@@ -0,0 +1,151 @@
++.TH "piranha_pulse_selinux" "8" "12-10-19" "piranha_pulse" "SELinux Policy documentation for piranha_pulse"
+.SH "NAME"
+piranha_pulse_selinux \- Security Enhanced Linux Policy for the piranha_pulse processes
+.SH "DESCRIPTION"
@@ -61130,19 +61576,21 @@ index 0000000..5cfee79
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), piranha_pulse(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), piranha_pulse(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, piranha_fos_selinux(8), piranha_lvs_selinux(8), piranha_web_selinux(8)
\ No newline at end of file
diff --git a/man/man8/piranha_web_selinux.8 b/man/man8/piranha_web_selinux.8
new file mode 100644
-index 0000000..628f57e
+index 0000000..043ecca
--- /dev/null
+++ b/man/man8/piranha_web_selinux.8
-@@ -0,0 +1,179 @@
-+.TH "piranha_web_selinux" "8" "piranha_web" "dwalsh at redhat.com" "piranha_web SELinux Policy documentation"
+@@ -0,0 +1,177 @@
++.TH "piranha_web_selinux" "8" "12-10-19" "piranha_web" "SELinux Policy documentation for piranha_web"
+.SH "NAME"
+piranha_web_selinux \- Security Enhanced Linux Policy for the piranha_web processes
+.SH "DESCRIPTION"
@@ -61197,10 +61645,6 @@ index 0000000..628f57e
+
+- Set files with the piranha_web_conf_t type, if you want to treat the files as piranha web configuration data, usually stored under the /etc directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/luci/etc(/.*)?, /var/lib/luci/cert(/.*)?
+
+.EX
+.PP
@@ -61316,19 +61760,21 @@ index 0000000..628f57e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), piranha_web(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), piranha_web(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, piranha_fos_selinux(8), piranha_lvs_selinux(8), piranha_pulse_selinux(8)
\ No newline at end of file
diff --git a/man/man8/pkcsslotd_selinux.8 b/man/man8/pkcsslotd_selinux.8
new file mode 100644
-index 0000000..58418e3
+index 0000000..97e6507
--- /dev/null
+++ b/man/man8/pkcsslotd_selinux.8
-@@ -0,0 +1,146 @@
-+.TH "pkcsslotd_selinux" "8" "pkcsslotd" "dwalsh at redhat.com" "pkcsslotd SELinux Policy documentation"
+@@ -0,0 +1,148 @@
++.TH "pkcsslotd_selinux" "8" "12-10-19" "pkcsslotd" "SELinux Policy documentation for pkcsslotd"
+.SH "NAME"
+pkcsslotd_selinux \- Security Enhanced Linux Policy for the pkcsslotd processes
+.SH "DESCRIPTION"
@@ -61470,17 +61916,19 @@ index 0000000..58418e3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), pkcsslotd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), pkcsslotd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/plymouth_selinux.8 b/man/man8/plymouth_selinux.8
new file mode 100644
-index 0000000..632125a
+index 0000000..d9637a7
--- /dev/null
+++ b/man/man8/plymouth_selinux.8
-@@ -0,0 +1,137 @@
-+.TH "plymouth_selinux" "8" "plymouth" "dwalsh at redhat.com" "plymouth SELinux Policy documentation"
+@@ -0,0 +1,127 @@
++.TH "plymouth_selinux" "8" "12-10-19" "plymouth" "SELinux Policy documentation for plymouth"
+.SH "NAME"
+plymouth_selinux \- Security Enhanced Linux Policy for the plymouth processes
+.SH "DESCRIPTION"
@@ -61535,10 +61983,6 @@ index 0000000..632125a
+
+- Set files with the plymouth_exec_t type, if you want to transition an executable to the plymouth_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/bin/plymouth, /usr/bin/plymouth
+
+.EX
+.PP
@@ -61547,10 +61991,6 @@ index 0000000..632125a
+
+- Set files with the plymouthd_exec_t type, if you want to transition an executable to the plymouthd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/plymouthd, /usr/sbin/plymouthd
+
+.EX
+.PP
@@ -61591,10 +62031,6 @@ index 0000000..632125a
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type plymouth_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -61612,19 +62048,21 @@ index 0000000..632125a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), plymouth(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), plymouth(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, plymouthd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/plymouthd_selinux.8 b/man/man8/plymouthd_selinux.8
new file mode 100644
-index 0000000..006e0eb
+index 0000000..534d2c7
--- /dev/null
+++ b/man/man8/plymouthd_selinux.8
-@@ -0,0 +1,159 @@
-+.TH "plymouthd_selinux" "8" "plymouthd" "dwalsh at redhat.com" "plymouthd SELinux Policy documentation"
+@@ -0,0 +1,161 @@
++.TH "plymouthd_selinux" "8" "12-10-19" "plymouthd" "SELinux Policy documentation for plymouthd"
+.SH "NAME"
+plymouthd_selinux \- Security Enhanced Linux Policy for the plymouthd processes
+.SH "DESCRIPTION"
@@ -61679,10 +62117,6 @@ index 0000000..006e0eb
+
+- Set files with the plymouthd_exec_t type, if you want to transition an executable to the plymouthd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/plymouthd, /usr/sbin/plymouthd
+
+.EX
+.PP
@@ -61748,6 +62182,10 @@ index 0000000..006e0eb
+.br
+.B plymouthd_var_log_t
+
++ /var/run/boot\.log
++.br
++ /var/spool/plymouth/boot\.log
++.br
+
+.br
+.B plymouthd_var_run_t
@@ -61778,19 +62216,21 @@ index 0000000..006e0eb
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), plymouthd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), plymouthd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, plymouth_selinux(8), plymouth_selinux(8)
\ No newline at end of file
diff --git a/man/man8/podsleuth_selinux.8 b/man/man8/podsleuth_selinux.8
new file mode 100644
-index 0000000..a823c27
+index 0000000..87e5014
--- /dev/null
+++ b/man/man8/podsleuth_selinux.8
-@@ -0,0 +1,130 @@
-+.TH "podsleuth_selinux" "8" "podsleuth" "dwalsh at redhat.com" "podsleuth SELinux Policy documentation"
+@@ -0,0 +1,128 @@
++.TH "podsleuth_selinux" "8" "12-10-19" "podsleuth" "SELinux Policy documentation for podsleuth"
+.SH "NAME"
+podsleuth_selinux \- Security Enhanced Linux Policy for the podsleuth processes
+.SH "DESCRIPTION"
@@ -61853,10 +62293,6 @@ index 0000000..a823c27
+
+- Set files with the podsleuth_exec_t type, if you want to transition an executable to the podsleuth_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/podsleuth, /usr/libexec/hal-podsleuth
+
+.EX
+.PP
@@ -61916,17 +62352,19 @@ index 0000000..a823c27
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), podsleuth(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), podsleuth(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/policykit_auth_selinux.8 b/man/man8/policykit_auth_selinux.8
new file mode 100644
-index 0000000..aca2876
+index 0000000..08f9cd3
--- /dev/null
+++ b/man/man8/policykit_auth_selinux.8
@@ -0,0 +1,207 @@
-+.TH "policykit_auth_selinux" "8" "policykit_auth" "dwalsh at redhat.com" "policykit_auth SELinux Policy documentation"
++.TH "policykit_auth_selinux" "8" "12-10-19" "policykit_auth" "SELinux Policy documentation for policykit_auth"
+.SH "NAME"
+policykit_auth_selinux \- Security Enhanced Linux Policy for the policykit_auth processes
+.SH "DESCRIPTION"
@@ -61944,7 +62382,7 @@ index 0000000..aca2876
+
+The policykit_auth_t SELinux type can be entered via the "policykit_auth_exec_t" file type. The default entrypoint paths for the policykit_auth_t domain are the following:"
+
-+/usr/libexec/polkit-read-auth-helper, /usr/libexec/polkit-1/polkit-agent-helper-1, /usr/lib/polkit-1/polkit-agent-helper-1, /usr/lib/policykit/polkit-read-auth-helper
++/usr/libexec/polkit-read-auth-helper, /usr/lib/polkit-1/polkit-agent-helper-1, /usr/lib/policykit/polkit-read-auth-helper, /usr/libexec/polkit-1/polkit-agent-helper-1
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -61981,10 +62419,6 @@ index 0000000..aca2876
+
+- Set files with the policykit_auth_exec_t type, if you want to transition an executable to the policykit_auth_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/polkit-read-auth-helper, /usr/libexec/polkit-1/polkit-agent-helper-1, /usr/lib/polkit-1/polkit-agent-helper-1, /usr/lib/policykit/polkit-read-auth-helper
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -62016,6 +62450,8 @@ index 0000000..aca2876
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -62128,19 +62564,21 @@ index 0000000..aca2876
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), policykit_auth(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), policykit_auth(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, policykit_selinux(8), policykit_selinux(8), policykit_grant_selinux(8), policykit_resolve_selinux(8)
\ No newline at end of file
diff --git a/man/man8/policykit_grant_selinux.8 b/man/man8/policykit_grant_selinux.8
new file mode 100644
-index 0000000..043ee2f
+index 0000000..caff4ee
--- /dev/null
+++ b/man/man8/policykit_grant_selinux.8
-@@ -0,0 +1,159 @@
-+.TH "policykit_grant_selinux" "8" "policykit_grant" "dwalsh at redhat.com" "policykit_grant SELinux Policy documentation"
+@@ -0,0 +1,157 @@
++.TH "policykit_grant_selinux" "8" "12-10-19" "policykit_grant" "SELinux Policy documentation for policykit_grant"
+.SH "NAME"
+policykit_grant_selinux \- Security Enhanced Linux Policy for the policykit_grant processes
+.SH "DESCRIPTION"
@@ -62195,10 +62633,6 @@ index 0000000..043ee2f
+
+- Set files with the policykit_grant_exec_t type, if you want to transition an executable to the policykit_grant_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/polkit-grant-helper.*, /usr/lib/policykit/polkit-grant-helper.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -62294,19 +62728,21 @@ index 0000000..043ee2f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), policykit_grant(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), policykit_grant(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, policykit_selinux(8), policykit_selinux(8), policykit_auth_selinux(8), policykit_resolve_selinux(8)
\ No newline at end of file
diff --git a/man/man8/policykit_resolve_selinux.8 b/man/man8/policykit_resolve_selinux.8
new file mode 100644
-index 0000000..6a2b1b2
+index 0000000..6a4ca2c
--- /dev/null
+++ b/man/man8/policykit_resolve_selinux.8
-@@ -0,0 +1,107 @@
-+.TH "policykit_resolve_selinux" "8" "policykit_resolve" "dwalsh at redhat.com" "policykit_resolve SELinux Policy documentation"
+@@ -0,0 +1,101 @@
++.TH "policykit_resolve_selinux" "8" "12-10-19" "policykit_resolve" "SELinux Policy documentation for policykit_resolve"
+.SH "NAME"
+policykit_resolve_selinux \- Security Enhanced Linux Policy for the policykit_resolve processes
+.SH "DESCRIPTION"
@@ -62324,7 +62760,7 @@ index 0000000..6a2b1b2
+
+The policykit_resolve_t SELinux type can be entered via the "policykit_resolve_exec_t" file type. The default entrypoint paths for the policykit_resolve_t domain are the following:"
+
-+/usr/lib/policykit/polkit-resolve-exe-helper.*, /usr/libexec/polkit-resolve-exe-helper.*
++/usr/libexec/polkit-resolve-exe-helper.*, /usr/lib/policykit/polkit-resolve-exe-helper.*
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -62361,10 +62797,6 @@ index 0000000..6a2b1b2
+
+- Set files with the policykit_resolve_exec_t type, if you want to transition an executable to the policykit_resolve_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/policykit/polkit-resolve-exe-helper.*, /usr/libexec/polkit-resolve-exe-helper.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -62373,10 +62805,6 @@ index 0000000..6a2b1b2
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type policykit_resolve_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -62408,19 +62836,21 @@ index 0000000..6a2b1b2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), policykit_resolve(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), policykit_resolve(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, policykit_selinux(8), policykit_selinux(8), policykit_auth_selinux(8), policykit_grant_selinux(8)
\ No newline at end of file
diff --git a/man/man8/policykit_selinux.8 b/man/man8/policykit_selinux.8
new file mode 100644
-index 0000000..4a9451b
+index 0000000..9acc9fa
--- /dev/null
+++ b/man/man8/policykit_selinux.8
-@@ -0,0 +1,229 @@
-+.TH "policykit_selinux" "8" "policykit" "dwalsh at redhat.com" "policykit SELinux Policy documentation"
+@@ -0,0 +1,213 @@
++.TH "policykit_selinux" "8" "12-10-19" "policykit" "SELinux Policy documentation for policykit"
+.SH "NAME"
+policykit_selinux \- Security Enhanced Linux Policy for the policykit processes
+.SH "DESCRIPTION"
@@ -62438,7 +62868,7 @@ index 0000000..4a9451b
+
+The policykit_t SELinux type can be entered via the "policykit_exec_t" file type. The default entrypoint paths for the policykit_t domain are the following:"
+
-+/usr/lib/polkit-1/polkitd, /usr/libexec/polkitd.*, /usr/libexec/polkit-1/polkitd.*, /usr/lib/policykit/polkitd
++/usr/libexec/polkitd.*, /usr/libexec/polkit-1/polkitd.*, /usr/lib/polkit-1/polkitd, /usr/lib/policykit/polkitd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -62475,10 +62905,6 @@ index 0000000..4a9451b
+
+- Set files with the policykit_auth_exec_t type, if you want to transition an executable to the policykit_auth_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/polkit-read-auth-helper, /usr/libexec/polkit-1/polkit-agent-helper-1, /usr/lib/polkit-1/polkit-agent-helper-1, /usr/lib/policykit/polkit-read-auth-helper
+
+.EX
+.PP
@@ -62487,10 +62913,6 @@ index 0000000..4a9451b
+
+- Set files with the policykit_exec_t type, if you want to transition an executable to the policykit_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/polkit-1/polkitd, /usr/libexec/polkitd.*, /usr/libexec/polkit-1/polkitd.*, /usr/lib/policykit/polkitd
+
+.EX
+.PP
@@ -62499,10 +62921,6 @@ index 0000000..4a9451b
+
+- Set files with the policykit_grant_exec_t type, if you want to transition an executable to the policykit_grant_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/polkit-grant-helper.*, /usr/lib/policykit/polkit-grant-helper.*
+
+.EX
+.PP
@@ -62519,10 +62937,6 @@ index 0000000..4a9451b
+
+- Set files with the policykit_resolve_exec_t type, if you want to transition an executable to the policykit_resolve_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/policykit/polkit-resolve-exe-helper.*, /usr/libexec/polkit-resolve-exe-helper.*
+
+.EX
+.PP
@@ -62539,10 +62953,6 @@ index 0000000..4a9451b
+
+- Set files with the policykit_var_lib_t type, if you want to store the policykit files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/PolicyKit-public(/.*)?, /var/lib/PolicyKit(/.*)?, /var/lib/polkit-1(/.*)?
+
+.EX
+.PP
@@ -62570,6 +62980,8 @@ index 0000000..4a9451b
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -62644,19 +63056,21 @@ index 0000000..4a9451b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), policykit(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), policykit(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, policykit_auth_selinux(8), policykit_grant_selinux(8), policykit_resolve_selinux(8)
\ No newline at end of file
diff --git a/man/man8/polipo_selinux.8 b/man/man8/polipo_selinux.8
new file mode 100644
-index 0000000..9ee292a
+index 0000000..4679fc4
--- /dev/null
+++ b/man/man8/polipo_selinux.8
-@@ -0,0 +1,227 @@
-+.TH "polipo_selinux" "8" "polipo" "dwalsh at redhat.com" "polipo SELinux Policy documentation"
+@@ -0,0 +1,264 @@
++.TH "polipo_selinux" "8" "12-10-19" "polipo" "SELinux Policy documentation for polipo"
+.SH "NAME"
+polipo_selinux \- Security Enhanced Linux Policy for the polipo processes
+.SH "DESCRIPTION"
@@ -62698,10 +63112,17 @@ index 0000000..9ee292a
+
+
+.PP
-+If you want to allow polipo to connect to all ports > 1023, you must turn on the polipo_connect_all_unreserved boolean.
++If you want to determine whether calling user domains can execute Polipo daemon in the polipo_session_t domain, you must turn on the polipo_session_users boolean.
+
+.EX
-+.B setsebool -P polipo_connect_all_unreserved 1
++.B setsebool -P polipo_session_users 1
++.EE
++
++.PP
++If you want to determine whether Polipo can access nfs file systems, you must turn on the polipo_use_nfs boolean.
++
++.EX
++.B setsebool -P polipo_use_nfs 1
+.EE
+
+.PP
@@ -62719,6 +63140,13 @@ index 0000000..9ee292a
+.EE
+
+.PP
++If you want to allow polipo to connect to all ports > 1023, you must turn on the polipo_connect_all_unreserved boolean.
++
++.EX
++.B setsebool -P polipo_connect_all_unreserved 1
++.EE
++
++.PP
+If you want to determine whether calling user domains can execute Polipo daemon in the polipo_session_t domain, you must turn on the polipo_session_users boolean.
+
+.EX
@@ -62732,6 +63160,27 @@ index 0000000..9ee292a
+.B setsebool -P polipo_use_nfs 1
+.EE
+
++.PP
++If you want to determine whether polipo can access cifs file systems, you must turn on the polipo_use_cifs boolean.
++
++.EX
++.B setsebool -P polipo_use_cifs 1
++.EE
++
++.PP
++If you want to determine whether Polipo session daemon can bind tcp sockets to all unreserved ports, you must turn on the polipo_session_bind_all_unreserved_ports boolean.
++
++.EX
++.B setsebool -P polipo_session_bind_all_unreserved_ports 1
++.EE
++
++.PP
++If you want to allow polipo to connect to all ports > 1023, you must turn on the polipo_connect_all_unreserved boolean.
++
++.EX
++.B setsebool -P polipo_connect_all_unreserved 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -62878,19 +63327,21 @@ index 0000000..9ee292a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), polipo(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), polipo(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/portmap_helper_selinux.8 b/man/man8/portmap_helper_selinux.8
new file mode 100644
-index 0000000..9f96794
+index 0000000..5745157
--- /dev/null
+++ b/man/man8/portmap_helper_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "portmap_helper_selinux" "8" "portmap_helper" "dwalsh at redhat.com" "portmap_helper SELinux Policy documentation"
+@@ -0,0 +1,125 @@
++.TH "portmap_helper_selinux" "8" "12-10-19" "portmap_helper" "SELinux Policy documentation for portmap_helper"
+.SH "NAME"
+portmap_helper_selinux \- Security Enhanced Linux Policy for the portmap_helper processes
+.SH "DESCRIPTION"
@@ -62945,10 +63396,6 @@ index 0000000..9f96794
+
+- Set files with the portmap_helper_exec_t type, if you want to transition an executable to the portmap_helper_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/pmap_set, /usr/sbin/pmap_dump
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -63012,19 +63459,21 @@ index 0000000..9f96794
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), portmap_helper(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), portmap_helper(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, portmap_selinux(8), portmap_selinux(8)
\ No newline at end of file
diff --git a/man/man8/portmap_selinux.8 b/man/man8/portmap_selinux.8
new file mode 100644
-index 0000000..1fe741f
+index 0000000..90c6b7c
--- /dev/null
+++ b/man/man8/portmap_selinux.8
-@@ -0,0 +1,187 @@
-+.TH "portmap_selinux" "8" "portmap" "dwalsh at redhat.com" "portmap SELinux Policy documentation"
+@@ -0,0 +1,188 @@
++.TH "portmap_selinux" "8" "12-10-19" "portmap" "SELinux Policy documentation for portmap"
+.SH "NAME"
+portmap_selinux \- Security Enhanced Linux Policy for the portmap processes
+.SH "DESCRIPTION"
@@ -63072,6 +63521,13 @@ index 0000000..1fe741f
+.B setsebool -P samba_portmapper 1
+.EE
+
++.PP
++If you want to allow samba to act as a portmapper, you must turn on the samba_portmapper boolean.
++
++.EX
++.B setsebool -P samba_portmapper 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -63090,10 +63546,6 @@ index 0000000..1fe741f
+
+- Set files with the portmap_exec_t type, if you want to transition an executable to the portmap_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/portmap, /usr/sbin/portmap
+
+.EX
+.PP
@@ -63102,10 +63554,6 @@ index 0000000..1fe741f
+
+- Set files with the portmap_helper_exec_t type, if you want to transition an executable to the portmap_helper_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/pmap_set, /usr/sbin/pmap_dump
+
+.EX
+.PP
@@ -63206,19 +63654,21 @@ index 0000000..1fe741f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), portmap(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), portmap(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), portmap_helper_selinux(8)
\ No newline at end of file
diff --git a/man/man8/portreserve_selinux.8 b/man/man8/portreserve_selinux.8
new file mode 100644
-index 0000000..5da9bf3
+index 0000000..be15952
--- /dev/null
+++ b/man/man8/portreserve_selinux.8
-@@ -0,0 +1,122 @@
-+.TH "portreserve_selinux" "8" "portreserve" "dwalsh at redhat.com" "portreserve SELinux Policy documentation"
+@@ -0,0 +1,120 @@
++.TH "portreserve_selinux" "8" "12-10-19" "portreserve" "SELinux Policy documentation for portreserve"
+.SH "NAME"
+portreserve_selinux \- Security Enhanced Linux Policy for the portreserve processes
+.SH "DESCRIPTION"
@@ -63236,7 +63686,7 @@ index 0000000..5da9bf3
+
+The portreserve_t SELinux type can be entered via the "portreserve_exec_t" file type. The default entrypoint paths for the portreserve_t domain are the following:"
+
-+/usr/sbin/portreserve, /sbin/portreserve
++/sbin/portreserve, /usr/sbin/portreserve
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -63281,10 +63731,6 @@ index 0000000..5da9bf3
+
+- Set files with the portreserve_exec_t type, if you want to transition an executable to the portreserve_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/portreserve, /sbin/portreserve
+
+.EX
+.PP
@@ -63336,17 +63782,19 @@ index 0000000..5da9bf3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), portreserve(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), portreserve(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/postfix_bounce_selinux.8 b/man/man8/postfix_bounce_selinux.8
new file mode 100644
-index 0000000..33465ac
+index 0000000..3902a9f
--- /dev/null
+++ b/man/man8/postfix_bounce_selinux.8
-@@ -0,0 +1,147 @@
-+.TH "postfix_bounce_selinux" "8" "postfix_bounce" "dwalsh at redhat.com" "postfix_bounce SELinux Policy documentation"
+@@ -0,0 +1,149 @@
++.TH "postfix_bounce_selinux" "8" "12-10-19" "postfix_bounce" "SELinux Policy documentation for postfix_bounce"
+.SH "NAME"
+postfix_bounce_selinux \- Security Enhanced Linux Policy for the postfix_bounce processes
+.SH "DESCRIPTION"
@@ -63488,19 +63936,21 @@ index 0000000..33465ac
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), postfix_bounce(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), postfix_bounce(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, postfix_cleanup_selinux(8), postfix_local_selinux(8), postfix_map_selinux(8), postfix_master_selinux(8), postfix_pickup_selinux(8), postfix_pipe_selinux(8), postfix_postdrop_selinux(8), postfix_postqueue_selinux(8), postfix_qmgr_selinux(8), postfix_showq_selinux(8), postfix_smtp_selinux(8), postfix_smtpd_selinux(8), postfix_virtual_selinux(8)
\ No newline at end of file
diff --git a/man/man8/postfix_cleanup_selinux.8 b/man/man8/postfix_cleanup_selinux.8
new file mode 100644
-index 0000000..5c8e900
+index 0000000..ab6a968
--- /dev/null
+++ b/man/man8/postfix_cleanup_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "postfix_cleanup_selinux" "8" "postfix_cleanup" "dwalsh at redhat.com" "postfix_cleanup SELinux Policy documentation"
+@@ -0,0 +1,133 @@
++.TH "postfix_cleanup_selinux" "8" "12-10-19" "postfix_cleanup" "SELinux Policy documentation for postfix_cleanup"
+.SH "NAME"
+postfix_cleanup_selinux \- Security Enhanced Linux Policy for the postfix_cleanup processes
+.SH "DESCRIPTION"
@@ -63626,19 +64076,21 @@ index 0000000..5c8e900
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), postfix_cleanup(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), postfix_cleanup(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, postfix_bounce_selinux(8), postfix_local_selinux(8), postfix_map_selinux(8), postfix_master_selinux(8), postfix_pickup_selinux(8), postfix_pipe_selinux(8), postfix_postdrop_selinux(8), postfix_postqueue_selinux(8), postfix_qmgr_selinux(8), postfix_showq_selinux(8), postfix_smtp_selinux(8), postfix_smtpd_selinux(8), postfix_virtual_selinux(8)
\ No newline at end of file
diff --git a/man/man8/postfix_local_selinux.8 b/man/man8/postfix_local_selinux.8
new file mode 100644
-index 0000000..6e85602
+index 0000000..29a8e20
--- /dev/null
+++ b/man/man8/postfix_local_selinux.8
-@@ -0,0 +1,193 @@
-+.TH "postfix_local_selinux" "8" "postfix_local" "dwalsh at redhat.com" "postfix_local SELinux Policy documentation"
+@@ -0,0 +1,202 @@
++.TH "postfix_local_selinux" "8" "12-10-19" "postfix_local" "SELinux Policy documentation for postfix_local"
+.SH "NAME"
+postfix_local_selinux \- Security Enhanced Linux Policy for the postfix_local processes
+.SH "DESCRIPTION"
@@ -63686,6 +64138,13 @@ index 0000000..6e85602
+.B setsebool -P postfix_local_write_mail_spool 1
+.EE
+
++.PP
++If you want to allow postfix_local domain full write access to mail_spool directories, you must turn on the postfix_local_write_mail_spool boolean.
++
++.EX
++.B setsebool -P postfix_local_write_mail_spool 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -63826,19 +64285,21 @@ index 0000000..6e85602
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), postfix_local(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), postfix_local(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), postfix_bounce_selinux(8), postfix_cleanup_selinux(8), postfix_map_selinux(8), postfix_master_selinux(8), postfix_pickup_selinux(8), postfix_pipe_selinux(8), postfix_postdrop_selinux(8), postfix_postqueue_selinux(8), postfix_qmgr_selinux(8), postfix_showq_selinux(8), postfix_smtp_selinux(8), postfix_smtpd_selinux(8), postfix_virtual_selinux(8)
\ No newline at end of file
diff --git a/man/man8/postfix_map_selinux.8 b/man/man8/postfix_map_selinux.8
new file mode 100644
-index 0000000..3ec768f
+index 0000000..48a2caf
--- /dev/null
+++ b/man/man8/postfix_map_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "postfix_map_selinux" "8" "postfix_map" "dwalsh at redhat.com" "postfix_map SELinux Policy documentation"
+@@ -0,0 +1,133 @@
++.TH "postfix_map_selinux" "8" "12-10-19" "postfix_map" "SELinux Policy documentation for postfix_map"
+.SH "NAME"
+postfix_map_selinux \- Security Enhanced Linux Policy for the postfix_map processes
+.SH "DESCRIPTION"
@@ -63964,19 +64425,21 @@ index 0000000..3ec768f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), postfix_map(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), postfix_map(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, postfix_bounce_selinux(8), postfix_cleanup_selinux(8), postfix_local_selinux(8), postfix_master_selinux(8), postfix_pickup_selinux(8), postfix_pipe_selinux(8), postfix_postdrop_selinux(8), postfix_postqueue_selinux(8), postfix_qmgr_selinux(8), postfix_showq_selinux(8), postfix_smtp_selinux(8), postfix_smtpd_selinux(8), postfix_virtual_selinux(8)
\ No newline at end of file
diff --git a/man/man8/postfix_master_selinux.8 b/man/man8/postfix_master_selinux.8
new file mode 100644
-index 0000000..d3cf0f7
+index 0000000..7a0edf1
--- /dev/null
+++ b/man/man8/postfix_master_selinux.8
-@@ -0,0 +1,181 @@
-+.TH "postfix_master_selinux" "8" "postfix_master" "dwalsh at redhat.com" "postfix_master SELinux Policy documentation"
+@@ -0,0 +1,179 @@
++.TH "postfix_master_selinux" "8" "12-10-19" "postfix_master" "SELinux Policy documentation for postfix_master"
+.SH "NAME"
+postfix_master_selinux \- Security Enhanced Linux Policy for the postfix_master processes
+.SH "DESCRIPTION"
@@ -63994,7 +64457,7 @@ index 0000000..d3cf0f7
+
+The postfix_master_t SELinux type can be entered via the "postfix_master_exec_t" file type. The default entrypoint paths for the postfix_master_t domain are the following:"
+
-+/usr/sbin/postcat, /usr/sbin/postfix, /usr/libexec/postfix/master, /usr/sbin/postkick, /usr/sbin/postsuper, /usr/sbin/postalias, /usr/sbin/postlock, /usr/sbin/postlog
++/usr/sbin/postcat, /usr/sbin/postfix, /usr/sbin/postlog, /usr/sbin/postkick, /usr/sbin/postlock, /usr/sbin/postalias, /usr/sbin/postsuper, /usr/libexec/postfix/master
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -64031,10 +64494,6 @@ index 0000000..d3cf0f7
+
+- Set files with the postfix_master_exec_t type, if you want to transition an executable to the postfix_master_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/postcat, /usr/sbin/postfix, /usr/libexec/postfix/master, /usr/sbin/postkick, /usr/sbin/postsuper, /usr/sbin/postalias, /usr/sbin/postlock, /usr/sbin/postlog
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -64152,19 +64611,21 @@ index 0000000..d3cf0f7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), postfix_master(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), postfix_master(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, postfix_bounce_selinux(8), postfix_cleanup_selinux(8), postfix_local_selinux(8), postfix_map_selinux(8), postfix_pickup_selinux(8), postfix_pipe_selinux(8), postfix_postdrop_selinux(8), postfix_postqueue_selinux(8), postfix_qmgr_selinux(8), postfix_showq_selinux(8), postfix_smtp_selinux(8), postfix_smtpd_selinux(8), postfix_virtual_selinux(8)
\ No newline at end of file
diff --git a/man/man8/postfix_pickup_selinux.8 b/man/man8/postfix_pickup_selinux.8
new file mode 100644
-index 0000000..72c8dae
+index 0000000..b9ab570
--- /dev/null
+++ b/man/man8/postfix_pickup_selinux.8
-@@ -0,0 +1,125 @@
-+.TH "postfix_pickup_selinux" "8" "postfix_pickup" "dwalsh at redhat.com" "postfix_pickup SELinux Policy documentation"
+@@ -0,0 +1,127 @@
++.TH "postfix_pickup_selinux" "8" "12-10-19" "postfix_pickup" "SELinux Policy documentation for postfix_pickup"
+.SH "NAME"
+postfix_pickup_selinux \- Security Enhanced Linux Policy for the postfix_pickup processes
+.SH "DESCRIPTION"
@@ -64284,19 +64745,21 @@ index 0000000..72c8dae
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), postfix_pickup(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), postfix_pickup(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, postfix_bounce_selinux(8), postfix_cleanup_selinux(8), postfix_local_selinux(8), postfix_map_selinux(8), postfix_master_selinux(8), postfix_pipe_selinux(8), postfix_postdrop_selinux(8), postfix_postqueue_selinux(8), postfix_qmgr_selinux(8), postfix_showq_selinux(8), postfix_smtp_selinux(8), postfix_smtpd_selinux(8), postfix_virtual_selinux(8)
\ No newline at end of file
diff --git a/man/man8/postfix_pipe_selinux.8 b/man/man8/postfix_pipe_selinux.8
new file mode 100644
-index 0000000..178ff03
+index 0000000..40f7e40
--- /dev/null
+++ b/man/man8/postfix_pipe_selinux.8
-@@ -0,0 +1,141 @@
-+.TH "postfix_pipe_selinux" "8" "postfix_pipe" "dwalsh at redhat.com" "postfix_pipe SELinux Policy documentation"
+@@ -0,0 +1,143 @@
++.TH "postfix_pipe_selinux" "8" "12-10-19" "postfix_pipe" "SELinux Policy documentation for postfix_pipe"
+.SH "NAME"
+postfix_pipe_selinux \- Security Enhanced Linux Policy for the postfix_pipe processes
+.SH "DESCRIPTION"
@@ -64432,19 +64895,21 @@ index 0000000..178ff03
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), postfix_pipe(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), postfix_pipe(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, postfix_bounce_selinux(8), postfix_cleanup_selinux(8), postfix_local_selinux(8), postfix_map_selinux(8), postfix_master_selinux(8), postfix_pickup_selinux(8), postfix_postdrop_selinux(8), postfix_postqueue_selinux(8), postfix_qmgr_selinux(8), postfix_showq_selinux(8), postfix_smtp_selinux(8), postfix_smtpd_selinux(8), postfix_virtual_selinux(8)
\ No newline at end of file
diff --git a/man/man8/postfix_postdrop_selinux.8 b/man/man8/postfix_postdrop_selinux.8
new file mode 100644
-index 0000000..a41a106
+index 0000000..49b1da6
--- /dev/null
+++ b/man/man8/postfix_postdrop_selinux.8
-@@ -0,0 +1,135 @@
-+.TH "postfix_postdrop_selinux" "8" "postfix_postdrop" "dwalsh at redhat.com" "postfix_postdrop SELinux Policy documentation"
+@@ -0,0 +1,137 @@
++.TH "postfix_postdrop_selinux" "8" "12-10-19" "postfix_postdrop" "SELinux Policy documentation for postfix_postdrop"
+.SH "NAME"
+postfix_postdrop_selinux \- Security Enhanced Linux Policy for the postfix_postdrop processes
+.SH "DESCRIPTION"
@@ -64574,19 +65039,21 @@ index 0000000..a41a106
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), postfix_postdrop(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), postfix_postdrop(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, postfix_bounce_selinux(8), postfix_cleanup_selinux(8), postfix_local_selinux(8), postfix_map_selinux(8), postfix_master_selinux(8), postfix_pickup_selinux(8), postfix_pipe_selinux(8), postfix_postqueue_selinux(8), postfix_qmgr_selinux(8), postfix_showq_selinux(8), postfix_smtp_selinux(8), postfix_smtpd_selinux(8), postfix_virtual_selinux(8)
\ No newline at end of file
diff --git a/man/man8/postfix_postqueue_selinux.8 b/man/man8/postfix_postqueue_selinux.8
new file mode 100644
-index 0000000..af15d32
+index 0000000..acf6bbc
--- /dev/null
+++ b/man/man8/postfix_postqueue_selinux.8
-@@ -0,0 +1,117 @@
-+.TH "postfix_postqueue_selinux" "8" "postfix_postqueue" "dwalsh at redhat.com" "postfix_postqueue SELinux Policy documentation"
+@@ -0,0 +1,119 @@
++.TH "postfix_postqueue_selinux" "8" "12-10-19" "postfix_postqueue" "SELinux Policy documentation for postfix_postqueue"
+.SH "NAME"
+postfix_postqueue_selinux \- Security Enhanced Linux Policy for the postfix_postqueue processes
+.SH "DESCRIPTION"
@@ -64698,19 +65165,21 @@ index 0000000..af15d32
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), postfix_postqueue(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), postfix_postqueue(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, postfix_bounce_selinux(8), postfix_cleanup_selinux(8), postfix_local_selinux(8), postfix_map_selinux(8), postfix_master_selinux(8), postfix_pickup_selinux(8), postfix_pipe_selinux(8), postfix_postdrop_selinux(8), postfix_qmgr_selinux(8), postfix_showq_selinux(8), postfix_smtp_selinux(8), postfix_smtpd_selinux(8), postfix_virtual_selinux(8)
\ No newline at end of file
diff --git a/man/man8/postfix_qmgr_selinux.8 b/man/man8/postfix_qmgr_selinux.8
new file mode 100644
-index 0000000..2857a23
+index 0000000..5e9c140
--- /dev/null
+++ b/man/man8/postfix_qmgr_selinux.8
-@@ -0,0 +1,141 @@
-+.TH "postfix_qmgr_selinux" "8" "postfix_qmgr" "dwalsh at redhat.com" "postfix_qmgr SELinux Policy documentation"
+@@ -0,0 +1,143 @@
++.TH "postfix_qmgr_selinux" "8" "12-10-19" "postfix_qmgr" "SELinux Policy documentation for postfix_qmgr"
+.SH "NAME"
+postfix_qmgr_selinux \- Security Enhanced Linux Policy for the postfix_qmgr processes
+.SH "DESCRIPTION"
@@ -64846,19 +65315,21 @@ index 0000000..2857a23
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), postfix_qmgr(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), postfix_qmgr(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, postfix_bounce_selinux(8), postfix_cleanup_selinux(8), postfix_local_selinux(8), postfix_map_selinux(8), postfix_master_selinux(8), postfix_pickup_selinux(8), postfix_pipe_selinux(8), postfix_postdrop_selinux(8), postfix_postqueue_selinux(8), postfix_showq_selinux(8), postfix_smtp_selinux(8), postfix_smtpd_selinux(8), postfix_virtual_selinux(8)
\ No newline at end of file
diff --git a/man/man8/postfix_showq_selinux.8 b/man/man8/postfix_showq_selinux.8
new file mode 100644
-index 0000000..4449f79
+index 0000000..30d1fdf
--- /dev/null
+++ b/man/man8/postfix_showq_selinux.8
-@@ -0,0 +1,113 @@
-+.TH "postfix_showq_selinux" "8" "postfix_showq" "dwalsh at redhat.com" "postfix_showq SELinux Policy documentation"
+@@ -0,0 +1,115 @@
++.TH "postfix_showq_selinux" "8" "12-10-19" "postfix_showq" "SELinux Policy documentation for postfix_showq"
+.SH "NAME"
+postfix_showq_selinux \- Security Enhanced Linux Policy for the postfix_showq processes
+.SH "DESCRIPTION"
@@ -64966,19 +65437,21 @@ index 0000000..4449f79
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), postfix_showq(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), postfix_showq(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, postfix_bounce_selinux(8), postfix_cleanup_selinux(8), postfix_local_selinux(8), postfix_map_selinux(8), postfix_master_selinux(8), postfix_pickup_selinux(8), postfix_pipe_selinux(8), postfix_postdrop_selinux(8), postfix_postqueue_selinux(8), postfix_qmgr_selinux(8), postfix_smtp_selinux(8), postfix_smtpd_selinux(8), postfix_virtual_selinux(8)
\ No newline at end of file
diff --git a/man/man8/postfix_smtp_selinux.8 b/man/man8/postfix_smtp_selinux.8
new file mode 100644
-index 0000000..d17ab20
+index 0000000..0988201
--- /dev/null
+++ b/man/man8/postfix_smtp_selinux.8
-@@ -0,0 +1,167 @@
-+.TH "postfix_smtp_selinux" "8" "postfix_smtp" "dwalsh at redhat.com" "postfix_smtp SELinux Policy documentation"
+@@ -0,0 +1,165 @@
++.TH "postfix_smtp_selinux" "8" "12-10-19" "postfix_smtp" "SELinux Policy documentation for postfix_smtp"
+.SH "NAME"
+postfix_smtp_selinux \- Security Enhanced Linux Policy for the postfix_smtp processes
+.SH "DESCRIPTION"
@@ -65033,10 +65506,6 @@ index 0000000..d17ab20
+
+- Set files with the postfix_smtp_exec_t type, if you want to transition an executable to the postfix_smtp_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/postfix/lmtp, /usr/libexec/postfix/smtp, /usr/libexec/postfix/scache
+
+.EX
+.PP
@@ -65140,19 +65609,21 @@ index 0000000..d17ab20
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), postfix_smtp(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), postfix_smtp(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, postfix_bounce_selinux(8), postfix_cleanup_selinux(8), postfix_local_selinux(8), postfix_map_selinux(8), postfix_master_selinux(8), postfix_pickup_selinux(8), postfix_pipe_selinux(8), postfix_postdrop_selinux(8), postfix_postqueue_selinux(8), postfix_qmgr_selinux(8), postfix_showq_selinux(8), postfix_smtpd_selinux(8), postfix_virtual_selinux(8)
\ No newline at end of file
diff --git a/man/man8/postfix_smtpd_selinux.8 b/man/man8/postfix_smtpd_selinux.8
new file mode 100644
-index 0000000..d174664
+index 0000000..108c0b0
--- /dev/null
+++ b/man/man8/postfix_smtpd_selinux.8
-@@ -0,0 +1,137 @@
-+.TH "postfix_smtpd_selinux" "8" "postfix_smtpd" "dwalsh at redhat.com" "postfix_smtpd SELinux Policy documentation"
+@@ -0,0 +1,139 @@
++.TH "postfix_smtpd_selinux" "8" "12-10-19" "postfix_smtpd" "SELinux Policy documentation for postfix_smtpd"
+.SH "NAME"
+postfix_smtpd_selinux \- Security Enhanced Linux Policy for the postfix_smtpd processes
+.SH "DESCRIPTION"
@@ -65284,19 +65755,21 @@ index 0000000..d174664
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), postfix_smtpd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), postfix_smtpd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, postfix_bounce_selinux(8), postfix_cleanup_selinux(8), postfix_local_selinux(8), postfix_map_selinux(8), postfix_master_selinux(8), postfix_pickup_selinux(8), postfix_pipe_selinux(8), postfix_postdrop_selinux(8), postfix_postqueue_selinux(8), postfix_qmgr_selinux(8), postfix_showq_selinux(8), postfix_smtp_selinux(8), postfix_smtp_selinux(8), postfix_virtual_selinux(8)
\ No newline at end of file
diff --git a/man/man8/postfix_virtual_selinux.8 b/man/man8/postfix_virtual_selinux.8
new file mode 100644
-index 0000000..2d8064c
+index 0000000..40af031
--- /dev/null
+++ b/man/man8/postfix_virtual_selinux.8
-@@ -0,0 +1,163 @@
-+.TH "postfix_virtual_selinux" "8" "postfix_virtual" "dwalsh at redhat.com" "postfix_virtual SELinux Policy documentation"
+@@ -0,0 +1,165 @@
++.TH "postfix_virtual_selinux" "8" "12-10-19" "postfix_virtual" "SELinux Policy documentation for postfix_virtual"
+.SH "NAME"
+postfix_virtual_selinux \- Security Enhanced Linux Policy for the postfix_virtual processes
+.SH "DESCRIPTION"
@@ -65454,19 +65927,21 @@ index 0000000..2d8064c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), postfix_virtual(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), postfix_virtual(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, postfix_bounce_selinux(8), postfix_cleanup_selinux(8), postfix_local_selinux(8), postfix_map_selinux(8), postfix_master_selinux(8), postfix_pickup_selinux(8), postfix_pipe_selinux(8), postfix_postdrop_selinux(8), postfix_postqueue_selinux(8), postfix_qmgr_selinux(8), postfix_showq_selinux(8), postfix_smtp_selinux(8), postfix_smtpd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/postgresql_selinux.8 b/man/man8/postgresql_selinux.8
new file mode 100644
-index 0000000..325abad
+index 0000000..9fe0dff
--- /dev/null
+++ b/man/man8/postgresql_selinux.8
-@@ -0,0 +1,359 @@
-+.TH "postgresql_selinux" "8" "postgresql" "dwalsh at redhat.com" "postgresql SELinux Policy documentation"
+@@ -0,0 +1,382 @@
++.TH "postgresql_selinux" "8" "12-10-19" "postgresql" "SELinux Policy documentation for postgresql"
+.SH "NAME"
+postgresql_selinux \- Security Enhanced Linux Policy for the postgresql processes
+.SH "DESCRIPTION"
@@ -65484,7 +65959,7 @@ index 0000000..325abad
+
+The postgresql_t SELinux type can be entered via the "postgresql_exec_t" file type. The default entrypoint paths for the postgresql_t domain are the following:"
+
-+/usr/bin/(se)?postgres, /usr/lib/postgresql/bin/.*, /usr/lib/pgsql/test/regress/pg_regress, /usr/bin/initdb(\.sepgsql)?
++/usr/bin/(se)?postgres, /usr/bin/initdb(\.sepgsql)?, /usr/lib/postgresql/bin/.*, /usr/lib/pgsql/test/regress/pg_regress
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -65508,6 +65983,20 @@ index 0000000..325abad
+
+
+.PP
++If you want to allow transmit client label to foreign database, you must turn on the postgresql_selinux_transmit_client_label boolean.
++
++.EX
++.B setsebool -P postgresql_selinux_transmit_client_label 1
++.EE
++
++.PP
++If you want to allow database admins to execute DML statement, you must turn on the postgresql_selinux_unconfined_dbadm boolean.
++
++.EX
++.B setsebool -P postgresql_selinux_unconfined_dbadm 1
++.EE
++
++.PP
+If you want to allow postgresql to use ssh and rsync for point-in-time recovery, you must turn on the postgresql_can_rsync boolean.
+
+.EX
@@ -65515,6 +66004,13 @@ index 0000000..325abad
+.EE
+
+.PP
++If you want to allow users to connect to PostgreSQL, you must turn on the selinuxuser_postgresql_connect_enabled boolean.
++
++.EX
++.B setsebool -P selinuxuser_postgresql_connect_enabled 1
++.EE
++
++.PP
+If you want to allow unprivileged users to execute DDL statement, you must turn on the postgresql_selinux_users_ddl boolean.
+
+.EX
@@ -65522,6 +66018,13 @@ index 0000000..325abad
+.EE
+
+.PP
++If you want to allow transmit client label to foreign database, you must turn on the postgresql_selinux_transmit_client_label boolean.
++
++.EX
++.B setsebool -P postgresql_selinux_transmit_client_label 1
++.EE
++
++.PP
+If you want to allow database admins to execute DML statement, you must turn on the postgresql_selinux_unconfined_dbadm boolean.
+
+.EX
@@ -65529,6 +66032,13 @@ index 0000000..325abad
+.EE
+
+.PP
++If you want to allow postgresql to use ssh and rsync for point-in-time recovery, you must turn on the postgresql_can_rsync boolean.
++
++.EX
++.B setsebool -P postgresql_can_rsync 1
++.EE
++
++.PP
+If you want to allow users to connect to PostgreSQL, you must turn on the selinuxuser_postgresql_connect_enabled boolean.
+
+.EX
@@ -65536,10 +66046,10 @@ index 0000000..325abad
+.EE
+
+.PP
-+If you want to allow transmit client label to foreign database, you must turn on the postgresql_selinux_transmit_client_label boolean.
++If you want to allow unprivileged users to execute DDL statement, you must turn on the postgresql_selinux_users_ddl boolean.
+
+.EX
-+.B setsebool -P postgresql_selinux_transmit_client_label 1
++.B setsebool -P postgresql_selinux_users_ddl 1
+.EE
+
+.SH FILE CONTEXTS
@@ -65560,10 +66070,6 @@ index 0000000..325abad
+
+- Set files with the postgresql_db_t type, if you want to treat the files as postgresql database content.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/jonas/pgsql(/.*)?, /var/lib/postgres(ql)?(/.*)?, /var/lib/sepgsql(/.*)?, /usr/lib/pgsql/test/regress(/.*)?, /var/lib/pgsql(/.*)?
+
+.EX
+.PP
@@ -65572,10 +66078,6 @@ index 0000000..325abad
+
+- Set files with the postgresql_etc_t type, if you want to store postgresql files in the /etc directories.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/sysconfig/pgsql(/.*)?, /etc/postgresql(/.*)?
+
+.EX
+.PP
@@ -65584,10 +66086,6 @@ index 0000000..325abad
+
+- Set files with the postgresql_exec_t type, if you want to transition an executable to the postgresql_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/(se)?postgres, /usr/lib/postgresql/bin/.*, /usr/lib/pgsql/test/regress/pg_regress, /usr/bin/initdb(\.sepgsql)?
+
+.EX
+.PP
@@ -65612,10 +66110,6 @@ index 0000000..325abad
+
+- Set files with the postgresql_log_t type, if you want to treat the data as postgresql log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/pgsql/logfile(/.*)?, /var/log/postgresql(/.*)?, /var/log/postgres\.log.*, /var/lib/sepgsql/pgstartup\.log, /var/log/rhdb/rhdb(/.*)?, /var/lib/pgsql/.*\.log, /var/log/sepostgresql\.log.*
+
+.EX
+.PP
@@ -65696,6 +66190,8 @@ index 0000000..325abad
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -65820,19 +66316,21 @@ index 0000000..325abad
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), postgresql(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), postgresql(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/postgrey_selinux.8 b/man/man8/postgrey_selinux.8
new file mode 100644
-index 0000000..e509848
+index 0000000..1409420
--- /dev/null
+++ b/man/man8/postgrey_selinux.8
-@@ -0,0 +1,182 @@
-+.TH "postgrey_selinux" "8" "postgrey" "dwalsh at redhat.com" "postgrey SELinux Policy documentation"
+@@ -0,0 +1,180 @@
++.TH "postgrey_selinux" "8" "12-10-19" "postgrey" "SELinux Policy documentation for postgrey"
+.SH "NAME"
+postgrey_selinux \- Security Enhanced Linux Policy for the postgrey processes
+.SH "DESCRIPTION"
@@ -65927,10 +66425,6 @@ index 0000000..e509848
+
+- Set files with the postgrey_var_run_t type, if you want to store the postgrey files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/postgrey\.pid, /var/run/postgrey(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -66010,17 +66504,19 @@ index 0000000..e509848
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), postgrey(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), postgrey(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/pppd_selinux.8 b/man/man8/pppd_selinux.8
new file mode 100644
-index 0000000..a87427a
+index 0000000..eed9b1b
--- /dev/null
+++ b/man/man8/pppd_selinux.8
-@@ -0,0 +1,370 @@
-+.TH "pppd_selinux" "8" "pppd" "dwalsh at redhat.com" "pppd SELinux Policy documentation"
+@@ -0,0 +1,362 @@
++.TH "pppd_selinux" "8" "12-10-19" "pppd" "SELinux Policy documentation for pppd"
+.SH "NAME"
+pppd_selinux \- Security Enhanced Linux Policy for the pppd processes
+.SH "DESCRIPTION"
@@ -66038,7 +66534,7 @@ index 0000000..a87427a
+
+The pppd_t SELinux type can be entered via the "pppd_exec_t" file type. The default entrypoint paths for the pppd_t domain are the following:"
+
-+/usr/sbin/pppd, /usr/sbin/ipppd, /usr/sbin/pppoe-server, /usr/sbin/ppp-watch, /sbin/pppoe-server, /sbin/ppp-watch
++/usr/sbin/pppd, /sbin/ppp-watch, /usr/sbin/ipppd, /sbin/pppoe-server, /usr/sbin/ppp-watch, /usr/sbin/pppoe-server
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -66062,6 +66558,13 @@ index 0000000..a87427a
+
+
+.PP
++If you want to allow pppd to load kernel modules for certain modems, you must turn on the pppd_can_insmod boolean.
++
++.EX
++.B setsebool -P pppd_can_insmod 1
++.EE
++
++.PP
+If you want to allow pppd to be run for a regular user, you must turn on the pppd_for_user boolean.
+
+.EX
@@ -66075,6 +66578,13 @@ index 0000000..a87427a
+.B setsebool -P pppd_can_insmod 1
+.EE
+
++.PP
++If you want to allow pppd to be run for a regular user, you must turn on the pppd_for_user boolean.
++
++.EX
++.B setsebool -P pppd_for_user 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -66093,10 +66603,6 @@ index 0000000..a87427a
+
+- Set files with the pppd_etc_rw_t type, if you want to treat the files as pppd etc read/write content.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/ppp(/.*)?, /etc/ppp/resolv\.conf, /etc/ppp/peers(/.*)?
+
+.EX
+.PP
@@ -66105,10 +66611,6 @@ index 0000000..a87427a
+
+- Set files with the pppd_etc_t type, if you want to store pppd files in the /etc directories.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/ppp, /root/.ppprc
+
+.EX
+.PP
@@ -66117,10 +66619,6 @@ index 0000000..a87427a
+
+- Set files with the pppd_exec_t type, if you want to transition an executable to the pppd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/pppd, /usr/sbin/ipppd, /usr/sbin/pppoe-server, /usr/sbin/ppp-watch, /sbin/pppoe-server, /sbin/ppp-watch
+
+.EX
+.PP
@@ -66129,10 +66627,6 @@ index 0000000..a87427a
+
+- Set files with the pppd_initrc_exec_t type, if you want to transition an executable to the pppd_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/ppp, /etc/ppp/(auth|ip(v6|x)?)-(up|down)
+
+.EX
+.PP
@@ -66149,10 +66643,6 @@ index 0000000..a87427a
+
+- Set files with the pppd_log_t type, if you want to treat the data as pppd log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/ppp(/.*)?, /var/log/ppp-connect-errors.*
+
+.EX
+.PP
@@ -66185,10 +66675,6 @@ index 0000000..a87427a
+
+- Set files with the pppd_var_run_t type, if you want to store the pppd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/pppd[0-9]*\.tdb, /var/run/ppp(/.*)?, /var/run/(i)?ppp.*pid[^/]*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -66234,10 +66720,10 @@ index 0000000..a87427a
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -66385,19 +66871,21 @@ index 0000000..a87427a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), pppd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), pppd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/pptp_selinux.8 b/man/man8/pptp_selinux.8
new file mode 100644
-index 0000000..85785a9
+index 0000000..1018903
--- /dev/null
+++ b/man/man8/pptp_selinux.8
-@@ -0,0 +1,156 @@
-+.TH "pptp_selinux" "8" "pptp" "dwalsh at redhat.com" "pptp SELinux Policy documentation"
+@@ -0,0 +1,158 @@
++.TH "pptp_selinux" "8" "12-10-19" "pptp" "SELinux Policy documentation for pptp"
+.SH "NAME"
+pptp_selinux \- Security Enhanced Linux Policy for the pptp processes
+.SH "DESCRIPTION"
@@ -66549,17 +67037,19 @@ index 0000000..85785a9
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), pptp(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), pptp(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/prelink_cron_system_selinux.8 b/man/man8/prelink_cron_system_selinux.8
new file mode 100644
-index 0000000..6d9d6e7
+index 0000000..a279835
--- /dev/null
+++ b/man/man8/prelink_cron_system_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "prelink_cron_system_selinux" "8" "prelink_cron_system" "dwalsh at redhat.com" "prelink_cron_system SELinux Policy documentation"
+@@ -0,0 +1,129 @@
++.TH "prelink_cron_system_selinux" "8" "12-10-19" "prelink_cron_system" "SELinux Policy documentation for prelink_cron_system"
+.SH "NAME"
+prelink_cron_system_selinux \- Security Enhanced Linux Policy for the prelink_cron_system processes
+.SH "DESCRIPTION"
@@ -66681,19 +67171,21 @@ index 0000000..6d9d6e7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), prelink_cron_system(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), prelink_cron_system(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, prelink_selinux(8), prelink_selinux(8)
\ No newline at end of file
diff --git a/man/man8/prelink_selinux.8 b/man/man8/prelink_selinux.8
new file mode 100644
-index 0000000..1bfd579
+index 0000000..b0418a8
--- /dev/null
+++ b/man/man8/prelink_selinux.8
-@@ -0,0 +1,763 @@
-+.TH "prelink_selinux" "8" "prelink" "dwalsh at redhat.com" "prelink SELinux Policy documentation"
+@@ -0,0 +1,757 @@
++.TH "prelink_selinux" "8" "12-10-19" "prelink" "SELinux Policy documentation for prelink"
+.SH "NAME"
+prelink_selinux \- Security Enhanced Linux Policy for the prelink processes
+.SH "DESCRIPTION"
@@ -66772,10 +67264,6 @@ index 0000000..1bfd579
+
+- Set files with the prelink_log_t type, if you want to treat the data as prelink log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/prelink(/.*)?, /var/log/prelink\.log.*
+
+.EX
+.PP
@@ -66800,10 +67288,6 @@ index 0000000..1bfd579
+
+- Set files with the prelink_var_lib_t type, if you want to store the prelink files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/prelink(/.*)?, /var/lib/misc/prelink.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -67451,19 +67935,21 @@ index 0000000..1bfd579
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), prelink(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), prelink(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, prelink_cron_system_selinux(8)
\ No newline at end of file
diff --git a/man/man8/prelude_audisp_selinux.8 b/man/man8/prelude_audisp_selinux.8
new file mode 100644
-index 0000000..3789085
+index 0000000..51ab066
--- /dev/null
+++ b/man/man8/prelude_audisp_selinux.8
-@@ -0,0 +1,109 @@
-+.TH "prelude_audisp_selinux" "8" "prelude_audisp" "dwalsh at redhat.com" "prelude_audisp SELinux Policy documentation"
+@@ -0,0 +1,107 @@
++.TH "prelude_audisp_selinux" "8" "12-10-19" "prelude_audisp" "SELinux Policy documentation for prelude_audisp"
+.SH "NAME"
+prelude_audisp_selinux \- Security Enhanced Linux Policy for the prelude_audisp processes
+.SH "DESCRIPTION"
@@ -67518,10 +68004,6 @@ index 0000000..3789085
+
+- Set files with the prelude_audisp_exec_t type, if you want to transition an executable to the prelude_audisp_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/audisp-prelude, /usr/sbin/audisp-prelude
+
+.EX
+.PP
@@ -67567,19 +68049,21 @@ index 0000000..3789085
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), prelude_audisp(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), prelude_audisp(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, prelude_selinux(8), prelude_selinux(8), prelude_correlator_selinux(8), prelude_lml_selinux(8)
\ No newline at end of file
diff --git a/man/man8/prelude_correlator_selinux.8 b/man/man8/prelude_correlator_selinux.8
new file mode 100644
-index 0000000..a82e57e
+index 0000000..72f8e43
--- /dev/null
+++ b/man/man8/prelude_correlator_selinux.8
-@@ -0,0 +1,105 @@
-+.TH "prelude_correlator_selinux" "8" "prelude_correlator" "dwalsh at redhat.com" "prelude_correlator SELinux Policy documentation"
+@@ -0,0 +1,107 @@
++.TH "prelude_correlator_selinux" "8" "12-10-19" "prelude_correlator" "SELinux Policy documentation for prelude_correlator"
+.SH "NAME"
+prelude_correlator_selinux \- Security Enhanced Linux Policy for the prelude_correlator processes
+.SH "DESCRIPTION"
@@ -67679,19 +68163,21 @@ index 0000000..a82e57e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), prelude_correlator(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), prelude_correlator(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, prelude_selinux(8), prelude_selinux(8), prelude_audisp_selinux(8), prelude_lml_selinux(8)
\ No newline at end of file
diff --git a/man/man8/prelude_lml_selinux.8 b/man/man8/prelude_lml_selinux.8
new file mode 100644
-index 0000000..758ff1a
+index 0000000..576dd8f
--- /dev/null
+++ b/man/man8/prelude_lml_selinux.8
-@@ -0,0 +1,147 @@
-+.TH "prelude_lml_selinux" "8" "prelude_lml" "dwalsh at redhat.com" "prelude_lml SELinux Policy documentation"
+@@ -0,0 +1,149 @@
++.TH "prelude_lml_selinux" "8" "12-10-19" "prelude_lml" "SELinux Policy documentation for prelude_lml"
+.SH "NAME"
+prelude_lml_selinux \- Security Enhanced Linux Policy for the prelude_lml processes
+.SH "DESCRIPTION"
@@ -67833,19 +68319,21 @@ index 0000000..758ff1a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), prelude_lml(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), prelude_lml(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, prelude_selinux(8), prelude_selinux(8), prelude_audisp_selinux(8), prelude_correlator_selinux(8)
\ No newline at end of file
diff --git a/man/man8/prelude_selinux.8 b/man/man8/prelude_selinux.8
new file mode 100644
-index 0000000..8862f76
+index 0000000..c3b459a
--- /dev/null
+++ b/man/man8/prelude_selinux.8
-@@ -0,0 +1,269 @@
-+.TH "prelude_selinux" "8" "prelude" "dwalsh at redhat.com" "prelude SELinux Policy documentation"
+@@ -0,0 +1,259 @@
++.TH "prelude_selinux" "8" "12-10-19" "prelude" "SELinux Policy documentation for prelude"
+.SH "NAME"
+prelude_selinux \- Security Enhanced Linux Policy for the prelude processes
+.SH "DESCRIPTION"
@@ -67900,10 +68388,6 @@ index 0000000..8862f76
+
+- Set files with the prelude_audisp_exec_t type, if you want to transition an executable to the prelude_audisp_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/audisp-prelude, /usr/sbin/audisp-prelude
+
+.EX
+.PP
@@ -67944,10 +68428,6 @@ index 0000000..8862f76
+
+- Set files with the prelude_initrc_exec_t type, if you want to transition an executable to the prelude_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/prelude-correlator, /etc/rc\.d/init\.d/prelude-manager, /etc/rc\.d/init\.d/prelude-lml
+
+.EX
+.PP
@@ -67988,10 +68468,6 @@ index 0000000..8862f76
+
+- Set files with the prelude_spool_t type, if you want to store the prelude files under the /var/spool directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/spool/prelude(/.*)?, /var/spool/prelude-manager(/.*)?
+
+.EX
+.PP
@@ -68109,19 +68585,21 @@ index 0000000..8862f76
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), prelude(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), prelude(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, prelude_audisp_selinux(8), prelude_correlator_selinux(8), prelude_lml_selinux(8)
\ No newline at end of file
diff --git a/man/man8/privoxy_selinux.8 b/man/man8/privoxy_selinux.8
new file mode 100644
-index 0000000..7319740
+index 0000000..c29c922
--- /dev/null
+++ b/man/man8/privoxy_selinux.8
-@@ -0,0 +1,165 @@
-+.TH "privoxy_selinux" "8" "privoxy" "dwalsh at redhat.com" "privoxy SELinux Policy documentation"
+@@ -0,0 +1,174 @@
++.TH "privoxy_selinux" "8" "12-10-19" "privoxy" "SELinux Policy documentation for privoxy"
+.SH "NAME"
+privoxy_selinux \- Security Enhanced Linux Policy for the privoxy processes
+.SH "DESCRIPTION"
@@ -68169,6 +68647,13 @@ index 0000000..7319740
+.B setsebool -P privoxy_connect_any 1
+.EE
+
++.PP
++If you want to allow privoxy to connect to all ports, not just HTTP, FTP, and Gopher ports, you must turn on the privoxy_connect_any boolean.
++
++.EX
++.B setsebool -P privoxy_connect_any 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -68281,19 +68766,21 @@ index 0000000..7319740
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), privoxy(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), privoxy(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/procmail_selinux.8 b/man/man8/procmail_selinux.8
new file mode 100644
-index 0000000..a207489
+index 0000000..dd02072
--- /dev/null
+++ b/man/man8/procmail_selinux.8
-@@ -0,0 +1,182 @@
-+.TH "procmail_selinux" "8" "procmail" "dwalsh at redhat.com" "procmail SELinux Policy documentation"
+@@ -0,0 +1,180 @@
++.TH "procmail_selinux" "8" "12-10-19" "procmail" "SELinux Policy documentation for procmail"
+.SH "NAME"
+procmail_selinux \- Security Enhanced Linux Policy for the procmail processes
+.SH "DESCRIPTION"
@@ -68364,10 +68851,6 @@ index 0000000..a207489
+
+- Set files with the procmail_log_t type, if you want to treat the data as procmail log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/procmail\.log.*, /var/log/procmail(/.*)?
+
+.EX
+.PP
@@ -68471,17 +68954,19 @@ index 0000000..a207489
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), procmail(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), procmail(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/psad_selinux.8 b/man/man8/psad_selinux.8
new file mode 100644
-index 0000000..cf4b90b
+index 0000000..98171a9
--- /dev/null
+++ b/man/man8/psad_selinux.8
-@@ -0,0 +1,166 @@
-+.TH "psad_selinux" "8" "psad" "dwalsh at redhat.com" "psad SELinux Policy documentation"
+@@ -0,0 +1,168 @@
++.TH "psad_selinux" "8" "12-10-19" "psad" "SELinux Policy documentation for psad"
+.SH "NAME"
+psad_selinux \- Security Enhanced Linux Policy for the psad processes
+.SH "DESCRIPTION"
@@ -68643,17 +69128,19 @@ index 0000000..cf4b90b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), psad(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), psad(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ptal_selinux.8 b/man/man8/ptal_selinux.8
new file mode 100644
-index 0000000..c61ee9e
+index 0000000..5b4e3df
--- /dev/null
+++ b/man/man8/ptal_selinux.8
-@@ -0,0 +1,146 @@
-+.TH "ptal_selinux" "8" "ptal" "dwalsh at redhat.com" "ptal SELinux Policy documentation"
+@@ -0,0 +1,140 @@
++.TH "ptal_selinux" "8" "12-10-19" "ptal" "SELinux Policy documentation for ptal"
+.SH "NAME"
+ptal_selinux \- Security Enhanced Linux Policy for the ptal processes
+.SH "DESCRIPTION"
@@ -68671,7 +69158,7 @@ index 0000000..c61ee9e
+
+The ptal_t SELinux type can be entered via the "ptal_exec_t" file type. The default entrypoint paths for the ptal_t domain are the following:"
+
-+/usr/sbin/ptal-photod, /usr/sbin/ptal-mlcd, /usr/sbin/ptal-printd
++/usr/sbin/ptal-mlcd, /usr/sbin/ptal-printd, /usr/sbin/ptal-photod
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -68716,10 +69203,6 @@ index 0000000..c61ee9e
+
+- Set files with the ptal_exec_t type, if you want to transition an executable to the ptal_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/ptal-photod, /usr/sbin/ptal-mlcd, /usr/sbin/ptal-printd
+
+.EX
+.PP
@@ -68728,10 +69211,6 @@ index 0000000..c61ee9e
+
+- Set files with the ptal_var_run_t type, if you want to store the ptal files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/ptal-mlcd(/.*)?, /var/run/ptal-printd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -68795,17 +69274,19 @@ index 0000000..c61ee9e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ptal(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ptal(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ptchown_selinux.8 b/man/man8/ptchown_selinux.8
new file mode 100644
-index 0000000..655cea8
+index 0000000..6a89706
--- /dev/null
+++ b/man/man8/ptchown_selinux.8
-@@ -0,0 +1,92 @@
-+.TH "ptchown_selinux" "8" "ptchown" "dwalsh at redhat.com" "ptchown SELinux Policy documentation"
+@@ -0,0 +1,94 @@
++.TH "ptchown_selinux" "8" "12-10-19" "ptchown" "SELinux Policy documentation for ptchown"
+.SH "NAME"
+ptchown_selinux \- Security Enhanced Linux Policy for the ptchown processes
+.SH "DESCRIPTION"
@@ -68893,17 +69374,19 @@ index 0000000..655cea8
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ptchown(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ptchown(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/publicfile_selinux.8 b/man/man8/publicfile_selinux.8
new file mode 100644
-index 0000000..ed8bd4e
+index 0000000..ae326e4
--- /dev/null
+++ b/man/man8/publicfile_selinux.8
-@@ -0,0 +1,100 @@
-+.TH "publicfile_selinux" "8" "publicfile" "dwalsh at redhat.com" "publicfile SELinux Policy documentation"
+@@ -0,0 +1,94 @@
++.TH "publicfile_selinux" "8" "12-10-19" "publicfile" "SELinux Policy documentation for publicfile"
+.SH "NAME"
+publicfile_selinux \- Security Enhanced Linux Policy for the publicfile processes
+.SH "DESCRIPTION"
@@ -68921,7 +69404,7 @@ index 0000000..ed8bd4e
+
+The publicfile_t SELinux type can be entered via the "publicfile_exec_t" file type. The default entrypoint paths for the publicfile_t domain are the following:"
+
-+/usr/bin/httpd, /usr/bin/ftpd
++/usr/bin/ftpd, /usr/bin/httpd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -68966,10 +69449,6 @@ index 0000000..ed8bd4e
+
+- Set files with the publicfile_exec_t type, if you want to transition an executable to the publicfile_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/httpd, /usr/bin/ftpd
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -68978,10 +69457,6 @@ index 0000000..ed8bd4e
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type publicfile_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -68999,17 +69474,19 @@ index 0000000..ed8bd4e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), publicfile(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), publicfile(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/pulseaudio_selinux.8 b/man/man8/pulseaudio_selinux.8
new file mode 100644
-index 0000000..6a703dd
+index 0000000..428c319
--- /dev/null
+++ b/man/man8/pulseaudio_selinux.8
-@@ -0,0 +1,302 @@
-+.TH "pulseaudio_selinux" "8" "pulseaudio" "dwalsh at redhat.com" "pulseaudio SELinux Policy documentation"
+@@ -0,0 +1,300 @@
++.TH "pulseaudio_selinux" "8" "12-10-19" "pulseaudio" "SELinux Policy documentation for pulseaudio"
+.SH "NAME"
+pulseaudio_selinux \- Security Enhanced Linux Policy for the pulseaudio processes
+.SH "DESCRIPTION"
@@ -69072,10 +69549,6 @@ index 0000000..6a703dd
+
+- Set files with the pulseaudio_home_t type, if you want to store pulseaudio files in the users home directory.
+
-+.br
-+.TP 5
-+Paths:
-+/root/\.pulse-cookie, /root/\.pulse(/.*)?, /root/\.esd_auth
+
+.EX
+.PP
@@ -69307,17 +69780,19 @@ index 0000000..6a703dd
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), pulseaudio(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), pulseaudio(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/puppet_selinux.8 b/man/man8/puppet_selinux.8
new file mode 100644
-index 0000000..9e0d61d
+index 0000000..a3a88c0
--- /dev/null
+++ b/man/man8/puppet_selinux.8
-@@ -0,0 +1,346 @@
-+.TH "puppet_selinux" "8" "puppet" "dwalsh at redhat.com" "puppet SELinux Policy documentation"
+@@ -0,0 +1,370 @@
++.TH "puppet_selinux" "8" "12-10-19" "puppet" "SELinux Policy documentation for puppet"
+.SH "NAME"
+puppet_selinux \- Security Enhanced Linux Policy for the puppet processes
+.SH "DESCRIPTION"
@@ -69359,6 +69834,13 @@ index 0000000..9e0d61d
+
+
+.PP
++If you want to allow Puppet master to use connect to MySQL and PostgreSQL database, you must turn on the puppetmaster_use_db boolean.
++
++.EX
++.B setsebool -P puppetmaster_use_db 1
++.EE
++
++.PP
+If you want to allow Puppet client to manage all file types, you must turn on the puppet_manage_all_files boolean.
+
+.EX
@@ -69372,6 +69854,13 @@ index 0000000..9e0d61d
+.B setsebool -P puppetmaster_use_db 1
+.EE
+
++.PP
++If you want to allow Puppet client to manage all file types, you must turn on the puppet_manage_all_files boolean.
++
++.EX
++.B setsebool -P puppet_manage_all_files 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -69524,6 +70013,12 @@ index 0000000..9e0d61d
+.br
+ /var/ftp/etc(/.*)?
+.br
++ /var/lib/openshift/.limits.d(/.*)?
++.br
++ /var/lib/openshift/.openshift-proxy.d(/.*)?
++.br
++ /var/lib/openshift/.stickshift-proxy.d(/.*)?
++.br
+ /var/lib/stickshift/.limits.d(/.*)?
+.br
+ /var/lib/stickshift/.stickshift-proxy.d(/.*)?
@@ -69548,6 +70043,8 @@ index 0000000..9e0d61d
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -69658,19 +70155,21 @@ index 0000000..9e0d61d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), puppet(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), puppet(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), puppetca_selinux(8), puppetmaster_selinux(8)
\ No newline at end of file
diff --git a/man/man8/puppetca_selinux.8 b/man/man8/puppetca_selinux.8
new file mode 100644
-index 0000000..3afc1cb
+index 0000000..0638b80
--- /dev/null
+++ b/man/man8/puppetca_selinux.8
-@@ -0,0 +1,101 @@
-+.TH "puppetca_selinux" "8" "puppetca" "dwalsh at redhat.com" "puppetca SELinux Policy documentation"
+@@ -0,0 +1,103 @@
++.TH "puppetca_selinux" "8" "12-10-19" "puppetca" "SELinux Policy documentation for puppetca"
+.SH "NAME"
+puppetca_selinux \- Security Enhanced Linux Policy for the puppetca processes
+.SH "DESCRIPTION"
@@ -69766,19 +70265,21 @@ index 0000000..3afc1cb
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), puppetca(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), puppetca(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, puppet_selinux(8)
\ No newline at end of file
diff --git a/man/man8/puppetmaster_selinux.8 b/man/man8/puppetmaster_selinux.8
new file mode 100644
-index 0000000..c737eb9
+index 0000000..849d6c4
--- /dev/null
+++ b/man/man8/puppetmaster_selinux.8
-@@ -0,0 +1,161 @@
-+.TH "puppetmaster_selinux" "8" "puppetmaster" "dwalsh at redhat.com" "puppetmaster SELinux Policy documentation"
+@@ -0,0 +1,170 @@
++.TH "puppetmaster_selinux" "8" "12-10-19" "puppetmaster" "SELinux Policy documentation for puppetmaster"
+.SH "NAME"
+puppetmaster_selinux \- Security Enhanced Linux Policy for the puppetmaster processes
+.SH "DESCRIPTION"
@@ -69826,6 +70327,13 @@ index 0000000..c737eb9
+.B setsebool -P puppetmaster_use_db 1
+.EE
+
++.PP
++If you want to allow Puppet master to use connect to MySQL and PostgreSQL database, you must turn on the puppetmaster_use_db boolean.
++
++.EX
++.B setsebool -P puppetmaster_use_db 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -69934,19 +70442,21 @@ index 0000000..c737eb9
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), puppetmaster(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), puppetmaster(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), puppet_selinux(8)
\ No newline at end of file
diff --git a/man/man8/pwauth_selinux.8 b/man/man8/pwauth_selinux.8
new file mode 100644
-index 0000000..effdfc9
+index 0000000..4c0ec9b
--- /dev/null
+++ b/man/man8/pwauth_selinux.8
-@@ -0,0 +1,116 @@
-+.TH "pwauth_selinux" "8" "pwauth" "dwalsh at redhat.com" "pwauth SELinux Policy documentation"
+@@ -0,0 +1,118 @@
++.TH "pwauth_selinux" "8" "12-10-19" "pwauth" "SELinux Policy documentation for pwauth"
+.SH "NAME"
+pwauth_selinux \- Security Enhanced Linux Policy for the pwauth processes
+.SH "DESCRIPTION"
@@ -70058,17 +70568,19 @@ index 0000000..effdfc9
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), pwauth(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), pwauth(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/pyicqt_selinux.8 b/man/man8/pyicqt_selinux.8
new file mode 100644
-index 0000000..75eab47
+index 0000000..cd5fc6d
--- /dev/null
+++ b/man/man8/pyicqt_selinux.8
-@@ -0,0 +1,144 @@
-+.TH "pyicqt_selinux" "8" "pyicqt" "dwalsh at redhat.com" "pyicqt SELinux Policy documentation"
+@@ -0,0 +1,146 @@
++.TH "pyicqt_selinux" "8" "12-10-19" "pyicqt" "SELinux Policy documentation for pyicqt"
+.SH "NAME"
+pyicqt_selinux \- Security Enhanced Linux Policy for the pyicqt processes
+.SH "DESCRIPTION"
@@ -70208,17 +70720,19 @@ index 0000000..75eab47
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), pyicqt(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), pyicqt(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/qdiskd_selinux.8 b/man/man8/qdiskd_selinux.8
new file mode 100644
-index 0000000..5c2395e
+index 0000000..b16888c
--- /dev/null
+++ b/man/man8/qdiskd_selinux.8
-@@ -0,0 +1,162 @@
-+.TH "qdiskd_selinux" "8" "qdiskd" "dwalsh at redhat.com" "qdiskd SELinux Policy documentation"
+@@ -0,0 +1,164 @@
++.TH "qdiskd_selinux" "8" "12-10-19" "qdiskd" "SELinux Policy documentation for qdiskd"
+.SH "NAME"
+qdiskd_selinux \- Security Enhanced Linux Policy for the qdiskd processes
+.SH "DESCRIPTION"
@@ -70376,17 +70890,19 @@ index 0000000..5c2395e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), qdiskd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), qdiskd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/qemu_dm_selinux.8 b/man/man8/qemu_dm_selinux.8
new file mode 100644
-index 0000000..eeaeffe
+index 0000000..8336aef
--- /dev/null
+++ b/man/man8/qemu_dm_selinux.8
-@@ -0,0 +1,92 @@
-+.TH "qemu_dm_selinux" "8" "qemu_dm" "dwalsh at redhat.com" "qemu_dm SELinux Policy documentation"
+@@ -0,0 +1,94 @@
++.TH "qemu_dm_selinux" "8" "12-10-19" "qemu_dm" "SELinux Policy documentation for qemu_dm"
+.SH "NAME"
+qemu_dm_selinux \- Security Enhanced Linux Policy for the qemu_dm processes
+.SH "DESCRIPTION"
@@ -70474,17 +70990,19 @@ index 0000000..eeaeffe
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), qemu_dm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), qemu_dm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/qmail_clean_selinux.8 b/man/man8/qmail_clean_selinux.8
new file mode 100644
-index 0000000..1d9534f
+index 0000000..800d8ac
--- /dev/null
+++ b/man/man8/qmail_clean_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "qmail_clean_selinux" "8" "qmail_clean" "dwalsh at redhat.com" "qmail_clean SELinux Policy documentation"
+@@ -0,0 +1,87 @@
++.TH "qmail_clean_selinux" "8" "12-10-19" "qmail_clean" "SELinux Policy documentation for qmail_clean"
+.SH "NAME"
+qmail_clean_selinux \- Security Enhanced Linux Policy for the qmail_clean processes
+.SH "DESCRIPTION"
@@ -70547,10 +71065,6 @@ index 0000000..1d9534f
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type qmail_clean_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -70568,19 +71082,21 @@ index 0000000..1d9534f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), qmail_clean(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), qmail_clean(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, qmail_inject_selinux(8), qmail_local_selinux(8), qmail_lspawn_selinux(8), qmail_queue_selinux(8), qmail_remote_selinux(8), qmail_rspawn_selinux(8), qmail_send_selinux(8), qmail_smtpd_selinux(8), qmail_splogger_selinux(8), qmail_start_selinux(8), qmail_tcp_env_selinux(8)
\ No newline at end of file
diff --git a/man/man8/qmail_inject_selinux.8 b/man/man8/qmail_inject_selinux.8
new file mode 100644
-index 0000000..451667c
+index 0000000..c6b8f11
--- /dev/null
+++ b/man/man8/qmail_inject_selinux.8
-@@ -0,0 +1,93 @@
-+.TH "qmail_inject_selinux" "8" "qmail_inject" "dwalsh at redhat.com" "qmail_inject SELinux Policy documentation"
+@@ -0,0 +1,95 @@
++.TH "qmail_inject_selinux" "8" "12-10-19" "qmail_inject" "SELinux Policy documentation for qmail_inject"
+.SH "NAME"
+qmail_inject_selinux \- Security Enhanced Linux Policy for the qmail_inject processes
+.SH "DESCRIPTION"
@@ -70668,19 +71184,21 @@ index 0000000..451667c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), qmail_inject(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), qmail_inject(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, qmail_clean_selinux(8), qmail_local_selinux(8), qmail_lspawn_selinux(8), qmail_queue_selinux(8), qmail_remote_selinux(8), qmail_rspawn_selinux(8), qmail_send_selinux(8), qmail_smtpd_selinux(8), qmail_splogger_selinux(8), qmail_start_selinux(8), qmail_tcp_env_selinux(8)
\ No newline at end of file
diff --git a/man/man8/qmail_local_selinux.8 b/man/man8/qmail_local_selinux.8
new file mode 100644
-index 0000000..40b484e
+index 0000000..5780bee
--- /dev/null
+++ b/man/man8/qmail_local_selinux.8
-@@ -0,0 +1,149 @@
-+.TH "qmail_local_selinux" "8" "qmail_local" "dwalsh at redhat.com" "qmail_local SELinux Policy documentation"
+@@ -0,0 +1,151 @@
++.TH "qmail_local_selinux" "8" "12-10-19" "qmail_local" "SELinux Policy documentation for qmail_local"
+.SH "NAME"
+qmail_local_selinux \- Security Enhanced Linux Policy for the qmail_local processes
+.SH "DESCRIPTION"
@@ -70824,19 +71342,21 @@ index 0000000..40b484e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), qmail_local(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), qmail_local(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, qmail_clean_selinux(8), qmail_inject_selinux(8), qmail_lspawn_selinux(8), qmail_queue_selinux(8), qmail_remote_selinux(8), qmail_rspawn_selinux(8), qmail_send_selinux(8), qmail_smtpd_selinux(8), qmail_splogger_selinux(8), qmail_start_selinux(8), qmail_tcp_env_selinux(8)
\ No newline at end of file
diff --git a/man/man8/qmail_lspawn_selinux.8 b/man/man8/qmail_lspawn_selinux.8
new file mode 100644
-index 0000000..1a0b72f
+index 0000000..3738529
--- /dev/null
+++ b/man/man8/qmail_lspawn_selinux.8
-@@ -0,0 +1,117 @@
-+.TH "qmail_lspawn_selinux" "8" "qmail_lspawn" "dwalsh at redhat.com" "qmail_lspawn SELinux Policy documentation"
+@@ -0,0 +1,119 @@
++.TH "qmail_lspawn_selinux" "8" "12-10-19" "qmail_lspawn" "SELinux Policy documentation for qmail_lspawn"
+.SH "NAME"
+qmail_lspawn_selinux \- Security Enhanced Linux Policy for the qmail_lspawn processes
+.SH "DESCRIPTION"
@@ -70948,19 +71468,21 @@ index 0000000..1a0b72f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), qmail_lspawn(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), qmail_lspawn(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, qmail_clean_selinux(8), qmail_inject_selinux(8), qmail_local_selinux(8), qmail_queue_selinux(8), qmail_remote_selinux(8), qmail_rspawn_selinux(8), qmail_send_selinux(8), qmail_smtpd_selinux(8), qmail_splogger_selinux(8), qmail_start_selinux(8), qmail_tcp_env_selinux(8)
\ No newline at end of file
diff --git a/man/man8/qmail_queue_selinux.8 b/man/man8/qmail_queue_selinux.8
new file mode 100644
-index 0000000..fd09b1f
+index 0000000..570a4a3
--- /dev/null
+++ b/man/man8/qmail_queue_selinux.8
-@@ -0,0 +1,99 @@
-+.TH "qmail_queue_selinux" "8" "qmail_queue" "dwalsh at redhat.com" "qmail_queue SELinux Policy documentation"
+@@ -0,0 +1,101 @@
++.TH "qmail_queue_selinux" "8" "12-10-19" "qmail_queue" "SELinux Policy documentation for qmail_queue"
+.SH "NAME"
+qmail_queue_selinux \- Security Enhanced Linux Policy for the qmail_queue processes
+.SH "DESCRIPTION"
@@ -71054,19 +71576,21 @@ index 0000000..fd09b1f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), qmail_queue(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), qmail_queue(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, qmail_clean_selinux(8), qmail_inject_selinux(8), qmail_local_selinux(8), qmail_lspawn_selinux(8), qmail_remote_selinux(8), qmail_rspawn_selinux(8), qmail_send_selinux(8), qmail_smtpd_selinux(8), qmail_splogger_selinux(8), qmail_start_selinux(8), qmail_tcp_env_selinux(8)
\ No newline at end of file
diff --git a/man/man8/qmail_remote_selinux.8 b/man/man8/qmail_remote_selinux.8
new file mode 100644
-index 0000000..29a10d9
+index 0000000..ec70619
--- /dev/null
+++ b/man/man8/qmail_remote_selinux.8
-@@ -0,0 +1,95 @@
-+.TH "qmail_remote_selinux" "8" "qmail_remote" "dwalsh at redhat.com" "qmail_remote SELinux Policy documentation"
+@@ -0,0 +1,97 @@
++.TH "qmail_remote_selinux" "8" "12-10-19" "qmail_remote" "SELinux Policy documentation for qmail_remote"
+.SH "NAME"
+qmail_remote_selinux \- Security Enhanced Linux Policy for the qmail_remote processes
+.SH "DESCRIPTION"
@@ -71156,19 +71680,21 @@ index 0000000..29a10d9
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), qmail_remote(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), qmail_remote(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, qmail_clean_selinux(8), qmail_inject_selinux(8), qmail_local_selinux(8), qmail_lspawn_selinux(8), qmail_queue_selinux(8), qmail_rspawn_selinux(8), qmail_send_selinux(8), qmail_smtpd_selinux(8), qmail_splogger_selinux(8), qmail_start_selinux(8), qmail_tcp_env_selinux(8)
\ No newline at end of file
diff --git a/man/man8/qmail_rspawn_selinux.8 b/man/man8/qmail_rspawn_selinux.8
new file mode 100644
-index 0000000..3b683c6
+index 0000000..35abe4b
--- /dev/null
+++ b/man/man8/qmail_rspawn_selinux.8
-@@ -0,0 +1,95 @@
-+.TH "qmail_rspawn_selinux" "8" "qmail_rspawn" "dwalsh at redhat.com" "qmail_rspawn SELinux Policy documentation"
+@@ -0,0 +1,97 @@
++.TH "qmail_rspawn_selinux" "8" "12-10-19" "qmail_rspawn" "SELinux Policy documentation for qmail_rspawn"
+.SH "NAME"
+qmail_rspawn_selinux \- Security Enhanced Linux Policy for the qmail_rspawn processes
+.SH "DESCRIPTION"
@@ -71258,19 +71784,21 @@ index 0000000..3b683c6
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), qmail_rspawn(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), qmail_rspawn(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, qmail_clean_selinux(8), qmail_inject_selinux(8), qmail_local_selinux(8), qmail_lspawn_selinux(8), qmail_queue_selinux(8), qmail_remote_selinux(8), qmail_send_selinux(8), qmail_smtpd_selinux(8), qmail_splogger_selinux(8), qmail_start_selinux(8), qmail_tcp_env_selinux(8)
\ No newline at end of file
diff --git a/man/man8/qmail_send_selinux.8 b/man/man8/qmail_send_selinux.8
new file mode 100644
-index 0000000..551a490
+index 0000000..6661328
--- /dev/null
+++ b/man/man8/qmail_send_selinux.8
-@@ -0,0 +1,95 @@
-+.TH "qmail_send_selinux" "8" "qmail_send" "dwalsh at redhat.com" "qmail_send SELinux Policy documentation"
+@@ -0,0 +1,97 @@
++.TH "qmail_send_selinux" "8" "12-10-19" "qmail_send" "SELinux Policy documentation for qmail_send"
+.SH "NAME"
+qmail_send_selinux \- Security Enhanced Linux Policy for the qmail_send processes
+.SH "DESCRIPTION"
@@ -71360,19 +71888,21 @@ index 0000000..551a490
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), qmail_send(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), qmail_send(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, qmail_clean_selinux(8), qmail_inject_selinux(8), qmail_local_selinux(8), qmail_lspawn_selinux(8), qmail_queue_selinux(8), qmail_remote_selinux(8), qmail_rspawn_selinux(8), qmail_smtpd_selinux(8), qmail_splogger_selinux(8), qmail_start_selinux(8), qmail_tcp_env_selinux(8)
\ No newline at end of file
diff --git a/man/man8/qmail_smtpd_selinux.8 b/man/man8/qmail_smtpd_selinux.8
new file mode 100644
-index 0000000..db8a1a5
+index 0000000..9f0471a
--- /dev/null
+++ b/man/man8/qmail_smtpd_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "qmail_smtpd_selinux" "8" "qmail_smtpd" "dwalsh at redhat.com" "qmail_smtpd SELinux Policy documentation"
+@@ -0,0 +1,87 @@
++.TH "qmail_smtpd_selinux" "8" "12-10-19" "qmail_smtpd" "SELinux Policy documentation for qmail_smtpd"
+.SH "NAME"
+qmail_smtpd_selinux \- Security Enhanced Linux Policy for the qmail_smtpd processes
+.SH "DESCRIPTION"
@@ -71435,10 +71965,6 @@ index 0000000..db8a1a5
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type qmail_smtpd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -71456,19 +71982,21 @@ index 0000000..db8a1a5
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), qmail_smtpd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), qmail_smtpd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, qmail_clean_selinux(8), qmail_inject_selinux(8), qmail_local_selinux(8), qmail_lspawn_selinux(8), qmail_queue_selinux(8), qmail_remote_selinux(8), qmail_rspawn_selinux(8), qmail_send_selinux(8), qmail_splogger_selinux(8), qmail_start_selinux(8), qmail_tcp_env_selinux(8)
\ No newline at end of file
diff --git a/man/man8/qmail_splogger_selinux.8 b/man/man8/qmail_splogger_selinux.8
new file mode 100644
-index 0000000..ab8aa05
+index 0000000..c65ec55
--- /dev/null
+++ b/man/man8/qmail_splogger_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "qmail_splogger_selinux" "8" "qmail_splogger" "dwalsh at redhat.com" "qmail_splogger SELinux Policy documentation"
+@@ -0,0 +1,87 @@
++.TH "qmail_splogger_selinux" "8" "12-10-19" "qmail_splogger" "SELinux Policy documentation for qmail_splogger"
+.SH "NAME"
+qmail_splogger_selinux \- Security Enhanced Linux Policy for the qmail_splogger processes
+.SH "DESCRIPTION"
@@ -71531,10 +72059,6 @@ index 0000000..ab8aa05
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type qmail_splogger_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -71552,19 +72076,21 @@ index 0000000..ab8aa05
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), qmail_splogger(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), qmail_splogger(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, qmail_clean_selinux(8), qmail_inject_selinux(8), qmail_local_selinux(8), qmail_lspawn_selinux(8), qmail_queue_selinux(8), qmail_remote_selinux(8), qmail_rspawn_selinux(8), qmail_send_selinux(8), qmail_smtpd_selinux(8), qmail_start_selinux(8), qmail_tcp_env_selinux(8)
\ No newline at end of file
diff --git a/man/man8/qmail_start_selinux.8 b/man/man8/qmail_start_selinux.8
new file mode 100644
-index 0000000..7bf27c9
+index 0000000..531fc98
--- /dev/null
+++ b/man/man8/qmail_start_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "qmail_start_selinux" "8" "qmail_start" "dwalsh at redhat.com" "qmail_start SELinux Policy documentation"
+@@ -0,0 +1,87 @@
++.TH "qmail_start_selinux" "8" "12-10-19" "qmail_start" "SELinux Policy documentation for qmail_start"
+.SH "NAME"
+qmail_start_selinux \- Security Enhanced Linux Policy for the qmail_start processes
+.SH "DESCRIPTION"
@@ -71627,10 +72153,6 @@ index 0000000..7bf27c9
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type qmail_start_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -71648,19 +72170,21 @@ index 0000000..7bf27c9
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), qmail_start(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), qmail_start(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, qmail_clean_selinux(8), qmail_inject_selinux(8), qmail_local_selinux(8), qmail_lspawn_selinux(8), qmail_queue_selinux(8), qmail_remote_selinux(8), qmail_rspawn_selinux(8), qmail_send_selinux(8), qmail_smtpd_selinux(8), qmail_splogger_selinux(8), qmail_tcp_env_selinux(8)
\ No newline at end of file
diff --git a/man/man8/qmail_tcp_env_selinux.8 b/man/man8/qmail_tcp_env_selinux.8
new file mode 100644
-index 0000000..5ec1b48
+index 0000000..920bb62
--- /dev/null
+++ b/man/man8/qmail_tcp_env_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "qmail_tcp_env_selinux" "8" "qmail_tcp_env" "dwalsh at redhat.com" "qmail_tcp_env SELinux Policy documentation"
+@@ -0,0 +1,87 @@
++.TH "qmail_tcp_env_selinux" "8" "12-10-19" "qmail_tcp_env" "SELinux Policy documentation for qmail_tcp_env"
+.SH "NAME"
+qmail_tcp_env_selinux \- Security Enhanced Linux Policy for the qmail_tcp_env processes
+.SH "DESCRIPTION"
@@ -71723,10 +72247,6 @@ index 0000000..5ec1b48
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type qmail_tcp_env_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -71744,19 +72264,21 @@ index 0000000..5ec1b48
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), qmail_tcp_env(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), qmail_tcp_env(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, qmail_clean_selinux(8), qmail_inject_selinux(8), qmail_local_selinux(8), qmail_lspawn_selinux(8), qmail_queue_selinux(8), qmail_remote_selinux(8), qmail_rspawn_selinux(8), qmail_send_selinux(8), qmail_smtpd_selinux(8), qmail_splogger_selinux(8), qmail_start_selinux(8)
\ No newline at end of file
diff --git a/man/man8/qpidd_selinux.8 b/man/man8/qpidd_selinux.8
new file mode 100644
-index 0000000..2ca4ff0
+index 0000000..818eab7
--- /dev/null
+++ b/man/man8/qpidd_selinux.8
-@@ -0,0 +1,142 @@
-+.TH "qpidd_selinux" "8" "qpidd" "dwalsh at redhat.com" "qpidd SELinux Policy documentation"
+@@ -0,0 +1,140 @@
++.TH "qpidd_selinux" "8" "12-10-19" "qpidd" "SELinux Policy documentation for qpidd"
+.SH "NAME"
+qpidd_selinux \- Security Enhanced Linux Policy for the qpidd processes
+.SH "DESCRIPTION"
@@ -71843,10 +72365,6 @@ index 0000000..2ca4ff0
+
+- Set files with the qpidd_var_run_t type, if you want to store the qpidd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/qpidd(/.*)?, /var/run/qpidd\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -71894,17 +72412,19 @@ index 0000000..2ca4ff0
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), qpidd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), qpidd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/quantum_selinux.8 b/man/man8/quantum_selinux.8
new file mode 100644
-index 0000000..adcd8df
+index 0000000..c8ccc57
--- /dev/null
+++ b/man/man8/quantum_selinux.8
-@@ -0,0 +1,180 @@
-+.TH "quantum_selinux" "8" "quantum" "dwalsh at redhat.com" "quantum SELinux Policy documentation"
+@@ -0,0 +1,178 @@
++.TH "quantum_selinux" "8" "12-10-19" "quantum" "SELinux Policy documentation for quantum"
+.SH "NAME"
+quantum_selinux \- Security Enhanced Linux Policy for the quantum processes
+.SH "DESCRIPTION"
@@ -71922,7 +72442,7 @@ index 0000000..adcd8df
+
+The quantum_t SELinux type can be entered via the "quantum_exec_t" file type. The default entrypoint paths for the quantum_t domain are the following:"
+
-+/usr/bin/quantum-openvswitch-agent, /usr/bin/quantum-server, /usr/bin/quantum-ryu-agent, /usr/bin/quantum-linuxbridge-agent
++/usr/bin/quantum-server, /usr/bin/quantum-ryu-agent, /usr/bin/quantum-openvswitch-agent, /usr/bin/quantum-linuxbridge-agent
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -71959,10 +72479,6 @@ index 0000000..adcd8df
+
+- Set files with the quantum_exec_t type, if you want to transition an executable to the quantum_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/quantum-openvswitch-agent, /usr/bin/quantum-server, /usr/bin/quantum-ryu-agent, /usr/bin/quantum-linuxbridge-agent
+
+.EX
+.PP
@@ -72080,17 +72596,19 @@ index 0000000..adcd8df
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), quantum(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), quantum(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/quota_nld_selinux.8 b/man/man8/quota_nld_selinux.8
new file mode 100644
-index 0000000..b18dad2
+index 0000000..84c851f
--- /dev/null
+++ b/man/man8/quota_nld_selinux.8
-@@ -0,0 +1,117 @@
-+.TH "quota_nld_selinux" "8" "quota_nld" "dwalsh at redhat.com" "quota_nld SELinux Policy documentation"
+@@ -0,0 +1,119 @@
++.TH "quota_nld_selinux" "8" "12-10-19" "quota_nld" "SELinux Policy documentation for quota_nld"
+.SH "NAME"
+quota_nld_selinux \- Security Enhanced Linux Policy for the quota_nld processes
+.SH "DESCRIPTION"
@@ -72202,19 +72720,21 @@ index 0000000..b18dad2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), quota_nld(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), quota_nld(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, quota_selinux(8), quota_selinux(8)
\ No newline at end of file
diff --git a/man/man8/quota_selinux.8 b/man/man8/quota_selinux.8
new file mode 100644
-index 0000000..5344f22
+index 0000000..40fefa1
--- /dev/null
+++ b/man/man8/quota_selinux.8
-@@ -0,0 +1,167 @@
-+.TH "quota_selinux" "8" "quota" "dwalsh at redhat.com" "quota SELinux Policy documentation"
+@@ -0,0 +1,163 @@
++.TH "quota_selinux" "8" "12-10-19" "quota" "SELinux Policy documentation for quota"
+.SH "NAME"
+quota_selinux \- Security Enhanced Linux Policy for the quota processes
+.SH "DESCRIPTION"
@@ -72232,7 +72752,7 @@ index 0000000..5344f22
+
+The quota_t SELinux type can be entered via the "quota_exec_t" file type. The default entrypoint paths for the quota_t domain are the following:"
+
-+/usr/sbin/convertquota, /usr/sbin/quota(check|on), /sbin/quota(check|on)
++/sbin/quota(check|on), /usr/sbin/quota(check|on), /usr/sbin/convertquota
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -72269,10 +72789,6 @@ index 0000000..5344f22
+
+- Set files with the quota_db_t type, if you want to treat the files as quota database content.
+
-+.br
-+.TP 5
-+Paths:
-+/boot/a?quota\.(user|group), /etc/a?quota\.(user|group), /var/lib/stickshift/a?quota\.(user|group), /a?quota\.(user|group), /var/a?quota\.(user|group), /var/spool/(.*/)?a?quota\.(user|group)
+
+.EX
+.PP
@@ -72281,10 +72797,6 @@ index 0000000..5344f22
+
+- Set files with the quota_exec_t type, if you want to transition an executable to the quota_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/convertquota, /usr/sbin/quota(check|on), /sbin/quota(check|on)
+
+.EX
+.PP
@@ -72334,6 +72846,8 @@ index 0000000..5344f22
+.br
+ /var/spool/(.*/)?a?quota\.(user|group)
+.br
++ /var/lib/openshift/a?quota\.(user|group)
++.br
+ /var/lib/stickshift/a?quota\.(user|group)
+.br
+ /home/[^/]*/a?quota\.(user|group)
@@ -72376,19 +72890,21 @@ index 0000000..5344f22
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), quota(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), quota(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, quota_nld_selinux(8)
\ No newline at end of file
diff --git a/man/man8/rabbitmq_beam_selinux.8 b/man/man8/rabbitmq_beam_selinux.8
new file mode 100644
-index 0000000..5d34dc3
+index 0000000..850e8d0
--- /dev/null
+++ b/man/man8/rabbitmq_beam_selinux.8
-@@ -0,0 +1,101 @@
-+.TH "rabbitmq_beam_selinux" "8" "rabbitmq_beam" "dwalsh at redhat.com" "rabbitmq_beam SELinux Policy documentation"
+@@ -0,0 +1,103 @@
++.TH "rabbitmq_beam_selinux" "8" "12-10-19" "rabbitmq_beam" "SELinux Policy documentation for rabbitmq_beam"
+.SH "NAME"
+rabbitmq_beam_selinux \- Security Enhanced Linux Policy for the rabbitmq_beam processes
+.SH "DESCRIPTION"
@@ -72484,19 +73000,21 @@ index 0000000..5d34dc3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), rabbitmq_beam(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), rabbitmq_beam(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, rabbitmq_epmd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/rabbitmq_epmd_selinux.8 b/man/man8/rabbitmq_epmd_selinux.8
new file mode 100644
-index 0000000..7a2c8c8
+index 0000000..86fc49c
--- /dev/null
+++ b/man/man8/rabbitmq_epmd_selinux.8
-@@ -0,0 +1,95 @@
-+.TH "rabbitmq_epmd_selinux" "8" "rabbitmq_epmd" "dwalsh at redhat.com" "rabbitmq_epmd SELinux Policy documentation"
+@@ -0,0 +1,97 @@
++.TH "rabbitmq_epmd_selinux" "8" "12-10-19" "rabbitmq_epmd" "SELinux Policy documentation for rabbitmq_epmd"
+.SH "NAME"
+rabbitmq_epmd_selinux \- Security Enhanced Linux Policy for the rabbitmq_epmd processes
+.SH "DESCRIPTION"
@@ -72586,19 +73104,21 @@ index 0000000..7a2c8c8
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), rabbitmq_epmd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), rabbitmq_epmd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, rabbitmq_beam_selinux(8)
\ No newline at end of file
diff --git a/man/man8/racoon_selinux.8 b/man/man8/racoon_selinux.8
new file mode 100644
-index 0000000..6ec2b3e
+index 0000000..cacacfd
--- /dev/null
+++ b/man/man8/racoon_selinux.8
-@@ -0,0 +1,199 @@
-+.TH "racoon_selinux" "8" "racoon" "dwalsh at redhat.com" "racoon SELinux Policy documentation"
+@@ -0,0 +1,210 @@
++.TH "racoon_selinux" "8" "12-10-19" "racoon" "SELinux Policy documentation for racoon"
+.SH "NAME"
+racoon_selinux \- Security Enhanced Linux Policy for the racoon processes
+.SH "DESCRIPTION"
@@ -72646,6 +73166,13 @@ index 0000000..6ec2b3e
+.B setsebool -P racoon_read_shadow 1
+.EE
+
++.PP
++If you want to allow racoon to read shadow, you must turn on the racoon_read_shadow boolean.
++
++.EX
++.B setsebool -P racoon_read_shadow 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -72713,6 +73240,8 @@ index 0000000..6ec2b3e
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -72792,19 +73321,21 @@ index 0000000..6ec2b3e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), racoon(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), racoon(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/radiusd_selinux.8 b/man/man8/radiusd_selinux.8
new file mode 100644
-index 0000000..546689e
+index 0000000..d4274ef
--- /dev/null
+++ b/man/man8/radiusd_selinux.8
-@@ -0,0 +1,267 @@
-+.TH "radiusd_selinux" "8" "radiusd" "dwalsh at redhat.com" "radiusd SELinux Policy documentation"
+@@ -0,0 +1,264 @@
++.TH "radiusd_selinux" "8" "12-10-19" "radiusd" "SELinux Policy documentation for radiusd"
+.SH "NAME"
+radiusd_selinux \- Security Enhanced Linux Policy for the radiusd processes
+.SH "DESCRIPTION"
@@ -72822,7 +73353,7 @@ index 0000000..546689e
+
+The radiusd_t SELinux type can be entered via the "radiusd_exec_t" file type. The default entrypoint paths for the radiusd_t domain are the following:"
+
-+/usr/sbin/freeradius, /etc/cron\.(daily|monthly)/radiusd, /usr/sbin/radiusd, /etc/cron\.(daily|weekly|monthly)/freeradius
++/etc/cron\.(daily|monthly)/radiusd, /etc/cron\.(daily|weekly|monthly)/freeradius, /usr/sbin/radiusd, /usr/sbin/freeradius
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -72852,6 +73383,13 @@ index 0000000..546689e
+.B setsebool -P authlogin_radius 1
+.EE
+
++.PP
++If you want to allow users to login using a radius server, you must turn on the authlogin_radius boolean.
++
++.EX
++.B setsebool -P authlogin_radius 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -72886,10 +73424,6 @@ index 0000000..546689e
+
+- Set files with the radiusd_exec_t type, if you want to transition an executable to the radiusd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/freeradius, /etc/cron\.(daily|monthly)/radiusd, /usr/sbin/radiusd, /etc/cron\.(daily|weekly|monthly)/freeradius
+
+.EX
+.PP
@@ -72906,10 +73440,6 @@ index 0000000..546689e
+
+- Set files with the radiusd_log_t type, if you want to treat the data as radiusd log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/radacct(/.*)?, /var/log/radiusd-freeradius(/.*)?, /var/log/radius\.log.*, /var/log/radutmp, /var/log/radwtmp.*, /var/log/radius(/.*)?, /var/log/freeradius(/.*)?
+
+.EX
+.PP
@@ -72926,10 +73456,6 @@ index 0000000..546689e
+
+- Set files with the radiusd_var_run_t type, if you want to store the radiusd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/radiusd\.pid, /var/run/radiusd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -73066,19 +73592,21 @@ index 0000000..546689e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), radiusd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), radiusd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/radvd_selinux.8 b/man/man8/radvd_selinux.8
new file mode 100644
-index 0000000..cd35181
+index 0000000..5801cd4
--- /dev/null
+++ b/man/man8/radvd_selinux.8
-@@ -0,0 +1,138 @@
-+.TH "radvd_selinux" "8" "radvd" "dwalsh at redhat.com" "radvd SELinux Policy documentation"
+@@ -0,0 +1,136 @@
++.TH "radvd_selinux" "8" "12-10-19" "radvd" "SELinux Policy documentation for radvd"
+.SH "NAME"
+radvd_selinux \- Security Enhanced Linux Policy for the radvd processes
+.SH "DESCRIPTION"
@@ -73157,10 +73685,6 @@ index 0000000..cd35181
+
+- Set files with the radvd_var_run_t type, if you want to store the radvd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/radvd(/.*)?, /var/run/radvd\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -73212,17 +73736,19 @@ index 0000000..cd35181
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), radvd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), radvd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/rdisc_selinux.8 b/man/man8/rdisc_selinux.8
new file mode 100644
-index 0000000..dd2bbc3
+index 0000000..50aafcf
--- /dev/null
+++ b/man/man8/rdisc_selinux.8
-@@ -0,0 +1,92 @@
-+.TH "rdisc_selinux" "8" "rdisc" "dwalsh at redhat.com" "rdisc SELinux Policy documentation"
+@@ -0,0 +1,86 @@
++.TH "rdisc_selinux" "8" "12-10-19" "rdisc" "SELinux Policy documentation for rdisc"
+.SH "NAME"
+rdisc_selinux \- Security Enhanced Linux Policy for the rdisc processes
+.SH "DESCRIPTION"
@@ -73277,10 +73803,6 @@ index 0000000..dd2bbc3
+
+- Set files with the rdisc_exec_t type, if you want to transition an executable to the rdisc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/rdisc, /usr/sbin/rdisc
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -73289,10 +73811,6 @@ index 0000000..dd2bbc3
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type rdisc_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -73310,17 +73828,19 @@ index 0000000..dd2bbc3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), rdisc(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), rdisc(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/readahead_selinux.8 b/man/man8/readahead_selinux.8
new file mode 100644
-index 0000000..da7fda3
+index 0000000..362aa98
--- /dev/null
+++ b/man/man8/readahead_selinux.8
-@@ -0,0 +1,186 @@
-+.TH "readahead_selinux" "8" "readahead" "dwalsh at redhat.com" "readahead SELinux Policy documentation"
+@@ -0,0 +1,180 @@
++.TH "readahead_selinux" "8" "12-10-19" "readahead" "SELinux Policy documentation for readahead"
+.SH "NAME"
+readahead_selinux \- Security Enhanced Linux Policy for the readahead processes
+.SH "DESCRIPTION"
@@ -73338,7 +73858,7 @@ index 0000000..da7fda3
+
+The readahead_t SELinux type can be entered via the "readahead_exec_t" file type. The default entrypoint paths for the readahead_t domain are the following:"
+
-+/sbin/readahead.*, /usr/lib/systemd/systemd-readahead.*, /usr/sbin/readahead.*
++/sbin/readahead.*, /usr/sbin/readahead.*, /usr/lib/systemd/systemd-readahead.*
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -73375,10 +73895,6 @@ index 0000000..da7fda3
+
+- Set files with the readahead_exec_t type, if you want to transition an executable to the readahead_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/readahead.*, /usr/lib/systemd/systemd-readahead.*, /usr/sbin/readahead.*
+
+.EX
+.PP
@@ -73395,10 +73911,6 @@ index 0000000..da7fda3
+
+- Set files with the readahead_var_run_t type, if you want to store the readahead files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/systemd/readahead(/.*)?, /dev/\.systemd/readahead(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -73444,10 +73956,10 @@ index 0000000..da7fda3
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -73502,17 +74014,19 @@ index 0000000..da7fda3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), readahead(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), readahead(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/realmd_selinux.8 b/man/man8/realmd_selinux.8
new file mode 100644
-index 0000000..2259066
+index 0000000..98f614f
--- /dev/null
+++ b/man/man8/realmd_selinux.8
-@@ -0,0 +1,126 @@
-+.TH "realmd_selinux" "8" "realmd" "dwalsh at redhat.com" "realmd SELinux Policy documentation"
+@@ -0,0 +1,136 @@
++.TH "realmd_selinux" "8" "12-10-19" "realmd" "SELinux Policy documentation for realmd"
+.SH "NAME"
+realmd_selinux \- Security Enhanced Linux Policy for the realmd processes
+.SH "DESCRIPTION"
@@ -73603,6 +74117,14 @@ index 0000000..2259066
+ /etc/sssd(/.*)?
+.br
+
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -73634,17 +74156,19 @@ index 0000000..2259066
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), realmd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), realmd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/regex_milter_selinux.8 b/man/man8/regex_milter_selinux.8
new file mode 100644
-index 0000000..fd1b43b
+index 0000000..9ff66c5
--- /dev/null
+++ b/man/man8/regex_milter_selinux.8
-@@ -0,0 +1,116 @@
-+.TH "regex_milter_selinux" "8" "regex_milter" "dwalsh at redhat.com" "regex_milter SELinux Policy documentation"
+@@ -0,0 +1,118 @@
++.TH "regex_milter_selinux" "8" "12-10-19" "regex_milter" "SELinux Policy documentation for regex_milter"
+.SH "NAME"
+regex_milter_selinux \- Security Enhanced Linux Policy for the regex_milter processes
+.SH "DESCRIPTION"
@@ -73756,17 +74280,19 @@ index 0000000..fd1b43b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), regex_milter(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), regex_milter(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/restorecond_selinux.8 b/man/man8/restorecond_selinux.8
new file mode 100644
-index 0000000..10a342d
+index 0000000..fc41080
--- /dev/null
+++ b/man/man8/restorecond_selinux.8
-@@ -0,0 +1,122 @@
-+.TH "restorecond_selinux" "8" "restorecond" "dwalsh at redhat.com" "restorecond SELinux Policy documentation"
+@@ -0,0 +1,124 @@
++.TH "restorecond_selinux" "8" "12-10-19" "restorecond" "SELinux Policy documentation for restorecond"
+.SH "NAME"
+restorecond_selinux \- Security Enhanced Linux Policy for the restorecond processes
+.SH "DESCRIPTION"
@@ -73884,17 +74410,19 @@ index 0000000..10a342d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), restorecond(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), restorecond(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/rgmanager_selinux.8 b/man/man8/rgmanager_selinux.8
new file mode 100644
-index 0000000..2d9a7b5
+index 0000000..81648a8
--- /dev/null
+++ b/man/man8/rgmanager_selinux.8
-@@ -0,0 +1,287 @@
-+.TH "rgmanager_selinux" "8" "rgmanager" "dwalsh at redhat.com" "rgmanager SELinux Policy documentation"
+@@ -0,0 +1,276 @@
++.TH "rgmanager_selinux" "8" "12-10-19" "rgmanager" "SELinux Policy documentation for rgmanager"
+.SH "NAME"
+rgmanager_selinux \- Security Enhanced Linux Policy for the rgmanager processes
+.SH "DESCRIPTION"
@@ -73912,7 +74440,7 @@ index 0000000..2d9a7b5
+
+The rgmanager_t SELinux type can be entered via the "rgmanager_exec_t" file type. The default entrypoint paths for the rgmanager_t domain are the following:"
+
-+/usr/sbin/cpglockd, /usr/sbin/rgmanager, /usr/lib(64)?/heartbeat/heartbeat
++/usr/lib(64)?/heartbeat/heartbeat, /usr/sbin/cpglockd, /usr/sbin/rgmanager
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -73942,6 +74470,13 @@ index 0000000..2d9a7b5
+.B setsebool -P rgmanager_can_network_connect 1
+.EE
+
++.PP
++If you want to allow rgmanager domain to connect to the network using TCP, you must turn on the rgmanager_can_network_connect boolean.
++
++.EX
++.B setsebool -P rgmanager_can_network_connect 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -73960,10 +74495,6 @@ index 0000000..2d9a7b5
+
+- Set files with the rgmanager_exec_t type, if you want to transition an executable to the rgmanager_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/cpglockd, /usr/sbin/rgmanager, /usr/lib(64)?/heartbeat/heartbeat
+
+.EX
+.PP
@@ -73972,10 +74503,6 @@ index 0000000..2d9a7b5
+
+- Set files with the rgmanager_initrc_exec_t type, if you want to transition an executable to the rgmanager_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/rgmanager, /etc/rc\.d/init\.d/cpglockd, /etc/rc\.d/init\.d/heartbeat
+
+.EX
+.PP
@@ -74000,10 +74527,6 @@ index 0000000..2d9a7b5
+
+- Set files with the rgmanager_var_lib_t type, if you want to store the rgmanager files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/heartbeat(/.*)?, /usr/lib(64)?/heartbeat(/.*)?
+
+.EX
+.PP
@@ -74012,10 +74535,6 @@ index 0000000..2d9a7b5
+
+- Set files with the rgmanager_var_log_t type, if you want to treat the data as rgmanager var log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/cluster/cpglockd\.log.*, /var/log/cluster/rgmanager\.log.*
+
+.EX
+.PP
@@ -74024,10 +74543,6 @@ index 0000000..2d9a7b5
+
+- Set files with the rgmanager_var_run_t type, if you want to store the rgmanager files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/rgmanager\.pid, /var/run/cpglockd\.pid, /var/run/heartbeat(/.*)?, /var/run/cluster/rgmanager\.sk
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -74176,19 +74691,21 @@ index 0000000..2d9a7b5
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), rgmanager(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), rgmanager(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/rhev_agentd_selinux.8 b/man/man8/rhev_agentd_selinux.8
new file mode 100644
-index 0000000..380ea02
+index 0000000..9cc4b81
--- /dev/null
+++ b/man/man8/rhev_agentd_selinux.8
-@@ -0,0 +1,154 @@
-+.TH "rhev_agentd_selinux" "8" "rhev_agentd" "dwalsh at redhat.com" "rhev_agentd SELinux Policy documentation"
+@@ -0,0 +1,152 @@
++.TH "rhev_agentd_selinux" "8" "12-10-19" "rhev_agentd" "SELinux Policy documentation for rhev_agentd"
+.SH "NAME"
+rhev_agentd_selinux \- Security Enhanced Linux Policy for the rhev_agentd processes
+.SH "DESCRIPTION"
@@ -74206,7 +74723,7 @@ index 0000000..380ea02
+
+The rhev_agentd_t SELinux type can be entered via the "rhev_agentd_exec_t" file type. The default entrypoint paths for the rhev_agentd_t domain are the following:"
+
-+/usr/share/rhev-agent/rhev-agentd\.py, /usr/share/ovirt-guest-agent
++/usr/share/ovirt-guest-agent, /usr/share/rhev-agent/rhev-agentd\.py
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -74243,10 +74760,6 @@ index 0000000..380ea02
+
+- Set files with the rhev_agentd_exec_t type, if you want to transition an executable to the rhev_agentd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/rhev-agent/rhev-agentd\.py, /usr/share/ovirt-guest-agent
+
+.EX
+.PP
@@ -74338,17 +74851,19 @@ index 0000000..380ea02
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), rhev_agentd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), rhev_agentd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/rhgb_selinux.8 b/man/man8/rhgb_selinux.8
new file mode 100644
-index 0000000..0e6d920
+index 0000000..f8a7b4a
--- /dev/null
+++ b/man/man8/rhgb_selinux.8
-@@ -0,0 +1,104 @@
-+.TH "rhgb_selinux" "8" "rhgb" "dwalsh at redhat.com" "rhgb SELinux Policy documentation"
+@@ -0,0 +1,106 @@
++.TH "rhgb_selinux" "8" "12-10-19" "rhgb" "SELinux Policy documentation for rhgb"
+.SH "NAME"
+rhgb_selinux \- Security Enhanced Linux Policy for the rhgb processes
+.SH "DESCRIPTION"
@@ -74448,17 +74963,19 @@ index 0000000..0e6d920
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), rhgb(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), rhgb(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/rhsmcertd_selinux.8 b/man/man8/rhsmcertd_selinux.8
new file mode 100644
-index 0000000..5ec3550
+index 0000000..8914bb5
--- /dev/null
+++ b/man/man8/rhsmcertd_selinux.8
-@@ -0,0 +1,162 @@
-+.TH "rhsmcertd_selinux" "8" "rhsmcertd" "dwalsh at redhat.com" "rhsmcertd SELinux Policy documentation"
+@@ -0,0 +1,164 @@
++.TH "rhsmcertd_selinux" "8" "12-10-19" "rhsmcertd" "SELinux Policy documentation for rhsmcertd"
+.SH "NAME"
+rhsmcertd_selinux \- Security Enhanced Linux Policy for the rhsmcertd processes
+.SH "DESCRIPTION"
@@ -74616,17 +75133,19 @@ index 0000000..5ec3550
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), rhsmcertd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), rhsmcertd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ricci_modcluster_selinux.8 b/man/man8/ricci_modcluster_selinux.8
new file mode 100644
-index 0000000..c04c850
+index 0000000..635b98e
--- /dev/null
+++ b/man/man8/ricci_modcluster_selinux.8
-@@ -0,0 +1,189 @@
-+.TH "ricci_modcluster_selinux" "8" "ricci_modcluster" "dwalsh at redhat.com" "ricci_modcluster SELinux Policy documentation"
+@@ -0,0 +1,187 @@
++.TH "ricci_modcluster_selinux" "8" "12-10-19" "ricci_modcluster" "SELinux Policy documentation for ricci_modcluster"
+.SH "NAME"
+ricci_modcluster_selinux \- Security Enhanced Linux Policy for the ricci_modcluster processes
+.SH "DESCRIPTION"
@@ -74705,10 +75224,6 @@ index 0000000..c04c850
+
+- Set files with the ricci_modcluster_var_run_t type, if you want to store the ricci modcluster files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/modclusterd\.pid, /var/run/clumond\.sock
+
+.EX
+.PP
@@ -74810,19 +75325,21 @@ index 0000000..c04c850
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ricci_modcluster(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ricci_modcluster(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, ricci_selinux(8), ricci_selinux(8), ricci_modclusterd_selinux(8), ricci_modlog_selinux(8), ricci_modrpm_selinux(8), ricci_modservice_selinux(8), ricci_modstorage_selinux(8)
\ No newline at end of file
diff --git a/man/man8/ricci_modclusterd_selinux.8 b/man/man8/ricci_modclusterd_selinux.8
new file mode 100644
-index 0000000..21ed87c
+index 0000000..e297134
--- /dev/null
+++ b/man/man8/ricci_modclusterd_selinux.8
-@@ -0,0 +1,157 @@
-+.TH "ricci_modclusterd_selinux" "8" "ricci_modclusterd" "dwalsh at redhat.com" "ricci_modclusterd SELinux Policy documentation"
+@@ -0,0 +1,159 @@
++.TH "ricci_modclusterd_selinux" "8" "12-10-19" "ricci_modclusterd" "SELinux Policy documentation for ricci_modclusterd"
+.SH "NAME"
+ricci_modclusterd_selinux \- Security Enhanced Linux Policy for the ricci_modclusterd processes
+.SH "DESCRIPTION"
@@ -74974,19 +75491,21 @@ index 0000000..21ed87c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ricci_modclusterd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ricci_modclusterd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, ricci_selinux(8), ricci_selinux(8), ricci_modcluster_selinux(8), ricci_modcluster_selinux(8), ricci_modlog_selinux(8), ricci_modrpm_selinux(8), ricci_modservice_selinux(8), ricci_modstorage_selinux(8)
\ No newline at end of file
diff --git a/man/man8/ricci_modlog_selinux.8 b/man/man8/ricci_modlog_selinux.8
new file mode 100644
-index 0000000..019c6fe
+index 0000000..be05f09
--- /dev/null
+++ b/man/man8/ricci_modlog_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "ricci_modlog_selinux" "8" "ricci_modlog" "dwalsh at redhat.com" "ricci_modlog SELinux Policy documentation"
+@@ -0,0 +1,87 @@
++.TH "ricci_modlog_selinux" "8" "12-10-19" "ricci_modlog" "SELinux Policy documentation for ricci_modlog"
+.SH "NAME"
+ricci_modlog_selinux \- Security Enhanced Linux Policy for the ricci_modlog processes
+.SH "DESCRIPTION"
@@ -75049,10 +75568,6 @@ index 0000000..019c6fe
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type ricci_modlog_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -75070,19 +75585,21 @@ index 0000000..019c6fe
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ricci_modlog(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ricci_modlog(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, ricci_selinux(8), ricci_selinux(8), ricci_modcluster_selinux(8), ricci_modclusterd_selinux(8), ricci_modrpm_selinux(8), ricci_modservice_selinux(8), ricci_modstorage_selinux(8)
\ No newline at end of file
diff --git a/man/man8/ricci_modrpm_selinux.8 b/man/man8/ricci_modrpm_selinux.8
new file mode 100644
-index 0000000..98763b8
+index 0000000..f928288
--- /dev/null
+++ b/man/man8/ricci_modrpm_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "ricci_modrpm_selinux" "8" "ricci_modrpm" "dwalsh at redhat.com" "ricci_modrpm SELinux Policy documentation"
+@@ -0,0 +1,87 @@
++.TH "ricci_modrpm_selinux" "8" "12-10-19" "ricci_modrpm" "SELinux Policy documentation for ricci_modrpm"
+.SH "NAME"
+ricci_modrpm_selinux \- Security Enhanced Linux Policy for the ricci_modrpm processes
+.SH "DESCRIPTION"
@@ -75145,10 +75662,6 @@ index 0000000..98763b8
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type ricci_modrpm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -75166,19 +75679,21 @@ index 0000000..98763b8
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ricci_modrpm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ricci_modrpm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, ricci_selinux(8), ricci_selinux(8), ricci_modcluster_selinux(8), ricci_modclusterd_selinux(8), ricci_modlog_selinux(8), ricci_modservice_selinux(8), ricci_modstorage_selinux(8)
\ No newline at end of file
diff --git a/man/man8/ricci_modservice_selinux.8 b/man/man8/ricci_modservice_selinux.8
new file mode 100644
-index 0000000..73b043b
+index 0000000..720a490
--- /dev/null
+++ b/man/man8/ricci_modservice_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "ricci_modservice_selinux" "8" "ricci_modservice" "dwalsh at redhat.com" "ricci_modservice SELinux Policy documentation"
+@@ -0,0 +1,87 @@
++.TH "ricci_modservice_selinux" "8" "12-10-19" "ricci_modservice" "SELinux Policy documentation for ricci_modservice"
+.SH "NAME"
+ricci_modservice_selinux \- Security Enhanced Linux Policy for the ricci_modservice processes
+.SH "DESCRIPTION"
@@ -75241,10 +75756,6 @@ index 0000000..73b043b
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type ricci_modservice_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -75262,19 +75773,21 @@ index 0000000..73b043b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ricci_modservice(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ricci_modservice(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, ricci_selinux(8), ricci_selinux(8), ricci_modcluster_selinux(8), ricci_modclusterd_selinux(8), ricci_modlog_selinux(8), ricci_modrpm_selinux(8), ricci_modstorage_selinux(8)
\ No newline at end of file
diff --git a/man/man8/ricci_modstorage_selinux.8 b/man/man8/ricci_modstorage_selinux.8
new file mode 100644
-index 0000000..31f1cc8
+index 0000000..f9f8464
--- /dev/null
+++ b/man/man8/ricci_modstorage_selinux.8
-@@ -0,0 +1,151 @@
-+.TH "ricci_modstorage_selinux" "8" "ricci_modstorage" "dwalsh at redhat.com" "ricci_modstorage SELinux Policy documentation"
+@@ -0,0 +1,159 @@
++.TH "ricci_modstorage_selinux" "8" "12-10-19" "ricci_modstorage" "SELinux Policy documentation for ricci_modstorage"
+.SH "NAME"
+ricci_modstorage_selinux \- Security Enhanced Linux Policy for the ricci_modstorage processes
+.SH "DESCRIPTION"
@@ -75366,6 +75879,12 @@ index 0000000..31f1cc8
+.br
+ /var/ftp/etc(/.*)?
+.br
++ /var/lib/openshift/.limits.d(/.*)?
++.br
++ /var/lib/openshift/.openshift-proxy.d(/.*)?
++.br
++ /var/lib/openshift/.stickshift-proxy.d(/.*)?
++.br
+ /var/lib/stickshift/.limits.d(/.*)?
+.br
+ /var/lib/stickshift/.stickshift-proxy.d(/.*)?
@@ -75420,19 +75939,21 @@ index 0000000..31f1cc8
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ricci_modstorage(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ricci_modstorage(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, ricci_selinux(8), ricci_selinux(8), ricci_modcluster_selinux(8), ricci_modclusterd_selinux(8), ricci_modlog_selinux(8), ricci_modrpm_selinux(8), ricci_modservice_selinux(8)
\ No newline at end of file
diff --git a/man/man8/ricci_selinux.8 b/man/man8/ricci_selinux.8
new file mode 100644
-index 0000000..1e254e0
+index 0000000..8020f23
--- /dev/null
+++ b/man/man8/ricci_selinux.8
-@@ -0,0 +1,396 @@
-+.TH "ricci_selinux" "8" "ricci" "dwalsh at redhat.com" "ricci SELinux Policy documentation"
+@@ -0,0 +1,394 @@
++.TH "ricci_selinux" "8" "12-10-19" "ricci" "SELinux Policy documentation for ricci"
+.SH "NAME"
+ricci_selinux \- Security Enhanced Linux Policy for the ricci processes
+.SH "DESCRIPTION"
@@ -75448,9 +75969,9 @@ index 0000000..1e254e0
+
+.SH "ENTRYPOINTS"
+
-+The ricci_t SELinux type can be entered via the "bin_t,ricci_exec_t" file types. The default entrypoint paths for the ricci_t domain are the following:"
++The ricci_t SELinux type can be entered via the "ricci_exec_t,bin_t" file types. The default entrypoint paths for the ricci_t domain are the following:"
+
-+/etc/ppp/ip-up\..*, /usr/lib/vmware-tools/(s)?bin32(/.*)?, /usr/lib/virtualbox/VBoxManage, /usr/lib/.*/scripts(/.*)?, /etc/ppp/ip-down\..*, /usr/share/system-config-netboot/system-config-netboot\.py, /usr/share/shorewall-perl(/.*)?, /usr/Brother(/.*)?, /usr/share/doc/ghc/html/libraries/gen_contents_index, /usr/lib/mailman.*/mail(/.*)?, /usr/lib/[^/]*thunderbird[^/]*/open-browser\.sh, /usr/share/cluster/ocf-shellfuncs, /bin, /usr/lib/.*/program(/.*)?, /usr/lib/security/pam_krb5/pam_krb5_storetmp, /usr/share/apr-0/build/libtool, /usr/lib/pm-utils(/.*)?, /etc/sysconfig/network-scripts/net.*, /usr/share/system-config-language/system-config-language, /usr/lib/vte/gnome-pty-helper, /etc/lxdm/Pre.*, /usr/lib/xulrunner[^/]*/crashreporter, /usr/lib/nagios/plugins(/.*)?, /usr/share/PackageKit/helpers(/.*)?, /usr/share/e16/misc(/.*)?, /usr/lib/fence(/.*)?, /etc/sysconfig/network-scripts/init.*, /usr/lib/xulrunner[^/]*/updater, /etc/mcelog/cache-error-trigger, /usr/share/system-config-
mouse/system-config-mouse, /usr/share/system-config-netboot/pxeos\.py, /usr/share/cluster/.*\.sh, /usr/lib/udev/devices/MAKEDEV, /usr/lib/nfs-utils/scripts(/.*)?, /usr/share/mc/extfs/.*, /emul/ia32-linux/usr(/.*)?/sbin(/.*)?, /var/qmail/rc, /var/mailman.*/bin(/.*)?, /usr/share/system-config-nfs/system-config-nfs\.py, /sbin, /usr/share/texmf/web2c/mktexupd, /usr/lib/readahead(/.*)?, /usr/lib/gimp/.*/plug-ins(/.*)?, /usr/lib/xen/bin(/.*)?, /usr/share/Modules/init(/.*)?, /var/qmail/bin, /opt/google/talkplugin(/.*)?, /etc/profile.d(/.*)?, /usr/share/hwbrowser/hwbrowser, /usr/share/dayplanner/dayplanner, /usr/lib/nspluginwrapper/np.*, /usr/share/printconf/util/print\.py, /usr/lib/[^/]*/run-mozilla\.sh, /usr/linuxprinter/filters(/.*)?, /usr/share/system-config-network/neat-control\.py, /usr/lib/[^/]*/mozilla-xremote-client, /usr/share/hal/scripts(/.*)?, /usr/lib/[^/]*thunderbird[^/]*/thunderbird, /usr/share/system-config-selinux/polgen\.py, /usr/lib(.*/)?sbin(/.*)?, /lib/udev/devi
ces/MAKEDEV, /etc/vmware-tools(/.*)?, /etc/PackageKit/events(/.*)?, /usr/share/denyhosts/plugins(/.*)?, /usr/share/sectool/.*\.py, /etc/pki/tls/certs/make-dummy-cert, /usr/lib/rpm/rpmd, /usr/lib/tuned/.*/.*\.sh, /usr/share/cluster/svclib_nfslock, /usr/libexec(/.*)?, /usr/share/system-config-nfs/nfs-export\.py, /usr/share/apr-0/build/[^/]+\.sh, /opt/OpenPrinting-Gutenprint/cups/lib/filter(/.*)?, /bin/mountpoint, /usr/share/rhn/rhn_applet/needed-packages\.py, /lib/security/pam_krb5(/.*)?, /emul/ia32-linux/usr/libexec(/.*)?, /usr/lib/rpm/rpmk, /etc/apcupsd/commok, /usr/lib/oracle/xe/apps(/.*)?, /usr/share/clamav/freshclam-sleep, /usr/lib/mediawiki/math/texvc.*, /etc/ConsoleKit/run-seat\.d(/.*)?, /usr/lib/xfce4(/.*)?, /usr/share/system-config-services/system-config-services, /opt/(.*/)?libexec(/.*)?, /emul/ia32-linux/usr(/.*)?/Bin(/.*)?, /usr/lib/debug/sbin(/.*)?, /etc/sysconfig/libvirtd, /etc/cron.weekly(/.*)?, /usr/lib/ccache/bin(/.*)?, /sbin/.*, /var/lib/asterisk/agi-bin(/.*)
?, /usr/lib/[^/]*thunderbird[^/]*/thunderbird-bin, /usr/lib/yp/.+, /usr/share/wicd/daemon(/.*)?, /etc/ppp/ipv6-up\..*, /etc/acpi/actions(/.*)?, /etc/sysconfig/network-scripts/ifdown.*, /usr/share/cluster/SAPDatabase, /usr/share/system-config-soundcard/system-config-soundcard, /usr/lib/udev/scsi_id, /etc/pm/power\.d(/.*)?, /usr/share/system-config-services/gui\.py, /etc/lxdm/Xsession, /usr/lib/cyrus-imapd/.*, /usr/sbin/insmod_ksymoops_clean, /etc/cipe/ip-down.*, /usr/share/PackageKit/pk-upgrade-distro\.sh, /usr/share/shorewall/compiler\.pl, /usr/share/pydict/pydict\.py, /dev/MAKEDEV, /usr/share/shorewall-shell(/.*)?, /emul/ia32-linux/bin(/.*)?, /root/bin(/.*)?, /usr/lib/xfce4/session/balou-export-theme, /usr/share/system-config-selinux/system-config-selinux\.py, /etc/ppp/ipv6-down\..*, /usr/share/pwlib/make/ptlib-config, /usr/lib/ConsoleKit/scripts(/.*)?, /opt/(.*/)?bin(/.*)?, /etc/init\.d/functions, /lib/readahead(/.*)?, /etc/apcupsd/apccontrol, /usr/share/system-config-samb
a/system-config-samba\.py, /usr/lib/misc/sftp-server, /etc/apcupsd/onbattery, /usr/lib/qt.*/bin(/.*)?, /usr/share/cvs/contrib/rcs2log, /usr/lib/debug/usr/sbin(/.*)?, /usr/share/system-config-keyboard/system-config-keyboard, /usr/share/fedora-usermgmt/wrapper, /usr/lib/thunderbird.*/mozilla-xremote-client, /usr/share/ssl/misc(/.*)?, /etc/apcupsd/changeme, /etc/apcupsd/offbattery, /etc/apcupsd/commfailure, /etc/sysconfig/readonly-root, /etc/cron.monthly(/.*)?, /var/ftp/bin(/.*)?, /usr/lib/xfce4/xfwm4/helper-dialog, /usr/lib/iscan/network, /usr/share/shorewall-lite(/.*)?, /usr/Printer(/.*)?, /usr/share/authconfig/authconfig-gtk\.py, /usr/share/system-config-rootpassword/system-config-rootpassword, /usr/lib/news/bin(/.*)?, /usr/share/system-config-lvm/system-config-lvm\.py, /usr/share/system-config-netboot/pxeboot\.py, /etc/auto\.[^/]*, /usr/Brother/(.*/)?inf/brprintconf.*, /etc/apcupsd/masterconnect, /etc/avahi/.*\.action, /usr/lib/netsaint/plugins(/.*)?, /usr/share/authconfig/
authconfig-tui\.py, /usr/share/system-config-securitylevel/system-config-securitylevel\.py, /usr/lib/xfce4/exo-1/exo-helper-1, /usr/lib/dracut(/.*)?, /usr/share/kde4/apps/kajongg/kajongg.py, /usr/share/hal/device-manager/hal-device-manager, /usr/share/selinux/devel/policygentool, /etc/mail/make, /usr/lib/debug/usr/libexec(/.*)?, /opt/gutenprint/cups/lib/filter(/.*)?, /usr/libexec/openssh/sftp-server, /usr/lib/ruby/gems/.*/agents(/.*)?, /usr/lib/bluetooth(/.*)?, /usr/lib/chromium-browser(/.*)?, /etc/sysconfig/init, /usr/share/system-logviewer/system-logviewer\.py, /emul/ia32-linux/usr(/.*)?/bin(/.*)?, /usr/lib/wicd/monitor\.py, /etc/pki/tls/misc(/.*)?, /etc/cron.hourly(/.*)?, /etc/xen/qemu-ifup, /usr/share/system-config-services/serviceconf\.py, /usr/share/tucan.*/tucan.py, /usr/lib/portage/bin(/.*)?, /etc/lxdm/LoginReady, /etc/mcelog/triggers(/.*)?, /usr/share/texmf/web2c/mktexnam, /etc/gdm/XKeepsCrashing[^/]*, /usr/lib/apt/methods.+, /etc/rc\.d/init\.d/functions, /usr/lib/x
fce4/exo-1/exo-compose-mail-1, /etc/kde/shutdown(/.*)?, /usr/lib/cups(/.*)?, /usr/share/gedit-2/plugins/externaltools/tools(/.*)?, /usr/share/gnucash/finance-quote-helper, /etc/cron.daily(/.*)?, /usr/share/gitolite/hooks/gitolite-admin/post-update, /usr/lib/rpm/rpmv, /etc/ConsoleKit/run-session\.d(/.*)?, /etc/munin/plugins(/.*)?, /usr/share/clamav/clamd-gen, /etc/lxdm/Post.*, /usr/lib/xulrunner[^/]*/xulrunner[^/]*, /etc/hotplug/.*agent, /usr/lib/emacsen-common/.*, /usr/lib/jvm/java(.*/)bin(/.*), /etc/sysconfig/network-scripts/ifup.*, /usr/lib/xfce4/xfconf/xfconfd, /usr/lib/MailScanner(/.*)?, /usr/share/vhostmd/scripts(/.*)?, /usr/share/ajaxterm/qweb.py.*, /usr/share/switchdesk/switchdesk-gui\.py, /usr/lib/ipsec/.*, /usr/share/turboprint/lib(/.*)?, /usr/sbin/mkfs\.cramfs, /var/qmail/bin(/.*)?, /etc/sysconfig/crond, /usr/share/hplip/[^/]*, /lib/security/pam_krb5/pam_krb5_storetmp, /usr/share/debconf/.+, /usr/share/shorewall/configpath, /usr/bin/pingus.*, /etc/hotplug/hotplug\.
functions, /usr/lib/mailman.*/bin(/.*)?, /usr/share/texmf/web2c/mktexdir, /usr/share/gnucash/finance-quote-check, /etc/redhat-lsb(/.*)?, /usr/X11R6/lib/X11/xkb/xkbcomp, /etc/gdm/[^/]+, /opt/google/chrome(/.*)?, /usr/lib/tumbler-[^/]*/tumblerd, /usr/lib/dpkg/.+, /usr/share/sandbox/sandboxX.sh, /etc/cipe/ip-up.*, /usr/lib/udev/[^/]*, /usr/bin/mountpoint, /lib/udev/scsi_id, /bin/.*, /emul/ia32-linux/sbin(/.*)?, /var/lib/iscan/interpreter, /etc/dhcp/dhclient\.d(/.*)?, /etc/racoon/scripts(/.*)?, /opt/(.*/)?sbin(/.*)?, /usr/share/shorewall6-lite(/.*)?, /usr/share/spamassassin/sa-update\.cron, /usr/share/rhn/rhn_applet/applet\.py, /etc/X11/xdm/TakeConsole, /usr/(.*/)?sbin(/.*)?, /etc/X11/xinit(/.*)?, /usr/share/shorewall/getparams, /usr/share/cluster/checkquorum, /etc/X11/xdm/GiveConsole, /usr/lib/xfce4/session/xfsm-shutdown-helper, /lib/upstart(/.*)?, /etc/pm/sleep\.d(/.*)?, /etc/gdm/[^/]+/.*, /usr/share/system-config-httpd/system-config-httpd, /usr/lib/upstart(/.*)?, /usr/lib/pgs
ql/test/regress/.*\.sh, /usr/share/system-config-users/system-config-users, /etc/mgetty\+sendfax/new_fax, /usr/lib/debug/bin(/.*)?, /usr/lib/debug/usr/bin(/.*)?, /etc/hotplug/.*rc, /usr/lib/courier(/.*)?, /etc/X11/xdm/Xsetup_0, /etc/netplug\.d(/.*)?, /usr/Brother/(.*/)?inf/setup.*, /usr/lib/xfce4/session/balou-install-theme, /usr/(.*/)?bin(/.*)?, /usr/(.*/)?Bin(/.*)?, /etc/xen/scripts(/.*)?, /usr/share/smolt/client(/.*)?, /usr/bin, /etc/sysconfig/netconsole, /usr/share/system-config-network(/netconfig)?/[^/]+\.py, /usr/lib/xfce4/panel/migrate, /usr/share/ajaxterm/ajaxterm.py.*, /sbin/mkfs\.cramfs, /usr/share/authconfig/authconfig\.py, /usr/share/system-config-date/system-config-date\.py, /usr/share/virtualbox/.*\.sh, /etc/apcupsd/mastertimeout, /usr/lib/ruby/gems(/.*)?/helper-scripts(/.*)?, /usr/share/texmf/texconfig/tcfmgr, /etc/kde/env(/.*)?, /usr/lib/rpm/rpmq, /sbin/insmod_ksymoops_clean, /usr/lib/xfce4/panel/wrapper, /usr/share/system-config-printer/applet\.py, /etc/hotp
lug\.d/default/default.*, /usr/lib(.*/)?bin(/.*)?, /usr/share/gitolite/hooks/common/update, /usr/lib/ConsoleKit/run-session\.d(/.*)?, /usr/lib/sftp-server, /usr/share/system-config-display/system-config-display, /lib/udev/[^/]*, /usr/share/cluster/fence_scsi_check\.pl, /usr/share/denyhosts/scripts(/.*)?, /usr/share/createrepo(/.*)?, /usr/lib/yaboot/addnote, /usr/lib/vmware-tools/(s)?bin64(/.*)?, /usr/share/cluster/SAPInstance, /usr/sbin/ricci
++/usr/sbin/ricci, /bin/.*, /opt/(.*/)?bin(/.*)?, /usr/(.*/)?Bin(/.*)?, /usr/(.*/)?bin(/.*)?, /usr/(.*/)?sbin(/.*)?, /opt/(.*/)?sbin(/.*)?, /opt/(.*/)?libexec(/.*)?, /sbin/.*, /usr/lib(.*/)?bin(/.*)?, /usr/lib(.*/)?sbin(/.*)?, /etc/gdm/[^/]+, /root/bin(/.*)?, /etc/gdm/[^/]+/.*, /etc/cron.daily(/.*)?, /etc/cron.weekly(/.*)?, /etc/cron.hourly(/.*)?, /etc/cron.monthly(/.*)?, /usr/lib/.*/scripts(/.*)?, /usr/lib/.*/program(/.*)?, /usr/lib/[^/]*/run-mozilla\.sh, /usr/lib/[^/]*/mozilla-xremote-client, /usr/lib/[^/]*thunderbird[^/]*/thunderbird, /usr/lib/[^/]*thunderbird[^/]*/thunderbird-bin, /usr/lib/[^/]*thunderbird[^/]*/open-browser\.sh, /lib/udev/[^/]*, /etc/auto\.[^/]*, /etc/avahi/.*\.action, /usr/lib/qt.*/bin(/.*)?, /usr/lib/yp/.+, /var/ftp/bin(/.*)?, /usr/Brother(/.*)?, /usr/Printer(/.*)?, /usr/libexec(/.*)?, /lib/upstart(/.*)?, /etc/kde/env(/.*)?, /etc/profile.d(/.*)?, /var/mailman.*/bin(/.*)?, /etc/lxdm/Pre.*, /etc/hotplug/.*rc, /usr/lib/cups(/.*)?, /etc/hotplug/.*agent, /us
r/Brother/(.*/)?inf/setup.*, /usr/Brother/(.*/)?inf/brprintconf.*, /usr/lib/dpkg/.+, /etc/lxdm/Post.*, /usr/lib/udev/[^/]*, /var/qmail/bin(/.*)?, /usr/lib/xfce4(/.*)?, /usr/lib/fence(/.*)?, /etc/X11/xinit(/.*)?, /lib/readahead(/.*)?, /etc/netplug\.d(/.*)?, /usr/lib/gimp/.*/plug-ins(/.*)?, /usr/lib/ipsec/.*, /etc/ppp/ip-up\..*, /usr/bin/pingus.*, /etc/cipe/ip-up.*, /usr/lib/dracut(/.*)?, /etc/pm/power\.d(/.*)?, /etc/pm/sleep\.d(/.*)?, /etc/redhat-lsb(/.*)?, /usr/lib/tuned/.*/.*\.sh, /usr/lib/xen/bin(/.*)?, /usr/lib/upstart(/.*)?, /usr/lib/courier(/.*)?, /etc/xen/scripts(/.*)?, /usr/share/tucan.*/tucan.py, /usr/lib/mailman.*/bin(/.*)?, /usr/lib/mailman.*/mail(/.*)?, /etc/ppp/ipv6-up\..*, /etc/ppp/ip-down\..*, /etc/cipe/ip-down.*, /usr/share/hplip/[^/]*, /usr/lib/news/bin(/.*)?, /usr/lib/pm-utils(/.*)?, /etc/vmware-tools(/.*)?, /etc/kde/shutdown(/.*)?, /etc/acpi/actions(/.*)?, /etc/pki/tls/misc(/.*)?, /usr/lib/jvm/java(.*/)bin(/.*), /usr/lib/tumbler-[^/]*/tumblerd, /usr/lib/rea
dahead(/.*)?, /opt/google/chrome(/.*)?, /etc/munin/plugins(/.*)?, /usr/lib/bluetooth(/.*)?, /usr/lib/debug/bin(/.*)?, /usr/lib/xulrunner[^/]*/updater, /usr/lib/xulrunner[^/]*/crashreporter, /usr/lib/xulrunner[^/]*/xulrunner[^/]*, /usr/lib/ruby/gems(/.*)?/helper-scripts(/.*)?, /usr/share/debconf/.+, /etc/ppp/ipv6-down\..*, /usr/share/cluster/.*\.sh, /usr/share/sectool/.*\.py, /usr/share/ssl/misc(/.*)?, /usr/share/e16/misc(/.*)?, /usr/lib/ccache/bin(/.*)?, /etc/racoon/scripts(/.*)?, /usr/lib/debug/sbin(/.*)?, /usr/lib/ruby/gems/.*/agents(/.*)?, /usr/share/mc/extfs/.*, /usr/lib/apt/methods.+, /usr/lib/portage/bin(/.*)?, /usr/lib/MailScanner(/.*)?, /etc/mcelog/triggers(/.*)?, /etc/dhcp/dhclient\.d(/.*)?, /emul/ia32-linux/bin(/.*)?, /emul/ia32-linux/usr(/.*)?/bin(/.*)?, /emul/ia32-linux/usr(/.*)?/Bin(/.*)?, /emul/ia32-linux/usr(/.*)?/sbin(/.*)?, /usr/lib/thunderbird.*/mozilla-xremote-client, /usr/lib/cyrus-imapd/.*, /usr/share/createrepo(/.*)?, /emul/ia32-linux/sbin(/.*)?, /usr/s
hare/virtualbox/.*\.sh, /usr/share/hal/scripts(/.*)?, /usr/share/wicd/daemon(/.*)?, /lib/security/pam_krb5(/.*)?, /opt/google/talkplugin(/.*)?, /etc/PackageKit/events(/.*)?, /usr/lib/debug/usr/bin(/.*)?, /usr/lib/vmware-tools/(s)?bin32(/.*)?, /usr/lib/vmware-tools/(s)?bin64(/.*)?, /etc/gdm/XKeepsCrashing[^/]*, /usr/lib/oracle/xe/apps(/.*)?, /usr/share/Modules/init(/.*)?, /usr/share/smolt/client(/.*)?, /usr/lib/nagios/plugins(/.*)?, /usr/lib/debug/usr/sbin(/.*)?, /usr/share/apr-0/build/[^/]+\.sh, /usr/lib/emacsen-common/.*, /usr/share/ajaxterm/qweb.py.*, /var/lib/asterisk/agi-bin(/.*)?, /usr/share/shorewall-perl(/.*)?, /usr/share/shorewall-lite(/.*)?, /usr/linuxprinter/filters(/.*)?, /usr/lib/netsaint/plugins(/.*)?, /usr/lib/chromium-browser(/.*)?, /usr/share/turboprint/lib(/.*)?, /usr/lib/nfs-utils/scripts(/.*)?, /usr/share/shorewall-shell(/.*)?, /usr/share/shorewall6-lite(/.*)?, /usr/share/vhostmd/scripts(/.*)?, /usr/lib/debug/usr/libexec(/.*)?, /etc/ConsoleKit/run-seat\.d(
/.*)?, /usr/lib/nspluginwrapper/np.*, /usr/share/sandbox/sandboxX.sh, /usr/lib/ConsoleKit/scripts(/.*)?, /usr/share/ajaxterm/ajaxterm.py.*, /usr/lib/pgsql/test/regress/.*\.sh, /usr/share/denyhosts/plugins(/.*)?, /usr/share/denyhosts/scripts(/.*)?, /emul/ia32-linux/usr/libexec(/.*)?, /usr/lib/mediawiki/math/texvc.*, /usr/share/PackageKit/helpers(/.*)?, /etc/ConsoleKit/run-session\.d(/.*)?, /etc/hotplug\.d/default/default.*, /usr/lib/systemd/system-sleep/(.*)?, /opt/gutenprint/cups/lib/filter(/.*)?, /usr/share/system-config-network(/netconfig)?/[^/]+\.py, /usr/lib/ConsoleKit/run-session\.d(/.*)?, /etc/sysconfig/network-scripts/net.*, /etc/sysconfig/network-scripts/ifup.*, /etc/sysconfig/network-scripts/init.*, /usr/share/kde4/apps/kajongg/kajongg.py, /etc/sysconfig/network-scripts/ifdown.*, /opt/OpenPrinting-Gutenprint/cups/lib/filter(/.*)?, /usr/share/gedit-2/plugins/externaltools/tools(/.*)?, /bin, /sbin, /usr/bin, /dev/MAKEDEV, /var/qmail/rc, /var/qmail/bin, /etc/mail/make,
/bin/mountpoint, /usr/lib/rpm/rpmv, /usr/lib/rpm/rpmk, /usr/lib/rpm/rpmq, /usr/lib/rpm/rpmd, /lib/udev/scsi_id, /sbin/mkfs\.cramfs, /etc/xen/qemu-ifup, /etc/lxdm/Xsession, /etc/sysconfig/init, /usr/bin/mountpoint, /etc/apcupsd/commok, /usr/lib/sftp-server, /etc/sysconfig/crond, /etc/lxdm/LoginReady, /usr/sbin/mkfs\.cramfs, /usr/lib/udev/scsi_id, /etc/X11/xdm/Xsetup_0, /etc/init\.d/functions, /etc/apcupsd/changeme, /usr/lib/iscan/network, /etc/apcupsd/onbattery, /usr/lib/yaboot/addnote, /etc/sysconfig/libvirtd, /etc/apcupsd/apccontrol, /etc/apcupsd/offbattery, /usr/lib/wicd/monitor\.py, /etc/X11/xdm/TakeConsole, /etc/X11/xdm/GiveConsole, /etc/apcupsd/commfailure, /usr/lib/misc/sftp-server, /etc/sysconfig/netconsole, /lib/udev/devices/MAKEDEV, /var/lib/iscan/interpreter, /etc/rc\.d/init\.d/functions, /etc/apcupsd/masterconnect, /etc/apcupsd/mastertimeout, /usr/share/pydict/pydict\.py, /usr/share/clamav/clamd-gen, /sbin/insmod_ksymoops_clean, /etc/mgetty\+sendfax/new_fax, /usr
/lib/xfce4/panel/migrate, /usr/lib/xfce4/panel/wrapper, /etc/sysconfig/readonly-root, /usr/lib/udev/devices/MAKEDEV, /usr/lib/vte/gnome-pty-helper, /usr/lib/xfce4/xfconf/xfconfd, /usr/share/hwbrowser/hwbrowser, /usr/share/cvs/contrib/rcs2log, /usr/X11R6/lib/X11/xkb/xkbcomp, /usr/lib/virtualbox/VBoxManage, /usr/share/cluster/checkquorum, /usr/share/shorewall/getparams, /usr/share/apr-0/build/libtool, /usr/share/cluster/SAPDatabase, /usr/share/cluster/SAPInstance, /etc/hotplug/hotplug\.functions, /usr/share/texmf/web2c/mktexdir, /usr/share/texmf/web2c/mktexupd, /usr/share/texmf/web2c/mktexnam, /usr/share/shorewall/configpath, /usr/sbin/insmod_ksymoops_clean, /etc/mcelog/cache-error-trigger, /usr/share/shorewall/compiler\.pl, /usr/share/dayplanner/dayplanner, /usr/libexec/openssh/sftp-server, /usr/share/texmf/texconfig/tcfmgr, /usr/share/clamav/freshclam-sleep, /usr/share/cluster/ocf-shellfuncs, /usr/share/cluster/svclib_nfslock, /usr/lib/xfce4/exo-1/exo-helper-1, /usr/share/pw
lib/make/ptlib-config, /usr/share/fedora-usermgmt/wrapper, /usr/share/printconf/util/print\.py, /usr/lib/xfce4/xfwm4/helper-dialog, /etc/pki/tls/certs/make-dummy-cert, /usr/share/rhn/rhn_applet/applet\.py, /usr/share/authconfig/authconfig\.py, /usr/share/spamassassin/sa-update\.cron, /usr/share/gnucash/finance-quote-check, /usr/share/cluster/fence_scsi_check\.pl, /usr/share/selinux/devel/policygentool, /usr/share/switchdesk/switchdesk-gui\.py, /usr/share/authconfig/authconfig-gtk\.py, /usr/share/authconfig/authconfig-tui\.py, /usr/share/gitolite/hooks/common/update, /usr/share/gnucash/finance-quote-helper, /usr/lib/xfce4/exo-1/exo-compose-mail-1, /usr/share/system-config-services/gui\.py, /lib/security/pam_krb5/pam_krb5_storetmp, /usr/share/system-config-netboot/pxeos\.py, /usr/lib/xfce4/session/balou-export-theme, /usr/share/system-config-nfs/nfs-export\.py, /usr/share/system-config-printer/applet\.py, /usr/share/system-config-selinux/polgen\.py, /usr/share/PackageKit/pk-up
grade-distro\.sh, /usr/lib/xfce4/session/balou-install-theme, /usr/share/system-config-netboot/pxeboot\.py, /usr/lib/xfce4/session/xfsm-shutdown-helper, /usr/share/rhn/rhn_applet/needed-packages\.py, /usr/lib/security/pam_krb5/pam_krb5_storetmp, /usr/share/system-logviewer/system-logviewer\.py, /usr/share/system-config-network/neat-control\.py, /usr/share/system-config-services/serviceconf\.py, /usr/share/hal/device-manager/hal-device-manager, /usr/share/system-config-lvm/system-config-lvm\.py, /usr/share/system-config-nfs/system-config-nfs\.py, /usr/share/system-config-httpd/system-config-httpd, /usr/share/system-config-mouse/system-config-mouse, /usr/share/system-config-users/system-config-users, /usr/share/system-config-date/system-config-date\.py, /usr/share/doc/ghc/html/libraries/gen_contents_index, /usr/share/gitolite/hooks/gitolite-admin/post-update, /usr/share/system-config-samba/system-config-samba\.py, /usr/share/system-config-display/system-config-display, /usr/sh
are/system-config-keyboard/system-config-keyboard, /usr/share/system-config-language/system-config-language, /usr/share/system-config-services/system-config-services, /usr/share/system-config-selinux/system-config-selinux\.py, /usr/share/system-config-netboot/system-config-netboot\.py, /usr/share/system-config-soundcard/system-config-soundcard, /usr/share/system-config-rootpassword/system-config-rootpassword, /usr/share/system-config-securitylevel/system-config-securitylevel\.py
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -75527,10 +76048,6 @@ index 0000000..1e254e0
+
+- Set files with the ricci_modcluster_var_run_t type, if you want to store the ricci modcluster files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/modclusterd\.pid, /var/run/clumond\.sock
+
+.EX
+.PP
@@ -75702,10 +76219,10 @@ index 0000000..1e254e0
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -75823,19 +76340,21 @@ index 0000000..1e254e0
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ricci(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ricci(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, ricci_modcluster_selinux(8), ricci_modclusterd_selinux(8), ricci_modlog_selinux(8), ricci_modrpm_selinux(8), ricci_modservice_selinux(8), ricci_modstorage_selinux(8)
\ No newline at end of file
diff --git a/man/man8/rlogind_selinux.8 b/man/man8/rlogind_selinux.8
new file mode 100644
-index 0000000..0fd4170
+index 0000000..392c515
--- /dev/null
+++ b/man/man8/rlogind_selinux.8
-@@ -0,0 +1,332 @@
-+.TH "rlogind_selinux" "8" "rlogind" "dwalsh at redhat.com" "rlogind SELinux Policy documentation"
+@@ -0,0 +1,328 @@
++.TH "rlogind_selinux" "8" "12-10-19" "rlogind" "SELinux Policy documentation for rlogind"
+.SH "NAME"
+rlogind_selinux \- Security Enhanced Linux Policy for the rlogind processes
+.SH "DESCRIPTION"
@@ -75853,7 +76372,7 @@ index 0000000..0fd4170
+
+The rlogind_t SELinux type can be entered via the "rlogind_exec_t" file type. The default entrypoint paths for the rlogind_t domain are the following:"
+
-+/usr/lib/telnetlogin, /usr/kerberos/sbin/klogind, /usr/sbin/in\.rlogind
++/usr/lib/telnetlogin, /usr/sbin/in\.rlogind, /usr/kerberos/sbin/klogind
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -75890,10 +76409,6 @@ index 0000000..0fd4170
+
+- Set files with the rlogind_exec_t type, if you want to transition an executable to the rlogind_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/telnetlogin, /usr/kerberos/sbin/klogind, /usr/sbin/in\.rlogind
+
+.EX
+.PP
@@ -75902,10 +76417,6 @@ index 0000000..0fd4170
+
+- Set files with the rlogind_home_t type, if you want to store rlogind files in the users home directory.
+
-+.br
-+.TP 5
-+Paths:
-+/root/\.rlogin, /root/\.rhosts
+
+.EX
+.PP
@@ -76030,6 +76541,8 @@ index 0000000..0fd4170
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -76163,17 +76676,127 @@ index 0000000..0fd4170
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), rlogind(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), rlogind(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+diff --git a/man/man8/rngd_selinux.8 b/man/man8/rngd_selinux.8
+new file mode 100644
+index 0000000..a7b3195
+--- /dev/null
++++ b/man/man8/rngd_selinux.8
+@@ -0,0 +1,102 @@
++.TH "rngd_selinux" "8" "12-10-19" "rngd" "SELinux Policy documentation for rngd"
++.SH "NAME"
++rngd_selinux \- Security Enhanced Linux Policy for the rngd processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the rngd processes via flexible mandatory access control.
++
++The rngd processes execute with the rngd_t SELinux type. You can check if you have these processes running by executing the \fBps\fP command with the \fB\-Z\fP qualifier.
++
++For example:
++
++.B ps -eZ | grep rngd_t
++
++
++.SH "ENTRYPOINTS"
++
++The rngd_t SELinux type can be entered via the "rngd_exec_t" file type. The default entrypoint paths for the rngd_t domain are the following:"
++
++/usr/sbin/rngd
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux rngd policy is very flexible allowing users to setup their rngd processes in as secure a method as possible.
++.PP
++The following process types are defined for rngd:
++
++.EX
++.B rngd_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux rngd policy is very flexible allowing users to setup their rngd processes in as secure a method as possible.
++.PP
++The following file types are defined for rngd:
++
++
++.EX
++.PP
++.B rngd_exec_t
++.EE
++
++- Set files with the rngd_exec_t type, if you want to transition an executable to the rngd_t domain.
++
++
++.EX
++.PP
++.B rngd_initrc_exec_t
++.EE
++
++- Set files with the rngd_initrc_exec_t type, if you want to transition an executable to the rngd_initrc_t domain.
++
++
++.EX
++.PP
++.B rngd_unit_file_t
++.EE
++
++- Set files with the rngd_unit_file_t type, if you want to treat the files as rngd unit content.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH NSSWITCH DOMAIN
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
++
++.SH "SEE ALSO"
++selinux(8), rngd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/roundup_selinux.8 b/man/man8/roundup_selinux.8
new file mode 100644
-index 0000000..92bcc76
+index 0000000..c79a836
--- /dev/null
+++ b/man/man8/roundup_selinux.8
-@@ -0,0 +1,122 @@
-+.TH "roundup_selinux" "8" "roundup" "dwalsh at redhat.com" "roundup SELinux Policy documentation"
+@@ -0,0 +1,124 @@
++.TH "roundup_selinux" "8" "12-10-19" "roundup" "SELinux Policy documentation for roundup"
+.SH "NAME"
+roundup_selinux \- Security Enhanced Linux Policy for the roundup processes
+.SH "DESCRIPTION"
@@ -76291,17 +76914,19 @@ index 0000000..92bcc76
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), roundup(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), roundup(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/rpcbind_selinux.8 b/man/man8/rpcbind_selinux.8
new file mode 100644
-index 0000000..f5b8c67
+index 0000000..902c890
--- /dev/null
+++ b/man/man8/rpcbind_selinux.8
-@@ -0,0 +1,142 @@
-+.TH "rpcbind_selinux" "8" "rpcbind" "dwalsh at redhat.com" "rpcbind SELinux Policy documentation"
+@@ -0,0 +1,132 @@
++.TH "rpcbind_selinux" "8" "12-10-19" "rpcbind" "SELinux Policy documentation for rpcbind"
+.SH "NAME"
+rpcbind_selinux \- Security Enhanced Linux Policy for the rpcbind processes
+.SH "DESCRIPTION"
@@ -76319,7 +76944,7 @@ index 0000000..f5b8c67
+
+The rpcbind_t SELinux type can be entered via the "rpcbind_exec_t" file type. The default entrypoint paths for the rpcbind_t domain are the following:"
+
-+/usr/sbin/rpcbind, /sbin/rpcbind
++/sbin/rpcbind, /usr/sbin/rpcbind
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -76356,10 +76981,6 @@ index 0000000..f5b8c67
+
+- Set files with the rpcbind_exec_t type, if you want to transition an executable to the rpcbind_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/rpcbind, /sbin/rpcbind
+
+.EX
+.PP
@@ -76376,10 +76997,6 @@ index 0000000..f5b8c67
+
+- Set files with the rpcbind_var_lib_t type, if you want to store the rpcbind files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/rpcbind(/.*)?, /var/cache/rpcbind(/.*)?
+
+.EX
+.PP
@@ -76388,10 +77005,6 @@ index 0000000..f5b8c67
+
+- Set files with the rpcbind_var_run_t type, if you want to store the rpcbind files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/rpcbind\.sock, /var/run/rpcbind\.lock, /var/run/rpc.statd\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -76439,17 +77052,19 @@ index 0000000..f5b8c67
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), rpcbind(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), rpcbind(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/rpcd_selinux.8 b/man/man8/rpcd_selinux.8
new file mode 100644
-index 0000000..9e5d907
+index 0000000..d9515e6
--- /dev/null
+++ b/man/man8/rpcd_selinux.8
-@@ -0,0 +1,189 @@
-+.TH "rpcd_selinux" "8" "rpcd" "dwalsh at redhat.com" "rpcd SELinux Policy documentation"
+@@ -0,0 +1,181 @@
++.TH "rpcd_selinux" "8" "12-10-19" "rpcd" "SELinux Policy documentation for rpcd"
+.SH "NAME"
+rpcd_selinux \- Security Enhanced Linux Policy for the rpcd processes
+.SH "DESCRIPTION"
@@ -76467,7 +77082,7 @@ index 0000000..9e5d907
+
+The rpcd_t SELinux type can be entered via the "rpcd_exec_t" file type. The default entrypoint paths for the rpcd_t domain are the following:"
+
-+/sbin/sm-notify, /usr/sbin/rpc\..*, /usr/sbin/rpc\.idmapd, /usr/sbin/sm-notify, /usr/sbin/rpc\.rquotad, /sbin/rpc\..*
++/sbin/rpc\..*, /usr/sbin/rpc\..*, /sbin/sm-notify, /usr/sbin/sm-notify, /usr/sbin/rpc\.idmapd, /usr/sbin/rpc\.rquotad
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -76504,10 +77119,6 @@ index 0000000..9e5d907
+
+- Set files with the rpcd_exec_t type, if you want to transition an executable to the rpcd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/sm-notify, /usr/sbin/rpc\..*, /usr/sbin/rpc\.idmapd, /usr/sbin/sm-notify, /usr/sbin/rpc\.rquotad, /sbin/rpc\..*
+
+.EX
+.PP
@@ -76516,10 +77127,6 @@ index 0000000..9e5d907
+
+- Set files with the rpcd_initrc_exec_t type, if you want to transition an executable to the rpcd_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/nfslock, /etc/rc\.d/init\.d/rpcidmapd
+
+.EX
+.PP
@@ -76536,10 +77143,6 @@ index 0000000..9e5d907
+
+- Set files with the rpcd_var_run_t type, if you want to store the rpcd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/rpc\.statd(/.*)?, /var/run/rpc\.statd\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -76565,6 +77168,8 @@ index 0000000..9e5d907
+.br
+ /var/spool/(.*/)?a?quota\.(user|group)
+.br
++ /var/lib/openshift/a?quota\.(user|group)
++.br
+ /var/lib/stickshift/a?quota\.(user|group)
+.br
+ /home/[^/]*/a?quota\.(user|group)
@@ -76633,19 +77238,21 @@ index 0000000..9e5d907
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), rpcd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), rpcd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, rpcbind_selinux(8)
\ No newline at end of file
diff --git a/man/man8/rpm_script_selinux.8 b/man/man8/rpm_script_selinux.8
new file mode 100644
-index 0000000..70acddc
+index 0000000..286daa6
--- /dev/null
+++ b/man/man8/rpm_script_selinux.8
-@@ -0,0 +1,125 @@
-+.TH "rpm_script_selinux" "8" "rpm_script" "dwalsh at redhat.com" "rpm_script SELinux Policy documentation"
+@@ -0,0 +1,127 @@
++.TH "rpm_script_selinux" "8" "12-10-19" "rpm_script" "SELinux Policy documentation for rpm_script"
+.SH "NAME"
+rpm_script_selinux \- Security Enhanced Linux Policy for the rpm_script processes
+.SH "DESCRIPTION"
@@ -76661,9 +77268,9 @@ index 0000000..70acddc
+
+.SH "ENTRYPOINTS"
+
-+The rpm_script_t SELinux type can be entered via the "proc_type,file_type,mtrr_device_t,sysctl_type,filesystem_type,bin_t,shell_exec_t,unlabeled_t" file types. The default entrypoint paths for the rpm_script_t domain are the following:"
++The rpm_script_t SELinux type can be entered via the "shell_exec_t,unlabeled_t,proc_type,file_type,sysctl_type,mtrr_device_t,filesystem_type,bin_t,ldconfig_exec_t" file types. The default entrypoint paths for the rpm_script_t domain are the following:"
+
-+/dev/cpu/mtrr, /etc/ppp/ip-up\..*, /usr/lib/vmware-tools/(s)?bin32(/.*)?, /usr/lib/virtualbox/VBoxManage, /usr/lib/.*/scripts(/.*)?, /etc/ppp/ip-down\..*, /usr/share/system-config-netboot/system-config-netboot\.py, /usr/share/shorewall-perl(/.*)?, /usr/Brother(/.*)?, /usr/share/doc/ghc/html/libraries/gen_contents_index, /usr/lib/mailman.*/mail(/.*)?, /usr/lib/[^/]*thunderbird[^/]*/open-browser\.sh, /usr/share/cluster/ocf-shellfuncs, /bin, /usr/lib/.*/program(/.*)?, /usr/lib/security/pam_krb5/pam_krb5_storetmp, /usr/share/apr-0/build/libtool, /usr/lib/pm-utils(/.*)?, /etc/sysconfig/network-scripts/net.*, /usr/share/system-config-language/system-config-language, /usr/lib/vte/gnome-pty-helper, /etc/lxdm/Pre.*, /usr/lib/xulrunner[^/]*/crashreporter, /usr/lib/nagios/plugins(/.*)?, /usr/share/PackageKit/helpers(/.*)?, /usr/share/e16/misc(/.*)?, /usr/lib/fence(/.*)?, /etc/sysconfig/network-scripts/init.*, /usr/lib/xulrunner[^/]*/updater, /etc/mcelog/cache-error-trigger, /usr/share
/system-config-mouse/system-config-mouse, /usr/share/system-config-netboot/pxeos\.py, /usr/share/cluster/.*\.sh, /usr/lib/udev/devices/MAKEDEV, /usr/lib/nfs-utils/scripts(/.*)?, /usr/share/mc/extfs/.*, /emul/ia32-linux/usr(/.*)?/sbin(/.*)?, /var/qmail/rc, /var/mailman.*/bin(/.*)?, /usr/share/system-config-nfs/system-config-nfs\.py, /sbin, /usr/share/texmf/web2c/mktexupd, /usr/lib/readahead(/.*)?, /usr/lib/gimp/.*/plug-ins(/.*)?, /usr/lib/xen/bin(/.*)?, /usr/share/Modules/init(/.*)?, /var/qmail/bin, /opt/google/talkplugin(/.*)?, /etc/profile.d(/.*)?, /usr/share/hwbrowser/hwbrowser, /usr/share/dayplanner/dayplanner, /usr/lib/nspluginwrapper/np.*, /usr/share/printconf/util/print\.py, /usr/lib/[^/]*/run-mozilla\.sh, /usr/linuxprinter/filters(/.*)?, /usr/share/system-config-network/neat-control\.py, /usr/lib/[^/]*/mozilla-xremote-client, /usr/share/hal/scripts(/.*)?, /usr/lib/[^/]*thunderbird[^/]*/thunderbird, /usr/share/system-config-selinux/polgen\.py, /usr/lib(.*/)?sbin(/.*)?,
/lib/udev/devices/MAKEDEV, /etc/vmware-tools(/.*)?, /etc/PackageKit/events(/.*)?, /usr/share/denyhosts/plugins(/.*)?, /usr/share/sectool/.*\.py, /etc/pki/tls/certs/make-dummy-cert, /usr/lib/rpm/rpmd, /usr/lib/tuned/.*/.*\.sh, /usr/share/cluster/svclib_nfslock, /usr/libexec(/.*)?, /usr/share/system-config-nfs/nfs-export\.py, /usr/share/apr-0/build/[^/]+\.sh, /opt/OpenPrinting-Gutenprint/cups/lib/filter(/.*)?, /bin/mountpoint, /usr/share/rhn/rhn_applet/needed-packages\.py, /lib/security/pam_krb5(/.*)?, /emul/ia32-linux/usr/libexec(/.*)?, /usr/lib/rpm/rpmk, /etc/apcupsd/commok, /usr/lib/oracle/xe/apps(/.*)?, /usr/share/clamav/freshclam-sleep, /usr/lib/mediawiki/math/texvc.*, /etc/ConsoleKit/run-seat\.d(/.*)?, /usr/lib/xfce4(/.*)?, /usr/share/system-config-services/system-config-services, /opt/(.*/)?libexec(/.*)?, /emul/ia32-linux/usr(/.*)?/Bin(/.*)?, /usr/lib/debug/sbin(/.*)?, /etc/sysconfig/libvirtd, /etc/cron.weekly(/.*)?, /usr/lib/ccache/bin(/.*)?, /sbin/.*, /var/lib/asteri
sk/agi-bin(/.*)?, /usr/lib/[^/]*thunderbird[^/]*/thunderbird-bin, /usr/lib/yp/.+, /usr/share/wicd/daemon(/.*)?, /etc/ppp/ipv6-up\..*, /etc/acpi/actions(/.*)?, /etc/sysconfig/network-scripts/ifdown.*, /usr/share/cluster/SAPDatabase, /usr/share/system-config-soundcard/system-config-soundcard, /usr/lib/udev/scsi_id, /etc/pm/power\.d(/.*)?, /usr/share/system-config-services/gui\.py, /etc/lxdm/Xsession, /usr/lib/cyrus-imapd/.*, /usr/sbin/insmod_ksymoops_clean, /etc/cipe/ip-down.*, /usr/share/PackageKit/pk-upgrade-distro\.sh, /usr/share/shorewall/compiler\.pl, /usr/share/pydict/pydict\.py, /dev/MAKEDEV, /usr/share/shorewall-shell(/.*)?, /emul/ia32-linux/bin(/.*)?, /root/bin(/.*)?, /usr/lib/xfce4/session/balou-export-theme, /usr/share/system-config-selinux/system-config-selinux\.py, /etc/ppp/ipv6-down\..*, /usr/share/pwlib/make/ptlib-config, /usr/lib/ConsoleKit/scripts(/.*)?, /opt/(.*/)?bin(/.*)?, /etc/init\.d/functions, /lib/readahead(/.*)?, /etc/apcupsd/apccontrol, /usr/share/sys
tem-config-samba/system-config-samba\.py, /usr/lib/misc/sftp-server, /etc/apcupsd/onbattery, /usr/lib/qt.*/bin(/.*)?, /usr/share/cvs/contrib/rcs2log, /usr/lib/debug/usr/sbin(/.*)?, /usr/share/system-config-keyboard/system-config-keyboard, /usr/share/fedora-usermgmt/wrapper, /usr/lib/thunderbird.*/mozilla-xremote-client, /usr/share/ssl/misc(/.*)?, /etc/apcupsd/changeme, /etc/apcupsd/offbattery, /etc/apcupsd/commfailure, /etc/sysconfig/readonly-root, /etc/cron.monthly(/.*)?, /var/ftp/bin(/.*)?, /usr/lib/xfce4/xfwm4/helper-dialog, /usr/lib/iscan/network, /usr/share/shorewall-lite(/.*)?, /usr/Printer(/.*)?, /usr/share/authconfig/authconfig-gtk\.py, /usr/share/system-config-rootpassword/system-config-rootpassword, /usr/lib/news/bin(/.*)?, /usr/share/system-config-lvm/system-config-lvm\.py, /usr/share/system-config-netboot/pxeboot\.py, /etc/auto\.[^/]*, /usr/Brother/(.*/)?inf/brprintconf.*, /etc/apcupsd/masterconnect, /etc/avahi/.*\.action, /usr/lib/netsaint/plugins(/.*)?, /usr/sh
are/authconfig/authconfig-tui\.py, /usr/share/system-config-securitylevel/system-config-securitylevel\.py, /usr/lib/xfce4/exo-1/exo-helper-1, /usr/lib/dracut(/.*)?, /usr/share/kde4/apps/kajongg/kajongg.py, /usr/share/hal/device-manager/hal-device-manager, /usr/share/selinux/devel/policygentool, /etc/mail/make, /usr/lib/debug/usr/libexec(/.*)?, /opt/gutenprint/cups/lib/filter(/.*)?, /usr/libexec/openssh/sftp-server, /usr/lib/ruby/gems/.*/agents(/.*)?, /usr/lib/bluetooth(/.*)?, /usr/lib/chromium-browser(/.*)?, /etc/sysconfig/init, /usr/share/system-logviewer/system-logviewer\.py, /emul/ia32-linux/usr(/.*)?/bin(/.*)?, /usr/lib/wicd/monitor\.py, /etc/pki/tls/misc(/.*)?, /etc/cron.hourly(/.*)?, /etc/xen/qemu-ifup, /usr/share/system-config-services/serviceconf\.py, /usr/share/tucan.*/tucan.py, /usr/lib/portage/bin(/.*)?, /etc/lxdm/LoginReady, /etc/mcelog/triggers(/.*)?, /usr/share/texmf/web2c/mktexnam, /etc/gdm/XKeepsCrashing[^/]*, /usr/lib/apt/methods.+, /etc/rc\.d/init\.d/functi
ons, /usr/lib/xfce4/exo-1/exo-compose-mail-1, /etc/kde/shutdown(/.*)?, /usr/lib/cups(/.*)?, /usr/share/gedit-2/plugins/externaltools/tools(/.*)?, /usr/share/gnucash/finance-quote-helper, /etc/cron.daily(/.*)?, /usr/share/gitolite/hooks/gitolite-admin/post-update, /usr/lib/rpm/rpmv, /etc/ConsoleKit/run-session\.d(/.*)?, /etc/munin/plugins(/.*)?, /usr/share/clamav/clamd-gen, /etc/lxdm/Post.*, /usr/lib/xulrunner[^/]*/xulrunner[^/]*, /etc/hotplug/.*agent, /usr/lib/emacsen-common/.*, /usr/lib/jvm/java(.*/)bin(/.*), /etc/sysconfig/network-scripts/ifup.*, /usr/lib/xfce4/xfconf/xfconfd, /usr/lib/MailScanner(/.*)?, /usr/share/vhostmd/scripts(/.*)?, /usr/share/ajaxterm/qweb.py.*, /usr/share/switchdesk/switchdesk-gui\.py, /usr/lib/ipsec/.*, /usr/share/turboprint/lib(/.*)?, /usr/sbin/mkfs\.cramfs, /var/qmail/bin(/.*)?, /etc/sysconfig/crond, /usr/share/hplip/[^/]*, /lib/security/pam_krb5/pam_krb5_storetmp, /usr/share/debconf/.+, /usr/share/shorewall/configpath, /usr/bin/pingus.*, /etc/ho
tplug/hotplug\.functions, /usr/lib/mailman.*/bin(/.*)?, /usr/share/texmf/web2c/mktexdir, /usr/share/gnucash/finance-quote-check, /etc/redhat-lsb(/.*)?, /usr/X11R6/lib/X11/xkb/xkbcomp, /etc/gdm/[^/]+, /opt/google/chrome(/.*)?, /usr/lib/tumbler-[^/]*/tumblerd, /usr/lib/dpkg/.+, /usr/share/sandbox/sandboxX.sh, /etc/cipe/ip-up.*, /usr/lib/udev/[^/]*, /usr/bin/mountpoint, /lib/udev/scsi_id, /bin/.*, /emul/ia32-linux/sbin(/.*)?, /var/lib/iscan/interpreter, /etc/dhcp/dhclient\.d(/.*)?, /etc/racoon/scripts(/.*)?, /opt/(.*/)?sbin(/.*)?, /usr/share/shorewall6-lite(/.*)?, /usr/share/spamassassin/sa-update\.cron, /usr/share/rhn/rhn_applet/applet\.py, /etc/X11/xdm/TakeConsole, /usr/(.*/)?sbin(/.*)?, /etc/X11/xinit(/.*)?, /usr/share/shorewall/getparams, /usr/share/cluster/checkquorum, /etc/X11/xdm/GiveConsole, /usr/lib/xfce4/session/xfsm-shutdown-helper, /lib/upstart(/.*)?, /etc/pm/sleep\.d(/.*)?, /etc/gdm/[^/]+/.*, /usr/share/system-config-httpd/system-config-httpd, /usr/lib/upstart(/.*)
?, /usr/lib/pgsql/test/regress/.*\.sh, /usr/share/system-config-users/system-config-users, /etc/mgetty\+sendfax/new_fax, /usr/lib/debug/bin(/.*)?, /usr/lib/debug/usr/bin(/.*)?, /etc/hotplug/.*rc, /usr/lib/courier(/.*)?, /etc/X11/xdm/Xsetup_0, /etc/netplug\.d(/.*)?, /usr/Brother/(.*/)?inf/setup.*, /usr/lib/xfce4/session/balou-install-theme, /usr/(.*/)?bin(/.*)?, /usr/(.*/)?Bin(/.*)?, /etc/xen/scripts(/.*)?, /usr/share/smolt/client(/.*)?, /usr/bin, /etc/sysconfig/netconsole, /usr/share/system-config-network(/netconfig)?/[^/]+\.py, /usr/lib/xfce4/panel/migrate, /usr/share/ajaxterm/ajaxterm.py.*, /sbin/mkfs\.cramfs, /usr/share/authconfig/authconfig\.py, /usr/share/system-config-date/system-config-date\.py, /usr/share/virtualbox/.*\.sh, /etc/apcupsd/mastertimeout, /usr/lib/ruby/gems(/.*)?/helper-scripts(/.*)?, /usr/share/texmf/texconfig/tcfmgr, /etc/kde/env(/.*)?, /usr/lib/rpm/rpmq, /sbin/insmod_ksymoops_clean, /usr/lib/xfce4/panel/wrapper, /usr/share/system-config-printer/applet
\.py, /etc/hotplug\.d/default/default.*, /usr/lib(.*/)?bin(/.*)?, /usr/share/gitolite/hooks/common/update, /usr/lib/ConsoleKit/run-session\.d(/.*)?, /usr/lib/sftp-server, /usr/share/system-config-display/system-config-display, /lib/udev/[^/]*, /usr/share/cluster/fence_scsi_check\.pl, /usr/share/denyhosts/scripts(/.*)?, /usr/share/createrepo(/.*)?, /usr/lib/yaboot/addnote, /usr/lib/vmware-tools/(s)?bin64(/.*)?, /usr/share/cluster/SAPInstance, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh
++/bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, all files on the system, /dev/cpu/mtrr, /bin/.*, /opt/(.*/)?bin(/.*)?, /usr/(.*/)?Bin(/.*)?, /usr/(.*/)?bin(/.*)?, /usr/(.*/)?sbin(/.*)?, /opt/(.*/)?sbin(/.*)?, /opt/(.*/)?libexec(/.*)?, /sbin/.*, /usr/lib(.*/)?bin(/.*)?, /usr/lib(.*/)?sbin(/.*)?, /etc/gdm/[^/]+, /root/bin(/.*)?, /etc/gdm/[^/]+/.*, /etc/cron.daily(/.*)?, /etc/cron.weekly(/.*)?, /etc/cron.hourly(/.*)?, /etc/cron.monthly(/.*)?, /usr/lib/.*/scripts(/.*)?, /usr/lib/.*/program(/.*)?, /usr/lib/[^/]*/run-mozilla\.sh, /usr/lib/[^/]*/mozilla-xremote-client
, /usr/lib/[^/]*thunderbird[^/]*/thunderbird, /usr/lib/[^/]*thunderbird[^/]*/thunderbird-bin, /usr/lib/[^/]*thunderbird[^/]*/open-browser\.sh, /lib/udev/[^/]*, /etc/auto\.[^/]*, /etc/avahi/.*\.action, /usr/lib/qt.*/bin(/.*)?, /usr/lib/yp/.+, /var/ftp/bin(/.*)?, /usr/Brother(/.*)?, /usr/Printer(/.*)?, /usr/libexec(/.*)?, /lib/upstart(/.*)?, /etc/kde/env(/.*)?, /etc/profile.d(/.*)?, /var/mailman.*/bin(/.*)?, /etc/lxdm/Pre.*, /etc/hotplug/.*rc, /usr/lib/cups(/.*)?, /etc/hotplug/.*agent, /usr/Brother/(.*/)?inf/setup.*, /usr/Brother/(.*/)?inf/brprintconf.*, /usr/lib/dpkg/.+, /etc/lxdm/Post.*, /usr/lib/udev/[^/]*, /var/qmail/bin(/.*)?, /usr/lib/xfce4(/.*)?, /usr/lib/fence(/.*)?, /etc/X11/xinit(/.*)?, /lib/readahead(/.*)?, /etc/netplug\.d(/.*)?, /usr/lib/gimp/.*/plug-ins(/.*)?, /usr/lib/ipsec/.*, /etc/ppp/ip-up\..*, /usr/bin/pingus.*, /etc/cipe/ip-up.*, /usr/lib/dracut(/.*)?, /etc/pm/power\.d(/.*)?, /etc/pm/sleep\.d(/.*)?, /etc/redhat-lsb(/.*)?, /usr/lib/tuned/.*/.*\.sh, /usr/lib/x
en/bin(/.*)?, /usr/lib/upstart(/.*)?, /usr/lib/courier(/.*)?, /etc/xen/scripts(/.*)?, /usr/share/tucan.*/tucan.py, /usr/lib/mailman.*/bin(/.*)?, /usr/lib/mailman.*/mail(/.*)?, /etc/ppp/ipv6-up\..*, /etc/ppp/ip-down\..*, /etc/cipe/ip-down.*, /usr/share/hplip/[^/]*, /usr/lib/news/bin(/.*)?, /usr/lib/pm-utils(/.*)?, /etc/vmware-tools(/.*)?, /etc/kde/shutdown(/.*)?, /etc/acpi/actions(/.*)?, /etc/pki/tls/misc(/.*)?, /usr/lib/jvm/java(.*/)bin(/.*), /usr/lib/tumbler-[^/]*/tumblerd, /usr/lib/readahead(/.*)?, /opt/google/chrome(/.*)?, /etc/munin/plugins(/.*)?, /usr/lib/bluetooth(/.*)?, /usr/lib/debug/bin(/.*)?, /usr/lib/xulrunner[^/]*/updater, /usr/lib/xulrunner[^/]*/crashreporter, /usr/lib/xulrunner[^/]*/xulrunner[^/]*, /usr/lib/ruby/gems(/.*)?/helper-scripts(/.*)?, /usr/share/debconf/.+, /etc/ppp/ipv6-down\..*, /usr/share/cluster/.*\.sh, /usr/share/sectool/.*\.py, /usr/share/ssl/misc(/.*)?, /usr/share/e16/misc(/.*)?, /usr/lib/ccache/bin(/.*)?, /etc/racoon/scripts(/.*)?, /usr/lib/de
bug/sbin(/.*)?, /usr/lib/ruby/gems/.*/agents(/.*)?, /usr/share/mc/extfs/.*, /usr/lib/apt/methods.+, /usr/lib/portage/bin(/.*)?, /usr/lib/MailScanner(/.*)?, /etc/mcelog/triggers(/.*)?, /etc/dhcp/dhclient\.d(/.*)?, /emul/ia32-linux/bin(/.*)?, /emul/ia32-linux/usr(/.*)?/bin(/.*)?, /emul/ia32-linux/usr(/.*)?/Bin(/.*)?, /emul/ia32-linux/usr(/.*)?/sbin(/.*)?, /usr/lib/thunderbird.*/mozilla-xremote-client, /usr/lib/cyrus-imapd/.*, /usr/share/createrepo(/.*)?, /emul/ia32-linux/sbin(/.*)?, /usr/share/virtualbox/.*\.sh, /usr/share/hal/scripts(/.*)?, /usr/share/wicd/daemon(/.*)?, /lib/security/pam_krb5(/.*)?, /opt/google/talkplugin(/.*)?, /etc/PackageKit/events(/.*)?, /usr/lib/debug/usr/bin(/.*)?, /usr/lib/vmware-tools/(s)?bin32(/.*)?, /usr/lib/vmware-tools/(s)?bin64(/.*)?, /etc/gdm/XKeepsCrashing[^/]*, /usr/lib/oracle/xe/apps(/.*)?, /usr/share/Modules/init(/.*)?, /usr/share/smolt/client(/.*)?, /usr/lib/nagios/plugins(/.*)?, /usr/lib/debug/usr/sbin(/.*)?, /usr/share/apr-0/build/[^/]+\.
sh, /usr/lib/emacsen-common/.*, /usr/share/ajaxterm/qweb.py.*, /var/lib/asterisk/agi-bin(/.*)?, /usr/share/shorewall-perl(/.*)?, /usr/share/shorewall-lite(/.*)?, /usr/linuxprinter/filters(/.*)?, /usr/lib/netsaint/plugins(/.*)?, /usr/lib/chromium-browser(/.*)?, /usr/share/turboprint/lib(/.*)?, /usr/lib/nfs-utils/scripts(/.*)?, /usr/share/shorewall-shell(/.*)?, /usr/share/shorewall6-lite(/.*)?, /usr/share/vhostmd/scripts(/.*)?, /usr/lib/debug/usr/libexec(/.*)?, /etc/ConsoleKit/run-seat\.d(/.*)?, /usr/lib/nspluginwrapper/np.*, /usr/share/sandbox/sandboxX.sh, /usr/lib/ConsoleKit/scripts(/.*)?, /usr/share/ajaxterm/ajaxterm.py.*, /usr/lib/pgsql/test/regress/.*\.sh, /usr/share/denyhosts/plugins(/.*)?, /usr/share/denyhosts/scripts(/.*)?, /emul/ia32-linux/usr/libexec(/.*)?, /usr/lib/mediawiki/math/texvc.*, /usr/share/PackageKit/helpers(/.*)?, /etc/ConsoleKit/run-session\.d(/.*)?, /etc/hotplug\.d/default/default.*, /usr/lib/systemd/system-sleep/(.*)?, /opt/gutenprint/cups/lib/filter(/
.*)?, /usr/share/system-config-network(/netconfig)?/[^/]+\.py, /usr/lib/ConsoleKit/run-session\.d(/.*)?, /etc/sysconfig/network-scripts/net.*, /etc/sysconfig/network-scripts/ifup.*, /etc/sysconfig/network-scripts/init.*, /usr/share/kde4/apps/kajongg/kajongg.py, /etc/sysconfig/network-scripts/ifdown.*, /opt/OpenPrinting-Gutenprint/cups/lib/filter(/.*)?, /usr/share/gedit-2/plugins/externaltools/tools(/.*)?, /bin, /sbin, /usr/bin, /dev/MAKEDEV, /var/qmail/rc, /var/qmail/bin, /etc/mail/make, /bin/mountpoint, /usr/lib/rpm/rpmv, /usr/lib/rpm/rpmk, /usr/lib/rpm/rpmq, /usr/lib/rpm/rpmd, /lib/udev/scsi_id, /sbin/mkfs\.cramfs, /etc/xen/qemu-ifup, /etc/lxdm/Xsession, /etc/sysconfig/init, /usr/bin/mountpoint, /etc/apcupsd/commok, /usr/lib/sftp-server, /etc/sysconfig/crond, /etc/lxdm/LoginReady, /usr/sbin/mkfs\.cramfs, /usr/lib/udev/scsi_id, /etc/X11/xdm/Xsetup_0, /etc/init\.d/functions, /etc/apcupsd/changeme, /usr/lib/iscan/network, /etc/apcupsd/onbattery, /usr/lib/yaboot/addnote, /etc/
sysconfig/libvirtd, /etc/apcupsd/apccontrol, /etc/apcupsd/offbattery, /usr/lib/wicd/monitor\.py, /etc/X11/xdm/TakeConsole, /etc/X11/xdm/GiveConsole, /etc/apcupsd/commfailure, /usr/lib/misc/sftp-server, /etc/sysconfig/netconsole, /lib/udev/devices/MAKEDEV, /var/lib/iscan/interpreter, /etc/rc\.d/init\.d/functions, /etc/apcupsd/masterconnect, /etc/apcupsd/mastertimeout, /usr/share/pydict/pydict\.py, /usr/share/clamav/clamd-gen, /sbin/insmod_ksymoops_clean, /etc/mgetty\+sendfax/new_fax, /usr/lib/xfce4/panel/migrate, /usr/lib/xfce4/panel/wrapper, /etc/sysconfig/readonly-root, /usr/lib/udev/devices/MAKEDEV, /usr/lib/vte/gnome-pty-helper, /usr/lib/xfce4/xfconf/xfconfd, /usr/share/hwbrowser/hwbrowser, /usr/share/cvs/contrib/rcs2log, /usr/X11R6/lib/X11/xkb/xkbcomp, /usr/lib/virtualbox/VBoxManage, /usr/share/cluster/checkquorum, /usr/share/shorewall/getparams, /usr/share/apr-0/build/libtool, /usr/share/cluster/SAPDatabase, /usr/share/cluster/SAPInstance, /etc/hotplug/hotplug\.function
s, /usr/share/texmf/web2c/mktexdir, /usr/share/texmf/web2c/mktexupd, /usr/share/texmf/web2c/mktexnam, /usr/share/shorewall/configpath, /usr/sbin/insmod_ksymoops_clean, /etc/mcelog/cache-error-trigger, /usr/share/shorewall/compiler\.pl, /usr/share/dayplanner/dayplanner, /usr/libexec/openssh/sftp-server, /usr/share/texmf/texconfig/tcfmgr, /usr/share/clamav/freshclam-sleep, /usr/share/cluster/ocf-shellfuncs, /usr/share/cluster/svclib_nfslock, /usr/lib/xfce4/exo-1/exo-helper-1, /usr/share/pwlib/make/ptlib-config, /usr/share/fedora-usermgmt/wrapper, /usr/share/printconf/util/print\.py, /usr/lib/xfce4/xfwm4/helper-dialog, /etc/pki/tls/certs/make-dummy-cert, /usr/share/rhn/rhn_applet/applet\.py, /usr/share/authconfig/authconfig\.py, /usr/share/spamassassin/sa-update\.cron, /usr/share/gnucash/finance-quote-check, /usr/share/cluster/fence_scsi_check\.pl, /usr/share/selinux/devel/policygentool, /usr/share/switchdesk/switchdesk-gui\.py, /usr/share/authconfig/authconfig-gtk\.py, /usr/sh
are/authconfig/authconfig-tui\.py, /usr/share/gitolite/hooks/common/update, /usr/share/gnucash/finance-quote-helper, /usr/lib/xfce4/exo-1/exo-compose-mail-1, /usr/share/system-config-services/gui\.py, /lib/security/pam_krb5/pam_krb5_storetmp, /usr/share/system-config-netboot/pxeos\.py, /usr/lib/xfce4/session/balou-export-theme, /usr/share/system-config-nfs/nfs-export\.py, /usr/share/system-config-printer/applet\.py, /usr/share/system-config-selinux/polgen\.py, /usr/share/PackageKit/pk-upgrade-distro\.sh, /usr/lib/xfce4/session/balou-install-theme, /usr/share/system-config-netboot/pxeboot\.py, /usr/lib/xfce4/session/xfsm-shutdown-helper, /usr/share/rhn/rhn_applet/needed-packages\.py, /usr/lib/security/pam_krb5/pam_krb5_storetmp, /usr/share/system-logviewer/system-logviewer\.py, /usr/share/system-config-network/neat-control\.py, /usr/share/system-config-services/serviceconf\.py, /usr/share/hal/device-manager/hal-device-manager, /usr/share/system-config-lvm/system-config-lvm\.p
y, /usr/share/system-config-nfs/system-config-nfs\.py, /usr/share/system-config-httpd/system-config-httpd, /usr/share/system-config-mouse/system-config-mouse, /usr/share/system-config-users/system-config-users, /usr/share/system-config-date/system-config-date\.py, /usr/share/doc/ghc/html/libraries/gen_contents_index, /usr/share/gitolite/hooks/gitolite-admin/post-update, /usr/share/system-config-samba/system-config-samba\.py, /usr/share/system-config-display/system-config-display, /usr/share/system-config-keyboard/system-config-keyboard, /usr/share/system-config-language/system-config-language, /usr/share/system-config-services/system-config-services, /usr/share/system-config-selinux/system-config-selinux\.py, /usr/share/system-config-netboot/system-config-netboot\.py, /usr/share/system-config-soundcard/system-config-soundcard, /usr/share/system-config-rootpassword/system-config-rootpassword, /usr/share/system-config-securitylevel/system-config-securitylevel\.py, /sbin/ldconf
ig, /usr/sbin/ldconfig
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -76765,19 +77372,21 @@ index 0000000..70acddc
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), rpm_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), rpm_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, rpm_selinux(8), rpm_selinux(8)
\ No newline at end of file
diff --git a/man/man8/rpm_selinux.8 b/man/man8/rpm_selinux.8
new file mode 100644
-index 0000000..7eb20b2
+index 0000000..9a8991c
--- /dev/null
+++ b/man/man8/rpm_selinux.8
-@@ -0,0 +1,205 @@
-+.TH "rpm_selinux" "8" "rpm" "dwalsh at redhat.com" "rpm SELinux Policy documentation"
+@@ -0,0 +1,191 @@
++.TH "rpm_selinux" "8" "12-10-19" "rpm" "SELinux Policy documentation for rpm"
+.SH "NAME"
+rpm_selinux \- Security Enhanced Linux Policy for the rpm processes
+.SH "DESCRIPTION"
@@ -76793,9 +77402,9 @@ index 0000000..7eb20b2
+
+.SH "ENTRYPOINTS"
+
-+The rpm_t SELinux type can be entered via the "proc_type,rpm_script_exec_t,file_type,mtrr_device_t,sysctl_type,filesystem_type,rpm_exec_t,debuginfo_exec_t,unlabeled_t" file types. The default entrypoint paths for the rpm_t domain are the following:"
++The rpm_t SELinux type can be entered via the "unlabeled_t,proc_type,file_type,rpm_exec_t,debuginfo_exec_t,sysctl_type,mtrr_device_t,rpm_script_exec_t,filesystem_type" file types. The default entrypoint paths for the rpm_t domain are the following:"
+
-+/dev/cpu/mtrr, /usr/bin/apt-get, /usr/sbin/bcfg2, /usr/sbin/rhn_check, /usr/bin/rpmdev-rmdevelrpms, /usr/sbin/synaptic, /usr/share/yumex/yumex-yum-backend, /usr/bin/apt-shell, /usr/sbin/yum-updatesd, /usr/sbin/pup, /usr/libexec/packagekitd, /usr/libexec/yumDBUSBackend.py, /usr/sbin/pirut, /usr/bin/package-cleanup, /bin/rpm, /usr/bin/yum, /usr/sbin/system-install-packages, /usr/bin/zif, /usr/bin/rpm, /usr/sbin/yum-complete-transaction, /usr/bin/smart, /usr/sbin/packagekitd, /usr/bin/fedora-rmdevelrpms, /usr/sbin/rhnreg_ks, /usr/share/yumex/yum_childtask\.py, /usr/sbin/up2date, /usr/bin/dnf, /usr/bin/debuginfo-install
++all files on the system, /usr/libexec/yumDBUSBackend.py, /bin/rpm, /usr/bin/dnf, /usr/bin/rpm, /usr/bin/yum, /usr/bin/zif, /usr/sbin/pup, /usr/bin/smart, /usr/sbin/bcfg2, /usr/sbin/pirut, /usr/bin/apt-get, /usr/sbin/up2date, /usr/sbin/synaptic, /usr/bin/apt-shell, /usr/sbin/rhn_check, /usr/sbin/rhnreg_ks, /usr/sbin/packagekitd, /usr/sbin/yum-updatesd, /usr/libexec/packagekitd, /usr/bin/package-cleanup, /usr/bin/fedora-rmdevelrpms, /usr/bin/rpmdev-rmdevelrpms, /usr/sbin/system-install-packages, /usr/share/yumex/yum_childtask\.py, /usr/sbin/yum-complete-transaction, /usr/share/yumex/yumex-yum-backend, /usr/bin/debuginfo-install, /dev/cpu/mtrr
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -76832,10 +77441,6 @@ index 0000000..7eb20b2
+
+- Set files with the rpm_exec_t type, if you want to transition an executable to the rpm_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/apt-get, /usr/sbin/bcfg2, /usr/sbin/rhn_check, /usr/bin/rpmdev-rmdevelrpms, /usr/sbin/synaptic, /usr/share/yumex/yumex-yum-backend, /usr/bin/apt-shell, /usr/sbin/yum-updatesd, /usr/sbin/pup, /usr/libexec/packagekitd, /usr/libexec/yumDBUSBackend.py, /usr/sbin/pirut, /usr/bin/package-cleanup, /bin/rpm, /usr/bin/yum, /usr/sbin/system-install-packages, /usr/bin/zif, /usr/bin/rpm, /usr/sbin/yum-complete-transaction, /usr/bin/smart, /usr/sbin/packagekitd, /usr/bin/fedora-rmdevelrpms, /usr/sbin/rhnreg_ks, /usr/share/yumex/yum_childtask\.py, /usr/sbin/up2date, /usr/bin/dnf
+
+.EX
+.PP
@@ -76900,10 +77505,6 @@ index 0000000..7eb20b2
+
+- Set files with the rpm_var_cache_t type, if you want to store the files under the /var/cache directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/cache/PackageKit(/.*)?, /var/cache/yum(/.*)?, /var/spool/up2date(/.*)?
+
+.EX
+.PP
@@ -76912,10 +77513,6 @@ index 0000000..7eb20b2
+
+- Set files with the rpm_var_lib_t type, if you want to store the rpm files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/yum(/.*)?, /var/lib/PackageKit(/.*)?, /var/lib/rpm(/.*)?, /var/lib/alternatives(/.*)?
+
+.EX
+.PP
@@ -76924,10 +77521,6 @@ index 0000000..7eb20b2
+
+- Set files with the rpm_var_run_t type, if you want to store the rpm files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/PackageKit(/.*)?, /var/run/yum.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -76977,19 +77570,21 @@ index 0000000..7eb20b2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), rpm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), rpm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, rpm_script_selinux(8)
\ No newline at end of file
diff --git a/man/man8/rshd_selinux.8 b/man/man8/rshd_selinux.8
new file mode 100644
-index 0000000..78b6298
+index 0000000..7515d38
--- /dev/null
+++ b/man/man8/rshd_selinux.8
@@ -0,0 +1,302 @@
-+.TH "rshd_selinux" "8" "rshd" "dwalsh at redhat.com" "rshd SELinux Policy documentation"
++.TH "rshd_selinux" "8" "12-10-19" "rshd" "SELinux Policy documentation for rshd"
+.SH "NAME"
+rshd_selinux \- Security Enhanced Linux Policy for the rshd processes
+.SH "DESCRIPTION"
@@ -77007,7 +77602,7 @@ index 0000000..78b6298
+
+The rshd_t SELinux type can be entered via the "rshd_exec_t" file type. The default entrypoint paths for the rshd_t domain are the following:"
+
-+/usr/sbin/in\.rshd, /usr/kerberos/sbin/kshd, /usr/sbin/in\.rexecd
++/usr/sbin/in\.rshd, /usr/sbin/in\.rexecd, /usr/kerberos/sbin/kshd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -77044,10 +77639,6 @@ index 0000000..78b6298
+
+- Set files with the rshd_exec_t type, if you want to transition an executable to the rshd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/in\.rshd, /usr/kerberos/sbin/kshd, /usr/sbin/in\.rexecd
+
+.EX
+.PP
@@ -77156,6 +77747,8 @@ index 0000000..78b6298
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -77287,17 +77880,19 @@ index 0000000..78b6298
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), rshd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), rshd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/rssh_chroot_helper_selinux.8 b/man/man8/rssh_chroot_helper_selinux.8
new file mode 100644
-index 0000000..c27131b
+index 0000000..747f90b
--- /dev/null
+++ b/man/man8/rssh_chroot_helper_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "rssh_chroot_helper_selinux" "8" "rssh_chroot_helper" "dwalsh at redhat.com" "rssh_chroot_helper SELinux Policy documentation"
+@@ -0,0 +1,101 @@
++.TH "rssh_chroot_helper_selinux" "8" "12-10-19" "rssh_chroot_helper" "SELinux Policy documentation for rssh_chroot_helper"
+.SH "NAME"
+rssh_chroot_helper_selinux \- Security Enhanced Linux Policy for the rssh_chroot_helper processes
+.SH "DESCRIPTION"
@@ -77360,10 +77955,6 @@ index 0000000..c27131b
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type rssh_chroot_helper_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -77395,19 +77986,21 @@ index 0000000..c27131b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), rssh_chroot_helper(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), rssh_chroot_helper(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, rssh_selinux(8), rssh_selinux(8)
\ No newline at end of file
diff --git a/man/man8/rssh_selinux.8 b/man/man8/rssh_selinux.8
new file mode 100644
-index 0000000..fa82146
+index 0000000..6de2c08
--- /dev/null
+++ b/man/man8/rssh_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "rssh_selinux" "8" "rssh" "dwalsh at redhat.com" "rssh SELinux Policy documentation"
+@@ -0,0 +1,133 @@
++.TH "rssh_selinux" "8" "12-10-19" "rssh" "SELinux Policy documentation for rssh"
+.SH "NAME"
+rssh_selinux \- Security Enhanced Linux Policy for the rssh processes
+.SH "DESCRIPTION"
@@ -77533,17 +78126,19 @@ index 0000000..fa82146
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), rssh(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), rssh(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, rssh_chroot_helper_selinux(8)
\ No newline at end of file
diff --git a/man/man8/rsync_selinux.8 b/man/man8/rsync_selinux.8
-index ad9ccf5..f383d90 100644
+index ad9ccf5..190fa8d 100644
--- a/man/man8/rsync_selinux.8
+++ b/man/man8/rsync_selinux.8
-@@ -1,52 +1,255 @@
+@@ -1,52 +1,299 @@
-.TH "rsync_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "rsync Selinux Policy documentation"
-.de EX
-.nf
@@ -77553,7 +78148,7 @@ index ad9ccf5..f383d90 100644
-.ft R
-.fi
-..
-+.TH "rsync_selinux" "8" "rsync" "dwalsh at redhat.com" "rsync SELinux Policy documentation"
++.TH "rsync_selinux" "8" "12-10-19" "rsync" "SELinux Policy documentation for rsync"
.SH "NAME"
-rsync_selinux \- Security Enhanced Linux Policy for the rsync daemon
+rsync_selinux \- Security Enhanced Linux Policy for the rsync processes
@@ -77615,6 +78210,27 @@ index ad9ccf5..f383d90 100644
+.EE
+
+.PP
++If you want to allow rsync to export any files/directories read only, you must turn on the rsync_export_all_ro boolean.
++
++.EX
++.B setsebool -P rsync_export_all_ro 1
++.EE
++
++.PP
++If you want to allow rsync servers to share nfs files systems, you must turn on the rsync_use_nfs boolean.
++
++.EX
++.B setsebool -P rsync_use_nfs 1
++.EE
++
++.PP
++If you want to allow rsync servers to share cifs files systems, you must turn on the rsync_use_cifs boolean.
++
++.EX
++.B setsebool -P rsync_use_cifs 1
++.EE
++
++.PP
+If you want to allow rsync to run as a client, you must turn on the rsync_client boolean.
+
+.EX
@@ -77622,6 +78238,13 @@ index ad9ccf5..f383d90 100644
+.EE
+
+.PP
++If you want to allow postgresql to use ssh and rsync for point-in-time recovery, you must turn on the postgresql_can_rsync boolean.
++
++.EX
++.B setsebool -P postgresql_can_rsync 1
++.EE
++
++.PP
+If you want to allow rsync to export any files/directories read only, you must turn on the rsync_export_all_ro boolean.
+
+.EX
@@ -77642,6 +78265,13 @@ index ad9ccf5..f383d90 100644
+.B setsebool -P rsync_use_cifs 1
+.EE
+
++.PP
++If you want to allow rsync to run as a client, you must turn on the rsync_client boolean.
++
++.EX
++.B setsebool -P rsync_client 1
++.EE
++
+.SH SHARING FILES
+If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
.TP
@@ -77677,6 +78307,17 @@ index ad9ccf5..f383d90 100644
-.SH SHARING FILES
-If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for rsync you would execute:
++.PP
++If you want to allow rsync to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t., you must turn on the rsync_anon_write boolean.
+
+ .EX
+-setsebool -P allow_rsync_anon_write=1
++.B setsebool -P rsync_anon_write 1
+ .EE
+
+-.SH BOOLEANS
+-.TP
+-system-config-selinux is a GUI tool available to customize SELinux policy settings.
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -77687,16 +78328,12 @@ index ad9ccf5..f383d90 100644
+.PP
+The following file types are defined for rsync:
+
-
- .EX
--setsebool -P allow_rsync_anon_write=1
++
++.EX
+.PP
+.B rsync_data_t
- .EE
-
--.SH BOOLEANS
--.TP
--system-config-selinux is a GUI tool available to customize SELinux policy settings.
++.EE
++
+- Set files with the rsync_data_t type, if you want to treat the files as rsync content.
+
+
@@ -77830,20 +78467,22 @@ index ad9ccf5..f383d90 100644
+
.SH AUTHOR
-This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
.SH "SEE ALSO"
-selinux(8), rsync(1), chcon(1), setsebool(8), semanage(8)
-+selinux(8), rsync(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), rsync(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/rtkit_daemon_selinux.8 b/man/man8/rtkit_daemon_selinux.8
new file mode 100644
-index 0000000..21faacf
+index 0000000..fb72b0a
--- /dev/null
+++ b/man/man8/rtkit_daemon_selinux.8
-@@ -0,0 +1,106 @@
-+.TH "rtkit_daemon_selinux" "8" "rtkit_daemon" "dwalsh at redhat.com" "rtkit_daemon SELinux Policy documentation"
+@@ -0,0 +1,108 @@
++.TH "rtkit_daemon_selinux" "8" "12-10-19" "rtkit_daemon" "SELinux Policy documentation for rtkit_daemon"
+.SH "NAME"
+rtkit_daemon_selinux \- Security Enhanced Linux Policy for the rtkit_daemon processes
+.SH "DESCRIPTION"
@@ -77945,17 +78584,19 @@ index 0000000..21faacf
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), rtkit_daemon(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), rtkit_daemon(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/run_init_selinux.8 b/man/man8/run_init_selinux.8
new file mode 100644
-index 0000000..923bb8a
+index 0000000..25b8fd4
--- /dev/null
+++ b/man/man8/run_init_selinux.8
-@@ -0,0 +1,146 @@
-+.TH "run_init_selinux" "8" "run_init" "dwalsh at redhat.com" "run_init SELinux Policy documentation"
+@@ -0,0 +1,148 @@
++.TH "run_init_selinux" "8" "12-10-19" "run_init" "SELinux Policy documentation for run_init"
+.SH "NAME"
+run_init_selinux \- Security Enhanced Linux Policy for the run_init processes
+.SH "DESCRIPTION"
@@ -78097,17 +78738,19 @@ index 0000000..923bb8a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), run_init(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), run_init(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/rwho_selinux.8 b/man/man8/rwho_selinux.8
new file mode 100644
-index 0000000..71795f3
+index 0000000..6896780
--- /dev/null
+++ b/man/man8/rwho_selinux.8
-@@ -0,0 +1,150 @@
-+.TH "rwho_selinux" "8" "rwho" "dwalsh at redhat.com" "rwho SELinux Policy documentation"
+@@ -0,0 +1,152 @@
++.TH "rwho_selinux" "8" "12-10-19" "rwho" "SELinux Policy documentation for rwho"
+.SH "NAME"
+rwho_selinux \- Security Enhanced Linux Policy for the rwho processes
+.SH "DESCRIPTION"
@@ -78253,17 +78896,19 @@ index 0000000..71795f3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), rwho(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), rwho(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/samba_net_selinux.8 b/man/man8/samba_net_selinux.8
new file mode 100644
-index 0000000..8436edf
+index 0000000..64ee64b
--- /dev/null
+++ b/man/man8/samba_net_selinux.8
-@@ -0,0 +1,153 @@
-+.TH "samba_net_selinux" "8" "samba_net" "dwalsh at redhat.com" "samba_net SELinux Policy documentation"
+@@ -0,0 +1,155 @@
++.TH "samba_net_selinux" "8" "12-10-19" "samba_net" "SELinux Policy documentation for samba_net"
+.SH "NAME"
+samba_net_selinux \- Security Enhanced Linux Policy for the samba_net processes
+.SH "DESCRIPTION"
@@ -78411,10 +79056,12 @@ index 0000000..8436edf
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), samba_net(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), samba_net(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, samba_unconfined_script_selinux(8), sambagui_selinux(8)
\ No newline at end of file
diff --git a/man/man8/samba_selinux.8 b/man/man8/samba_selinux.8
@@ -78481,11 +79128,11 @@ index ca702c7..f52d532 100644
+.so man8/smbd_selinux.8
diff --git a/man/man8/samba_unconfined_script_selinux.8 b/man/man8/samba_unconfined_script_selinux.8
new file mode 100644
-index 0000000..5ee2f4c
+index 0000000..94201c5
--- /dev/null
+++ b/man/man8/samba_unconfined_script_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "samba_unconfined_script_selinux" "8" "samba_unconfined_script" "dwalsh at redhat.com" "samba_unconfined_script SELinux Policy documentation"
+@@ -0,0 +1,87 @@
++.TH "samba_unconfined_script_selinux" "8" "12-10-19" "samba_unconfined_script" "SELinux Policy documentation for samba_unconfined_script"
+.SH "NAME"
+samba_unconfined_script_selinux \- Security Enhanced Linux Policy for the samba_unconfined_script processes
+.SH "DESCRIPTION"
@@ -78501,9 +79148,9 @@ index 0000000..5ee2f4c
+
+.SH "ENTRYPOINTS"
+
-+The samba_unconfined_script_t SELinux type can be entered via the "samba_unconfined_script_exec_t,shell_exec_t" file types. The default entrypoint paths for the samba_unconfined_script_t domain are the following:"
++The samba_unconfined_script_t SELinux type can be entered via the "shell_exec_t,samba_unconfined_script_exec_t" file types. The default entrypoint paths for the samba_unconfined_script_t domain are the following:"
+
-+/var/lib/samba/scripts(/.*)?, /usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh
++/bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /var/lib/samba/scripts(/.*)?
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -78548,10 +79195,6 @@ index 0000000..5ee2f4c
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type samba_unconfined_script_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -78569,19 +79212,21 @@ index 0000000..5ee2f4c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), samba_unconfined_script(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), samba_unconfined_script(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, samba_net_selinux(8), sambagui_selinux(8)
\ No newline at end of file
diff --git a/man/man8/sambagui_selinux.8 b/man/man8/sambagui_selinux.8
new file mode 100644
-index 0000000..76d2ac6
+index 0000000..32dee90
--- /dev/null
+++ b/man/man8/sambagui_selinux.8
-@@ -0,0 +1,126 @@
-+.TH "sambagui_selinux" "8" "sambagui" "dwalsh at redhat.com" "sambagui SELinux Policy documentation"
+@@ -0,0 +1,128 @@
++.TH "sambagui_selinux" "8" "12-10-19" "sambagui" "SELinux Policy documentation for sambagui"
+.SH "NAME"
+sambagui_selinux \- Security Enhanced Linux Policy for the sambagui processes
+.SH "DESCRIPTION"
@@ -78703,49 +79348,71 @@ index 0000000..76d2ac6
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), sambagui(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), sambagui(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/sandbox_selinux.8 b/man/man8/sandbox_selinux.8
new file mode 100644
-index 0000000..759c807
+index 0000000..94b817f
--- /dev/null
+++ b/man/man8/sandbox_selinux.8
-@@ -0,0 +1,172 @@
-+.TH "sandbox_selinux" "8" "sandbox" "dwalsh at redhat.com" "sandbox SELinux Policy documentation"
+@@ -0,0 +1,192 @@
++.TH "sandbox_selinux" "8" "12-10-19" "sandbox" "SELinux Policy documentation for sandbox"
+.SH "NAME"
+sandbox_selinux \- Security Enhanced Linux Policy for the sandbox processes
+.SH "DESCRIPTION"
+
-+Security-Enhanced Linux secures the sandbox processes via flexible mandatory access
-+control.
++Security-Enhanced Linux secures the sandbox processes via flexible mandatory access control.
+
-+.SH BOOLEANS
-+SELinux policy is customizable based on least access required. sandbox policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sandbox with the tightest access possible.
++The sandbox processes execute with the sandbox_t SELinux type. You can check if you have these processes running by executing the \fBps\fP command with the \fB\-Z\fP qualifier.
++
++For example:
+
++.B ps -eZ | grep sandbox_t
+
++
++.SH "ENTRYPOINTS"
++
++The sandbox_t SELinux type can be entered via the "file_type" file type. The default entrypoint paths for the sandbox_t domain are the following:"
++
++all files on the system
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
+.PP
-+If you want to allow unconfined users to transition to the chrome sandbox domains when running chrome-sandbox, you must turn on the unconfined_chrome_sandbox_transition boolean.
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux sandbox policy is very flexible allowing users to setup their sandbox processes in as secure a method as possible.
++.PP
++The following process types are defined for sandbox:
+
+.EX
-+.B setsebool -P unconfined_chrome_sandbox_transition 1
++.B sandbox_x_client_t, sandbox_net_client_t, sandbox_xserver_t, sandbox_x_t, sandbox_web_client_t, sandbox_min_t, sandbox_net_t, sandbox_web_t, sandbox_min_client_t, sandbox_t
+.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH BOOLEANS
++SELinux policy is customizable based on least access required. sandbox policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sandbox with the tightest access possible.
+
-+.SH NSSWITCH DOMAIN
+
+.PP
-+If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sandbox_min_t, sandbox_net_t, sandbox_web_client_t, sandbox_xserver_t, sandbox_web_t, sandbox_x_client_t, sandbox_x_t, sandbox_net_client_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++If you want to allow unconfined users to transition to the chrome sandbox domains when running chrome-sandbox, you must turn on the unconfined_chrome_sandbox_transition boolean.
+
+.EX
-+.B setsebool -P authlogin_nsswitch_use_ldap 1
++.B setsebool -P unconfined_chrome_sandbox_transition 1
+.EE
+
+.PP
-+If you want to allow confined applications to run with kerberos for the sandbox_min_t, sandbox_net_t, sandbox_web_client_t, sandbox_xserver_t, sandbox_web_t, sandbox_x_client_t, sandbox_x_t, sandbox_net_client_t, you must turn on the kerberos_enabled boolean.
++If you want to allow unconfined users to transition to the chrome sandbox domains when running chrome-sandbox, you must turn on the unconfined_chrome_sandbox_transition boolean.
+
+.EX
-+.B setsebool -P kerberos_enabled 1
++.B setsebool -P unconfined_chrome_sandbox_transition 1
+.EE
+
+.SH FILE CONTEXTS
@@ -78830,27 +79497,9 @@ index 0000000..759c807
+.B restorecon
+to apply the labels.
+
-+.SH PROCESS TYPES
-+SELinux defines process types (domains) for each process running on the system
-+.PP
-+You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
-+.PP
-+Policy governs the access confined processes have to files.
-+SELinux sandbox policy is very flexible allowing users to setup their sandbox processes in as secure a method as possible.
-+.PP
-+The following process types are defined for sandbox:
-+
-+.EX
-+.B sandbox_x_client_t, sandbox_net_client_t, sandbox_xserver_t, sandbox_x_t, sandbox_web_client_t, sandbox_min_t, sandbox_net_t, sandbox_web_t, sandbox_min_client_t, sandbox_t
-+.EE
-+.PP
-+Note:
-+.B semanage permissive -a PROCESS_TYPE
-+can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
-+
+.SH "MANAGED FILES"
+
-+The SELinux user type sandbox_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++The SELinux process type sandbox_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
+.B sandbox_file_t
@@ -78862,6 +79511,22 @@ index 0000000..759c807
+ all sandbox content in tmpfs file systems
+.br
+
++.SH NSSWITCH DOMAIN
++
++.PP
++If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the sandbox_min_t, sandbox_net_t, sandbox_web_client_t, sandbox_xserver_t, sandbox_web_t, sandbox_x_client_t, sandbox_x_t, sandbox_net_client_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
++
++.EX
++.B setsebool -P authlogin_nsswitch_use_ldap 1
++.EE
++
++.PP
++If you want to allow confined applications to run with kerberos for the sandbox_min_t, sandbox_net_t, sandbox_web_client_t, sandbox_xserver_t, sandbox_web_t, sandbox_x_client_t, sandbox_x_t, sandbox_net_client_t, you must turn on the kerberos_enabled boolean.
++
++.EX
++.B setsebool -P kerberos_enabled 1
++.EE
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -78880,19 +79545,21 @@ index 0000000..759c807
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), sandbox(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), sandbox(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/sanlock_selinux.8 b/man/man8/sanlock_selinux.8
new file mode 100644
-index 0000000..5c289a0
+index 0000000..cae2c88
--- /dev/null
+++ b/man/man8/sanlock_selinux.8
-@@ -0,0 +1,182 @@
-+.TH "sanlock_selinux" "8" "sanlock" "dwalsh at redhat.com" "sanlock SELinux Policy documentation"
+@@ -0,0 +1,220 @@
++.TH "sanlock_selinux" "8" "12-10-19" "sanlock" "SELinux Policy documentation for sanlock"
+.SH "NAME"
+sanlock_selinux \- Security Enhanced Linux Policy for the sanlock processes
+.SH "DESCRIPTION"
@@ -78941,6 +79608,13 @@ index 0000000..5c289a0
+.EE
+
+.PP
++If you want to allow sanlock to manage cifs files, you must turn on the sanlock_use_samba boolean.
++
++.EX
++.B setsebool -P sanlock_use_samba 1
++.EE
++
++.PP
+If you want to allow confined virtual guests to interact with the sanlock, you must turn on the virt_use_sanlock boolean.
+
+.EX
@@ -78955,12 +79629,33 @@ index 0000000..5c289a0
+.EE
+
+.PP
++If you want to allow sanlock to read/write fuse files, you must turn on the sanlock_use_fusefs boolean.
++
++.EX
++.B setsebool -P sanlock_use_fusefs 1
++.EE
++
++.PP
+If you want to allow sanlock to manage cifs files, you must turn on the sanlock_use_samba boolean.
+
+.EX
+.B setsebool -P sanlock_use_samba 1
+.EE
+
++.PP
++If you want to allow confined virtual guests to interact with the sanlock, you must turn on the virt_use_sanlock boolean.
++
++.EX
++.B setsebool -P virt_use_sanlock 1
++.EE
++
++.PP
++If you want to allow sanlock to manage nfs files, you must turn on the sanlock_use_nfs boolean.
++
++.EX
++.B setsebool -P sanlock_use_nfs 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -78998,6 +79693,14 @@ index 0000000..5c289a0
+
+.EX
+.PP
++.B sanlock_unit_file_t
++.EE
++
++- Set files with the sanlock_unit_file_t type, if you want to treat the files as sanlock unit content.
++
++
++.EX
++.PP
+.B sanlock_var_run_t
+.EE
+
@@ -79069,19 +79772,21 @@ index 0000000..5c289a0
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), sanlock(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), sanlock(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/saslauthd_selinux.8 b/man/man8/saslauthd_selinux.8
new file mode 100644
-index 0000000..aff4491
+index 0000000..fad6797
--- /dev/null
+++ b/man/man8/saslauthd_selinux.8
-@@ -0,0 +1,213 @@
-+.TH "saslauthd_selinux" "8" "saslauthd" "dwalsh at redhat.com" "saslauthd SELinux Policy documentation"
+@@ -0,0 +1,220 @@
++.TH "saslauthd_selinux" "8" "12-10-19" "saslauthd" "SELinux Policy documentation for saslauthd"
+.SH "NAME"
+saslauthd_selinux \- Security Enhanced Linux Policy for the saslauthd processes
+.SH "DESCRIPTION"
@@ -79129,6 +79834,13 @@ index 0000000..aff4491
+.B setsebool -P saslauthd_read_shadow 1
+.EE
+
++.PP
++If you want to allow sasl to read shadow, you must turn on the saslauthd_read_shadow boolean.
++
++.EX
++.B setsebool -P saslauthd_read_shadow 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -79171,10 +79883,6 @@ index 0000000..aff4491
+
+- Set files with the saslauthd_var_run_t type, if you want to store the saslauthd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/saslauthd(/.*)?, /var/lib/sasl2(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -79206,6 +79914,8 @@ index 0000000..aff4491
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -79289,19 +79999,21 @@ index 0000000..aff4491
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), saslauthd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), saslauthd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/sblim_gatherd_selinux.8 b/man/man8/sblim_gatherd_selinux.8
new file mode 100644
-index 0000000..62a360d
+index 0000000..3f927f7
--- /dev/null
+++ b/man/man8/sblim_gatherd_selinux.8
-@@ -0,0 +1,95 @@
-+.TH "sblim_gatherd_selinux" "8" "sblim_gatherd" "dwalsh at redhat.com" "sblim_gatherd SELinux Policy documentation"
+@@ -0,0 +1,97 @@
++.TH "sblim_gatherd_selinux" "8" "12-10-19" "sblim_gatherd" "SELinux Policy documentation for sblim_gatherd"
+.SH "NAME"
+sblim_gatherd_selinux \- Security Enhanced Linux Policy for the sblim_gatherd processes
+.SH "DESCRIPTION"
@@ -79391,19 +80103,21 @@ index 0000000..62a360d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), sblim_gatherd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), sblim_gatherd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, sblim_reposd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/sblim_reposd_selinux.8 b/man/man8/sblim_reposd_selinux.8
new file mode 100644
-index 0000000..593dffc
+index 0000000..3d8ea22
--- /dev/null
+++ b/man/man8/sblim_reposd_selinux.8
-@@ -0,0 +1,95 @@
-+.TH "sblim_reposd_selinux" "8" "sblim_reposd" "dwalsh at redhat.com" "sblim_reposd SELinux Policy documentation"
+@@ -0,0 +1,97 @@
++.TH "sblim_reposd_selinux" "8" "12-10-19" "sblim_reposd" "SELinux Policy documentation for sblim_reposd"
+.SH "NAME"
+sblim_reposd_selinux \- Security Enhanced Linux Policy for the sblim_reposd processes
+.SH "DESCRIPTION"
@@ -79493,18 +80207,20 @@ index 0000000..593dffc
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), sblim_reposd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), sblim_reposd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, sblim_gatherd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/secadm_selinux.8 b/man/man8/secadm_selinux.8
new file mode 100644
-index 0000000..f7ae221
+index 0000000..3992d11
--- /dev/null
+++ b/man/man8/secadm_selinux.8
-@@ -0,0 +1,330 @@
+@@ -0,0 +1,332 @@
+.TH "secadm_selinux" "8" "secadm" "mgrepl at redhat.com" "secadm SELinux Policy documentation"
+.SH "NAME"
+secadm_r \- \fBSecurity administrator role\fP - Security Enhanced Linux Policy
@@ -79551,7 +80267,7 @@ index 0000000..f7ae221
+SELinux policy also controls which roles can transition to a different role.
+You can list these rules using the following command.
+
-+.B sesearch --role_allow
++.B search --role_allow
+
+SELinux policy allows the sysadm_r, staff_r, auditadm_r roles can transition to the secadm_r role.
+
@@ -79627,10 +80343,10 @@ index 0000000..f7ae221
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -79831,17 +80547,19 @@ index 0000000..f7ae221
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), secadm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), secadm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/sectoolm_selinux.8 b/man/man8/sectoolm_selinux.8
new file mode 100644
-index 0000000..97d8dbd
+index 0000000..3852b4f
--- /dev/null
+++ b/man/man8/sectoolm_selinux.8
-@@ -0,0 +1,124 @@
-+.TH "sectoolm_selinux" "8" "sectoolm" "dwalsh at redhat.com" "sectoolm SELinux Policy documentation"
+@@ -0,0 +1,126 @@
++.TH "sectoolm_selinux" "8" "12-10-19" "sectoolm" "SELinux Policy documentation for sectoolm"
+.SH "NAME"
+sectoolm_selinux \- Security Enhanced Linux Policy for the sectoolm processes
+.SH "DESCRIPTION"
@@ -79961,17 +80679,19 @@ index 0000000..97d8dbd
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), sectoolm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), sectoolm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/selinux_munin_plugin_selinux.8 b/man/man8/selinux_munin_plugin_selinux.8
new file mode 100644
-index 0000000..57d0a57
+index 0000000..cff3822
--- /dev/null
+++ b/man/man8/selinux_munin_plugin_selinux.8
-@@ -0,0 +1,106 @@
-+.TH "selinux_munin_plugin_selinux" "8" "selinux_munin_plugin" "dwalsh at redhat.com" "selinux_munin_plugin SELinux Policy documentation"
+@@ -0,0 +1,108 @@
++.TH "selinux_munin_plugin_selinux" "8" "12-10-19" "selinux_munin_plugin" "SELinux Policy documentation for selinux_munin_plugin"
+.SH "NAME"
+selinux_munin_plugin_selinux \- Security Enhanced Linux Policy for the selinux_munin_plugin processes
+.SH "DESCRIPTION"
@@ -80073,17 +80793,19 @@ index 0000000..57d0a57
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), selinux_munin_plugin(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), selinux_munin_plugin(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/semanage_selinux.8 b/man/man8/semanage_selinux.8
new file mode 100644
-index 0000000..311dc3c
+index 0000000..ad1920a
--- /dev/null
+++ b/man/man8/semanage_selinux.8
-@@ -0,0 +1,220 @@
-+.TH "semanage_selinux" "8" "semanage" "dwalsh at redhat.com" "semanage SELinux Policy documentation"
+@@ -0,0 +1,214 @@
++.TH "semanage_selinux" "8" "12-10-19" "semanage" "SELinux Policy documentation for semanage"
+.SH "NAME"
+semanage_selinux \- Security Enhanced Linux Policy for the semanage processes
+.SH "DESCRIPTION"
@@ -80101,7 +80823,7 @@ index 0000000..311dc3c
+
+The semanage_t SELinux type can be entered via the "semanage_exec_t" file type. The default entrypoint paths for the semanage_t domain are the following:"
+
-+/usr/share/system-config-selinux/system-config-selinux-dbus\.py, /usr/sbin/semanage, /usr/sbin/semodule
++/usr/sbin/semanage, /usr/sbin/semodule, /usr/share/system-config-selinux/system-config-selinux-dbus\.py
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -80138,10 +80860,6 @@ index 0000000..311dc3c
+
+- Set files with the semanage_exec_t type, if you want to transition an executable to the semanage_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/system-config-selinux/system-config-selinux-dbus\.py, /usr/sbin/semanage, /usr/sbin/semodule
+
+.EX
+.PP
@@ -80158,10 +80876,6 @@ index 0000000..311dc3c
+
+- Set files with the semanage_store_t type, if you want to treat the files as semanage store data.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/share/selinux/mls(/.*)?, /etc/selinux/([^/]*/)?modules/(active|tmp|previous)(/.*)?, /etc/selinux/([^/]*/)?policy(/.*)?, /etc/share/selinux/targeted(/.*)?
+
+.EX
+.PP
@@ -80299,17 +81013,19 @@ index 0000000..311dc3c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), semanage(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), semanage(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/sendmail_selinux.8 b/man/man8/sendmail_selinux.8
new file mode 100644
-index 0000000..4bfd511
+index 0000000..e9911cd
--- /dev/null
+++ b/man/man8/sendmail_selinux.8
-@@ -0,0 +1,281 @@
-+.TH "sendmail_selinux" "8" "sendmail" "dwalsh at redhat.com" "sendmail SELinux Policy documentation"
+@@ -0,0 +1,292 @@
++.TH "sendmail_selinux" "8" "12-10-19" "sendmail" "SELinux Policy documentation for sendmail"
+.SH "NAME"
+sendmail_selinux \- Security Enhanced Linux Policy for the sendmail processes
+.SH "DESCRIPTION"
@@ -80327,7 +81043,7 @@ index 0000000..4bfd511
+
+The sendmail_t SELinux type can be entered via the "mta_exec_type,sendmail_exec_t" file types. The default entrypoint paths for the sendmail_t domain are the following:"
+
-+/usr/bin/mail(x)?, /usr/sbin/rmail, /usr/sbin/ssmtp, /usr/bin/esmtp, /var/qmail/bin/sendmail, /usr/sbin/sendmail\.postfix, /usr/lib/courier/bin/sendmail, /usr/lib/sendmail, /bin/mail(x)?, /usr/sbin/sendmail(\.sendmail)?
++/bin/mail(x)?, /usr/bin/mail(x)?, /usr/sbin/sendmail(\.sendmail)?, /usr/bin/esmtp, /usr/sbin/rmail, /usr/sbin/ssmtp, /usr/lib/sendmail, /var/qmail/bin/sendmail, /usr/sbin/sendmail\.postfix, /usr/lib/courier/bin/sendmail
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -80358,6 +81074,13 @@ index 0000000..4bfd511
+.EE
+
+.PP
++If you want to allow gitisis daemon to send mail, you must turn on the gitosis_can_sendmail boolean.
++
++.EX
++.B setsebool -P gitosis_can_sendmail 1
++.EE
++
++.PP
+If you want to allow syslogd daemon to send mail, you must turn on the logging_syslogd_can_sendmail boolean.
+
+.EX
@@ -80365,12 +81088,26 @@ index 0000000..4bfd511
+.EE
+
+.PP
++If you want to allow http daemon to send mail, you must turn on the httpd_can_sendmail boolean.
++
++.EX
++.B setsebool -P httpd_can_sendmail 1
++.EE
++
++.PP
+If you want to allow gitisis daemon to send mail, you must turn on the gitosis_can_sendmail boolean.
+
+.EX
+.B setsebool -P gitosis_can_sendmail 1
+.EE
+
++.PP
++If you want to allow syslogd daemon to send mail, you must turn on the logging_syslogd_can_sendmail boolean.
++
++.EX
++.B setsebool -P logging_syslogd_can_sendmail 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -80389,10 +81126,6 @@ index 0000000..4bfd511
+
+- Set files with the sendmail_exec_t type, if you want to transition an executable to the sendmail_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/mail(x)?, /usr/sbin/rmail, /usr/sbin/ssmtp, /usr/bin/esmtp, /var/qmail/bin/sendmail, /usr/sbin/sendmail\.postfix, /usr/lib/courier/bin/sendmail, /usr/lib/sendmail, /bin/mail(x)?, /usr/sbin/sendmail(\.sendmail)?
+
+.EX
+.PP
@@ -80417,10 +81150,6 @@ index 0000000..4bfd511
+
+- Set files with the sendmail_log_t type, if you want to treat the data as sendmail log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/sendmail\.st, /var/log/mail(/.*)?
+
+.EX
+.PP
@@ -80437,10 +81166,6 @@ index 0000000..4bfd511
+
+- Set files with the sendmail_var_run_t type, if you want to store the sendmail files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/sendmail\.pid, /var/run/sm-client\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -80585,19 +81310,21 @@ index 0000000..4bfd511
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), sendmail(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), sendmail(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/sensord_selinux.8 b/man/man8/sensord_selinux.8
new file mode 100644
-index 0000000..e9d2175
+index 0000000..f9b2a65
--- /dev/null
+++ b/man/man8/sensord_selinux.8
-@@ -0,0 +1,110 @@
-+.TH "sensord_selinux" "8" "sensord" "dwalsh at redhat.com" "sensord SELinux Policy documentation"
+@@ -0,0 +1,112 @@
++.TH "sensord_selinux" "8" "12-10-19" "sensord" "SELinux Policy documentation for sensord"
+.SH "NAME"
+sensord_selinux \- Security Enhanced Linux Policy for the sensord processes
+.SH "DESCRIPTION"
@@ -80703,17 +81430,19 @@ index 0000000..e9d2175
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), sensord(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), sensord(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/services_munin_plugin_selinux.8 b/man/man8/services_munin_plugin_selinux.8
new file mode 100644
-index 0000000..c0e4a6f
+index 0000000..62c92bf
--- /dev/null
+++ b/man/man8/services_munin_plugin_selinux.8
-@@ -0,0 +1,110 @@
-+.TH "services_munin_plugin_selinux" "8" "services_munin_plugin" "dwalsh at redhat.com" "services_munin_plugin SELinux Policy documentation"
+@@ -0,0 +1,108 @@
++.TH "services_munin_plugin_selinux" "8" "12-10-19" "services_munin_plugin" "SELinux Policy documentation for services_munin_plugin"
+.SH "NAME"
+services_munin_plugin_selinux \- Security Enhanced Linux Policy for the services_munin_plugin processes
+.SH "DESCRIPTION"
@@ -80731,7 +81460,7 @@ index 0000000..c0e4a6f
+
+The services_munin_plugin_t SELinux type can be entered via the "services_munin_plugin_exec_t" file type. The default entrypoint paths for the services_munin_plugin_t domain are the following:"
+
-+/usr/share/munin/plugins/nut.*, /usr/share/munin/plugins/snmp_.*, /usr/share/munin/plugins/named, /usr/share/munin/plugins/varnish_.*, /usr/share/munin/plugins/tomcat_.*, /usr/share/munin/plugins/postgres_.*, /usr/share/munin/plugins/asterisk_.*, /usr/share/munin/plugins/lpstat, /usr/share/munin/plugins/mysql_.*, /usr/share/munin/plugins/slapd_.*, /usr/share/munin/plugins/apache_.*, /usr/share/munin/plugins/ping_, /usr/share/munin/plugins/squid_.*, /usr/share/munin/plugins/fail2ban, /usr/share/munin/plugins/openvpn, /usr/share/munin/plugins/samba, /usr/share/munin/plugins/ntp_.*, /usr/share/munin/plugins/http_loadtime
++/usr/share/munin/plugins/nut.*, /usr/share/munin/plugins/ntp_.*, /usr/share/munin/plugins/snmp_.*, /usr/share/munin/plugins/mysql_.*, /usr/share/munin/plugins/slapd_.*, /usr/share/munin/plugins/squid_.*, /usr/share/munin/plugins/apache_.*, /usr/share/munin/plugins/tomcat_.*, /usr/share/munin/plugins/varnish_.*, /usr/share/munin/plugins/asterisk_.*, /usr/share/munin/plugins/postgres_.*, /usr/share/munin/plugins/named, /usr/share/munin/plugins/ping_, /usr/share/munin/plugins/samba, /usr/share/munin/plugins/lpstat, /usr/share/munin/plugins/openvpn, /usr/share/munin/plugins/fail2ban, /usr/share/munin/plugins/http_loadtime
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -80768,10 +81497,6 @@ index 0000000..c0e4a6f
+
+- Set files with the services_munin_plugin_exec_t type, if you want to transition an executable to the services_munin_plugin_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/munin/plugins/nut.*, /usr/share/munin/plugins/snmp_.*, /usr/share/munin/plugins/named, /usr/share/munin/plugins/varnish_.*, /usr/share/munin/plugins/tomcat_.*, /usr/share/munin/plugins/postgres_.*, /usr/share/munin/plugins/asterisk_.*, /usr/share/munin/plugins/lpstat, /usr/share/munin/plugins/mysql_.*, /usr/share/munin/plugins/slapd_.*, /usr/share/munin/plugins/apache_.*, /usr/share/munin/plugins/ping_, /usr/share/munin/plugins/squid_.*, /usr/share/munin/plugins/fail2ban, /usr/share/munin/plugins/openvpn, /usr/share/munin/plugins/samba, /usr/share/munin/plugins/ntp_.*, /usr/share/munin/plugins/http_loadtime
+
+.EX
+.PP
@@ -80819,17 +81544,19 @@ index 0000000..c0e4a6f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), services_munin_plugin(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), services_munin_plugin(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/setfiles_selinux.8 b/man/man8/setfiles_selinux.8
new file mode 100644
-index 0000000..a36c592
+index 0000000..73fd7b9
--- /dev/null
+++ b/man/man8/setfiles_selinux.8
-@@ -0,0 +1,104 @@
-+.TH "setfiles_selinux" "8" "setfiles" "dwalsh at redhat.com" "setfiles SELinux Policy documentation"
+@@ -0,0 +1,102 @@
++.TH "setfiles_selinux" "8" "12-10-19" "setfiles" "SELinux Policy documentation for setfiles"
+.SH "NAME"
+setfiles_selinux \- Security Enhanced Linux Policy for the setfiles processes
+.SH "DESCRIPTION"
@@ -80847,7 +81574,7 @@ index 0000000..a36c592
+
+The setfiles_t SELinux type can be entered via the "setfiles_exec_t" file type. The default entrypoint paths for the setfiles_t domain are the following:"
+
-+/sbin/setfiles.*, /sbin/restorecon, /usr/sbin/setfiles.*, /usr/sbin/restorecon
++/sbin/setfiles.*, /usr/sbin/setfiles.*, /sbin/restorecon, /usr/sbin/restorecon
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -80884,10 +81611,6 @@ index 0000000..a36c592
+
+- Set files with the setfiles_exec_t type, if you want to transition an executable to the setfiles_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/setfiles.*, /sbin/restorecon, /usr/sbin/setfiles.*, /usr/sbin/restorecon
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -80929,17 +81652,19 @@ index 0000000..a36c592
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), setfiles(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), setfiles(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/setkey_selinux.8 b/man/man8/setkey_selinux.8
new file mode 100644
-index 0000000..34fdfd9
+index 0000000..d3b26c7
--- /dev/null
+++ b/man/man8/setkey_selinux.8
-@@ -0,0 +1,92 @@
-+.TH "setkey_selinux" "8" "setkey" "dwalsh at redhat.com" "setkey SELinux Policy documentation"
+@@ -0,0 +1,86 @@
++.TH "setkey_selinux" "8" "12-10-19" "setkey" "SELinux Policy documentation for setkey"
+.SH "NAME"
+setkey_selinux \- Security Enhanced Linux Policy for the setkey processes
+.SH "DESCRIPTION"
@@ -80957,7 +81682,7 @@ index 0000000..34fdfd9
+
+The setkey_t SELinux type can be entered via the "setkey_exec_t" file type. The default entrypoint paths for the setkey_t domain are the following:"
+
-+/usr/sbin/setkey, /sbin/setkey
++/sbin/setkey, /usr/sbin/setkey
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -80994,10 +81719,6 @@ index 0000000..34fdfd9
+
+- Set files with the setkey_exec_t type, if you want to transition an executable to the setkey_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/setkey, /sbin/setkey
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -81006,10 +81727,6 @@ index 0000000..34fdfd9
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type setkey_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -81027,17 +81744,19 @@ index 0000000..34fdfd9
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), setkey(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), setkey(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/setrans_selinux.8 b/man/man8/setrans_selinux.8
new file mode 100644
-index 0000000..cdd861f
+index 0000000..00268c7
--- /dev/null
+++ b/man/man8/setrans_selinux.8
-@@ -0,0 +1,126 @@
-+.TH "setrans_selinux" "8" "setrans" "dwalsh at redhat.com" "setrans SELinux Policy documentation"
+@@ -0,0 +1,120 @@
++.TH "setrans_selinux" "8" "12-10-19" "setrans" "SELinux Policy documentation for setrans"
+.SH "NAME"
+setrans_selinux \- Security Enhanced Linux Policy for the setrans processes
+.SH "DESCRIPTION"
@@ -81092,10 +81811,6 @@ index 0000000..cdd861f
+
+- Set files with the setrans_exec_t type, if you want to transition an executable to the setrans_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/mcstransd, /usr/sbin/mcstransd
+
+.EX
+.PP
@@ -81112,10 +81827,6 @@ index 0000000..cdd861f
+
+- Set files with the setrans_var_run_t type, if you want to store the setrans files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/mcstransd\.pid, /var/run/setrans(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -81159,17 +81870,19 @@ index 0000000..cdd861f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), setrans(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), setrans(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/setroubleshoot_fixit_selinux.8 b/man/man8/setroubleshoot_fixit_selinux.8
new file mode 100644
-index 0000000..7199e98
+index 0000000..3a90b8d
--- /dev/null
+++ b/man/man8/setroubleshoot_fixit_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "setroubleshoot_fixit_selinux" "8" "setroubleshoot_fixit" "dwalsh at redhat.com" "setroubleshoot_fixit SELinux Policy documentation"
+@@ -0,0 +1,101 @@
++.TH "setroubleshoot_fixit_selinux" "8" "12-10-19" "setroubleshoot_fixit" "SELinux Policy documentation for setroubleshoot_fixit"
+.SH "NAME"
+setroubleshoot_fixit_selinux \- Security Enhanced Linux Policy for the setroubleshoot_fixit processes
+.SH "DESCRIPTION"
@@ -81232,10 +81945,6 @@ index 0000000..7199e98
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type setroubleshoot_fixit_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -81267,19 +81976,21 @@ index 0000000..7199e98
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), setroubleshoot_fixit(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), setroubleshoot_fixit(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setroubleshootd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/setroubleshootd_selinux.8 b/man/man8/setroubleshootd_selinux.8
new file mode 100644
-index 0000000..66836e9
+index 0000000..e7fab33
--- /dev/null
+++ b/man/man8/setroubleshootd_selinux.8
-@@ -0,0 +1,127 @@
-+.TH "setroubleshootd_selinux" "8" "setroubleshootd" "dwalsh at redhat.com" "setroubleshootd SELinux Policy documentation"
+@@ -0,0 +1,129 @@
++.TH "setroubleshootd_selinux" "8" "12-10-19" "setroubleshootd" "SELinux Policy documentation for setroubleshootd"
+.SH "NAME"
+setroubleshootd_selinux \- Security Enhanced Linux Policy for the setroubleshootd processes
+.SH "DESCRIPTION"
@@ -81401,19 +82112,21 @@ index 0000000..66836e9
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), setroubleshootd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), setroubleshootd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setroubleshoot_fixit_selinux(8)
\ No newline at end of file
diff --git a/man/man8/setsebool_selinux.8 b/man/man8/setsebool_selinux.8
new file mode 100644
-index 0000000..a120ac3
+index 0000000..eaf9962
--- /dev/null
+++ b/man/man8/setsebool_selinux.8
-@@ -0,0 +1,160 @@
-+.TH "setsebool_selinux" "8" "setsebool" "dwalsh at redhat.com" "setsebool SELinux Policy documentation"
+@@ -0,0 +1,162 @@
++.TH "setsebool_selinux" "8" "12-10-19" "setsebool" "SELinux Policy documentation for setsebool"
+.SH "NAME"
+setsebool_selinux \- Security Enhanced Linux Policy for the setsebool processes
+.SH "DESCRIPTION"
@@ -81569,17 +82282,19 @@ index 0000000..a120ac3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), setsebool(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), setsebool(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/sge_execd_selinux.8 b/man/man8/sge_execd_selinux.8
new file mode 100644
-index 0000000..9031a18
+index 0000000..684aa0e
--- /dev/null
+++ b/man/man8/sge_execd_selinux.8
-@@ -0,0 +1,113 @@
-+.TH "sge_execd_selinux" "8" "sge_execd" "dwalsh at redhat.com" "sge_execd SELinux Policy documentation"
+@@ -0,0 +1,115 @@
++.TH "sge_execd_selinux" "8" "12-10-19" "sge_execd" "SELinux Policy documentation for sge_execd"
+.SH "NAME"
+sge_execd_selinux \- Security Enhanced Linux Policy for the sge_execd processes
+.SH "DESCRIPTION"
@@ -81687,19 +82402,21 @@ index 0000000..9031a18
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), sge_execd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), sge_execd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, sge_job_selinux(8), sge_shepherd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/sge_job_selinux.8 b/man/man8/sge_job_selinux.8
new file mode 100644
-index 0000000..950438c
+index 0000000..1273d3f
--- /dev/null
+++ b/man/man8/sge_job_selinux.8
-@@ -0,0 +1,143 @@
-+.TH "sge_job_selinux" "8" "sge_job" "dwalsh at redhat.com" "sge_job SELinux Policy documentation"
+@@ -0,0 +1,147 @@
++.TH "sge_job_selinux" "8" "12-10-19" "sge_job" "SELinux Policy documentation for sge_job"
+.SH "NAME"
+sge_job_selinux \- Security Enhanced Linux Policy for the sge_job processes
+.SH "DESCRIPTION"
@@ -81715,9 +82432,9 @@ index 0000000..950438c
+
+.SH "ENTRYPOINTS"
+
-+The sge_job_t SELinux type can be entered via the "sge_job_exec_t,shell_exec_t" file types. The default entrypoint paths for the sge_job_t domain are the following:"
++The sge_job_t SELinux type can be entered via the "shell_exec_t,sge_job_exec_t" file types. The default entrypoint paths for the sge_job_t domain are the following:"
+
-+/usr/bin/fish, /usr/bin/ksh.*, /usr/bin/bash, /bin/ksh.*, /bin/zsh.*, /usr/libexec/sesh, /bin/bash, /usr/bin/git-shell, /usr/bin/yash, /usr/sbin/sesh, /bin/mksh, /bin/fish, /usr/bin/sash, /bin/tcsh, /usr/libexec/git-core/git-shell, /usr/bin/zsh.*, /usr/bin/scponly, /usr/bin/mksh, /bin/esh, /sbin/nologin, /usr/sbin/scponlyc, /usr/bin/d?ash, /bin/yash, /bin/sash, /bin/d?ash, /usr/bin/esh, /bin/bash2, /usr/sbin/nologin, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/tcsh
++/bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/ksh.*, /usr/bin/zsh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/mksh, /usr/bin/sash, /usr/bin/bash, /usr/bin/fish, /usr/bin/tcsh, /usr/bin/yash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -81781,6 +82498,8 @@ index 0000000..950438c
+
+ /root/\.ssh(/.*)?
+.br
++ /var/lib/openshift/[^/]+/\.ssh(/.*)?
++.br
+ /var/lib/amanda/\.ssh(/.*)?
+.br
+ /var/lib/stickshift/[^/]+/\.ssh(/.*)?
@@ -81837,19 +82556,21 @@ index 0000000..950438c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), sge_job(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), sge_job(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, sge_execd_selinux(8), sge_shepherd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/sge_shepherd_selinux.8 b/man/man8/sge_shepherd_selinux.8
new file mode 100644
-index 0000000..cea08c2
+index 0000000..e88142e
--- /dev/null
+++ b/man/man8/sge_shepherd_selinux.8
-@@ -0,0 +1,99 @@
-+.TH "sge_shepherd_selinux" "8" "sge_shepherd" "dwalsh at redhat.com" "sge_shepherd SELinux Policy documentation"
+@@ -0,0 +1,101 @@
++.TH "sge_shepherd_selinux" "8" "12-10-19" "sge_shepherd" "SELinux Policy documentation for sge_shepherd"
+.SH "NAME"
+sge_shepherd_selinux \- Security Enhanced Linux Policy for the sge_shepherd processes
+.SH "DESCRIPTION"
@@ -81943,19 +82664,21 @@ index 0000000..cea08c2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), sge_shepherd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), sge_shepherd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, sge_execd_selinux(8), sge_job_selinux(8)
\ No newline at end of file
diff --git a/man/man8/shorewall_selinux.8 b/man/man8/shorewall_selinux.8
new file mode 100644
-index 0000000..f71ea96
+index 0000000..acdadf9
--- /dev/null
+++ b/man/man8/shorewall_selinux.8
-@@ -0,0 +1,204 @@
-+.TH "shorewall_selinux" "8" "shorewall" "dwalsh at redhat.com" "shorewall SELinux Policy documentation"
+@@ -0,0 +1,190 @@
++.TH "shorewall_selinux" "8" "12-10-19" "shorewall" "SELinux Policy documentation for shorewall"
+.SH "NAME"
+shorewall_selinux \- Security Enhanced Linux Policy for the shorewall processes
+.SH "DESCRIPTION"
@@ -81973,7 +82696,7 @@ index 0000000..f71ea96
+
+The shorewall_t SELinux type can be entered via the "shorewall_var_lib_t,shorewall_exec_t" file types. The default entrypoint paths for the shorewall_t domain are the following:"
+
-+/var/lib/shorewall-lite(/.*)?, /var/lib/shorewall(/.*)?, /var/lib/shorewall6(/.*)?, /sbin/shorewall6?, /sbin/shorewall-lite, /usr/sbin/shorewall-lite, /usr/sbin/shorewall6?
++/var/lib/shorewall(/.*)?, /var/lib/shorewall6(/.*)?, /var/lib/shorewall-lite(/.*)?, /sbin/shorewall6?, /usr/sbin/shorewall6?, /sbin/shorewall-lite, /usr/sbin/shorewall-lite
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -82010,10 +82733,6 @@ index 0000000..f71ea96
+
+- Set files with the shorewall_etc_t type, if you want to store shorewall files in the /etc directories.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/shorewall-lite(/.*)?, /etc/shorewall(/.*)?
+
+.EX
+.PP
@@ -82022,10 +82741,6 @@ index 0000000..f71ea96
+
+- Set files with the shorewall_exec_t type, if you want to transition an executable to the shorewall_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/shorewall6?, /sbin/shorewall-lite, /usr/sbin/shorewall-lite, /usr/sbin/shorewall6?
+
+.EX
+.PP
@@ -82034,10 +82749,6 @@ index 0000000..f71ea96
+
+- Set files with the shorewall_initrc_exec_t type, if you want to transition an executable to the shorewall_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/shorewall, /etc/rc\.d/init\.d/shorewall-lite
+
+.EX
+.PP
@@ -82070,10 +82781,6 @@ index 0000000..f71ea96
+
+- Set files with the shorewall_var_lib_t type, if you want to store the shorewall files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/shorewall-lite(/.*)?, /var/lib/shorewall(/.*)?, /var/lib/shorewall6(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -82155,17 +82862,19 @@ index 0000000..f71ea96
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), shorewall(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), shorewall(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/showmount_selinux.8 b/man/man8/showmount_selinux.8
new file mode 100644
-index 0000000..759ceb4
+index 0000000..555bba8
--- /dev/null
+++ b/man/man8/showmount_selinux.8
-@@ -0,0 +1,88 @@
-+.TH "showmount_selinux" "8" "showmount" "dwalsh at redhat.com" "showmount SELinux Policy documentation"
+@@ -0,0 +1,86 @@
++.TH "showmount_selinux" "8" "12-10-19" "showmount" "SELinux Policy documentation for showmount"
+.SH "NAME"
+showmount_selinux \- Security Enhanced Linux Policy for the showmount processes
+.SH "DESCRIPTION"
@@ -82228,10 +82937,6 @@ index 0000000..759ceb4
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type showmount_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -82249,17 +82954,19 @@ index 0000000..759ceb4
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), showmount(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), showmount(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/shutdown_selinux.8 b/man/man8/shutdown_selinux.8
new file mode 100644
-index 0000000..85aca65
+index 0000000..b057178
--- /dev/null
+++ b/man/man8/shutdown_selinux.8
-@@ -0,0 +1,175 @@
-+.TH "shutdown_selinux" "8" "shutdown" "dwalsh at redhat.com" "shutdown SELinux Policy documentation"
+@@ -0,0 +1,180 @@
++.TH "shutdown_selinux" "8" "12-10-19" "shutdown" "SELinux Policy documentation for shutdown"
+.SH "NAME"
+shutdown_selinux \- Security Enhanced Linux Policy for the shutdown processes
+.SH "DESCRIPTION"
@@ -82277,7 +82984,7 @@ index 0000000..85aca65
+
+The shutdown_t SELinux type can be entered via the "shutdown_exec_t" file type. The default entrypoint paths for the shutdown_t domain are the following:"
+
-+/sbin/shutdown, /usr/sbin/shutdown, /usr/lib/upstart/shutdown, /lib/upstart/shutdown
++/sbin/shutdown, /usr/sbin/shutdown, /lib/upstart/shutdown, /usr/lib/upstart/shutdown
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -82307,6 +83014,13 @@ index 0000000..85aca65
+.B setsebool -P httpd_graceful_shutdown 1
+.EE
+
++.PP
++If you want to allow HTTPD to connect to port 80 for graceful shutdown, you must turn on the httpd_graceful_shutdown boolean.
++
++.EX
++.B setsebool -P httpd_graceful_shutdown 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -82333,10 +83047,6 @@ index 0000000..85aca65
+
+- Set files with the shutdown_exec_t type, if you want to transition an executable to the shutdown_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/shutdown, /usr/sbin/shutdown, /usr/lib/upstart/shutdown, /lib/upstart/shutdown
+
+.EX
+.PP
@@ -82429,19 +83139,21 @@ index 0000000..85aca65
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), shutdown(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), shutdown(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/slapd_selinux.8 b/man/man8/slapd_selinux.8
new file mode 100644
-index 0000000..5451371
+index 0000000..1c21c3b
--- /dev/null
+++ b/man/man8/slapd_selinux.8
-@@ -0,0 +1,278 @@
-+.TH "slapd_selinux" "8" "slapd" "dwalsh at redhat.com" "slapd SELinux Policy documentation"
+@@ -0,0 +1,274 @@
++.TH "slapd_selinux" "8" "12-10-19" "slapd" "SELinux Policy documentation for slapd"
+.SH "NAME"
+slapd_selinux \- Security Enhanced Linux Policy for the slapd processes
+.SH "DESCRIPTION"
@@ -82504,10 +83216,6 @@ index 0000000..5451371
+
+- Set files with the slapd_db_t type, if you want to treat the files as slapd database content.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/openldap/slapd\.d(/.*)?, /var/lib/ldap(/.*)?
+
+.EX
+.PP
@@ -82596,10 +83304,6 @@ index 0000000..5451371
+
+- Set files with the slapd_var_run_t type, if you want to store the slapd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/slapd\.args, /var/run/openldap(/.*)?, /var/run/slapd\.pid, /var/run/ldapi, /var/run/slapd.*
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -82625,6 +83329,8 @@ index 0000000..5451371
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -82715,17 +83421,19 @@ index 0000000..5451371
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), slapd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), slapd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/slpd_selinux.8 b/man/man8/slpd_selinux.8
new file mode 100644
-index 0000000..f822440
+index 0000000..99fd06a
--- /dev/null
+++ b/man/man8/slpd_selinux.8
-@@ -0,0 +1,138 @@
-+.TH "slpd_selinux" "8" "slpd" "dwalsh at redhat.com" "slpd SELinux Policy documentation"
+@@ -0,0 +1,140 @@
++.TH "slpd_selinux" "8" "12-10-19" "slpd" "SELinux Policy documentation for slpd"
+.SH "NAME"
+slpd_selinux \- Security Enhanced Linux Policy for the slpd processes
+.SH "DESCRIPTION"
@@ -82859,17 +83567,19 @@ index 0000000..f822440
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), slpd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), slpd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/smbcontrol_selinux.8 b/man/man8/smbcontrol_selinux.8
new file mode 100644
-index 0000000..2349e1d
+index 0000000..7ee0be2
--- /dev/null
+++ b/man/man8/smbcontrol_selinux.8
-@@ -0,0 +1,98 @@
-+.TH "smbcontrol_selinux" "8" "smbcontrol" "dwalsh at redhat.com" "smbcontrol SELinux Policy documentation"
+@@ -0,0 +1,100 @@
++.TH "smbcontrol_selinux" "8" "12-10-19" "smbcontrol" "SELinux Policy documentation for smbcontrol"
+.SH "NAME"
+smbcontrol_selinux \- Security Enhanced Linux Policy for the smbcontrol processes
+.SH "DESCRIPTION"
@@ -82963,17 +83673,19 @@ index 0000000..2349e1d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), smbcontrol(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), smbcontrol(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/smbd_selinux.8 b/man/man8/smbd_selinux.8
new file mode 100644
-index 0000000..018b887
+index 0000000..e854735
--- /dev/null
+++ b/man/man8/smbd_selinux.8
-@@ -0,0 +1,417 @@
-+.TH "smbd_selinux" "8" "smbd" "dwalsh at redhat.com" "smbd SELinux Policy documentation"
+@@ -0,0 +1,421 @@
++.TH "smbd_selinux" "8" "12-10-19" "smbd" "SELinux Policy documentation for smbd"
+.SH "NAME"
+smbd_selinux \- Security Enhanced Linux Policy for the smbd processes
+.SH "DESCRIPTION"
@@ -83307,6 +84019,8 @@ index 0000000..018b887
+.br
+.B samba_share_t
+
++ use this label for random content that will be shared using samba
++.br
+
+.br
+.B samba_var_t
@@ -83385,19 +84099,21 @@ index 0000000..018b887
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), smbd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8)
++selinux(8), smbd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
++, setsebool(8), smbcontrol_selinux(8), smbmount_selinux(8)
\ No newline at end of file
diff --git a/man/man8/smbmount_selinux.8 b/man/man8/smbmount_selinux.8
new file mode 100644
-index 0000000..09bb0ab
+index 0000000..bb8e2b1
--- /dev/null
+++ b/man/man8/smbmount_selinux.8
-@@ -0,0 +1,188 @@
-+.TH "smbmount_selinux" "8" "smbmount" "dwalsh at redhat.com" "smbmount SELinux Policy documentation"
+@@ -0,0 +1,186 @@
++.TH "smbmount_selinux" "8" "12-10-19" "smbmount" "SELinux Policy documentation for smbmount"
+.SH "NAME"
+smbmount_selinux \- Security Enhanced Linux Policy for the smbmount processes
+.SH "DESCRIPTION"
@@ -83452,10 +84168,6 @@ index 0000000..09bb0ab
+
+- Set files with the smbmount_exec_t type, if you want to transition an executable to the smbmount_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/smbmnt, /usr/bin/smbmount
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -83501,10 +84213,10 @@ index 0000000..09bb0ab
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -83581,17 +84293,19 @@ index 0000000..09bb0ab
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), smbmount(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), smbmount(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/smokeping_selinux.8 b/man/man8/smokeping_selinux.8
new file mode 100644
-index 0000000..06d2bff
+index 0000000..8febf3b
--- /dev/null
+++ b/man/man8/smokeping_selinux.8
-@@ -0,0 +1,138 @@
-+.TH "smokeping_selinux" "8" "smokeping" "dwalsh at redhat.com" "smokeping SELinux Policy documentation"
+@@ -0,0 +1,140 @@
++.TH "smokeping_selinux" "8" "12-10-19" "smokeping" "SELinux Policy documentation for smokeping"
+.SH "NAME"
+smokeping_selinux \- Security Enhanced Linux Policy for the smokeping processes
+.SH "DESCRIPTION"
@@ -83725,17 +84439,19 @@ index 0000000..06d2bff
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), smokeping(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), smokeping(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/smoltclient_selinux.8 b/man/man8/smoltclient_selinux.8
new file mode 100644
-index 0000000..df5f3e1
+index 0000000..f5e2004
--- /dev/null
+++ b/man/man8/smoltclient_selinux.8
-@@ -0,0 +1,114 @@
-+.TH "smoltclient_selinux" "8" "smoltclient" "dwalsh at redhat.com" "smoltclient SELinux Policy documentation"
+@@ -0,0 +1,116 @@
++.TH "smoltclient_selinux" "8" "12-10-19" "smoltclient" "SELinux Policy documentation for smoltclient"
+.SH "NAME"
+smoltclient_selinux \- Security Enhanced Linux Policy for the smoltclient processes
+.SH "DESCRIPTION"
@@ -83845,17 +84561,19 @@ index 0000000..df5f3e1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), smoltclient(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), smoltclient(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/snmpd_selinux.8 b/man/man8/snmpd_selinux.8
new file mode 100644
-index 0000000..9377ab8
+index 0000000..f84fb19
--- /dev/null
+++ b/man/man8/snmpd_selinux.8
-@@ -0,0 +1,204 @@
-+.TH "snmpd_selinux" "8" "snmpd" "dwalsh at redhat.com" "snmpd SELinux Policy documentation"
+@@ -0,0 +1,194 @@
++.TH "snmpd_selinux" "8" "12-10-19" "snmpd" "SELinux Policy documentation for snmpd"
+.SH "NAME"
+snmpd_selinux \- Security Enhanced Linux Policy for the snmpd processes
+.SH "DESCRIPTION"
@@ -83918,10 +84636,6 @@ index 0000000..9377ab8
+
+- Set files with the snmpd_initrc_exec_t type, if you want to transition an executable to the snmpd_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/snmpd, /etc/rc\.d/init\.d/snmptrapd
+
+.EX
+.PP
@@ -83938,10 +84652,6 @@ index 0000000..9377ab8
+
+- Set files with the snmpd_var_lib_t type, if you want to store the snmpd files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/agentx(/.*)?, /usr/share/snmp/mibs/\.index, /var/net-snmp(/.*)?, /var/lib/net-snmp(/.*)?, /var/lib/snmp(/.*)?
+
+.EX
+.PP
@@ -83950,10 +84660,6 @@ index 0000000..9377ab8
+
+- Set files with the snmpd_var_run_t type, if you want to store the snmpd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/net-snmpd(/.*)?, /var/run/snmpd\.pid, /var/run/snmpd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -84055,17 +84761,19 @@ index 0000000..9377ab8
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), snmpd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), snmpd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/snort_selinux.8 b/man/man8/snort_selinux.8
new file mode 100644
-index 0000000..5de44df
+index 0000000..67dd3c6
--- /dev/null
+++ b/man/man8/snort_selinux.8
-@@ -0,0 +1,156 @@
-+.TH "snort_selinux" "8" "snort" "dwalsh at redhat.com" "snort SELinux Policy documentation"
+@@ -0,0 +1,154 @@
++.TH "snort_selinux" "8" "12-10-19" "snort" "SELinux Policy documentation for snort"
+.SH "NAME"
+snort_selinux \- Security Enhanced Linux Policy for the snort processes
+.SH "DESCRIPTION"
@@ -84083,7 +84791,7 @@ index 0000000..5de44df
+
+The snort_t SELinux type can be entered via the "snort_exec_t" file type. The default entrypoint paths for the snort_t domain are the following:"
+
-+/usr/sbin/snort-plain, /usr/s?bin/snort
++/usr/s?bin/snort, /usr/sbin/snort-plain
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -84128,10 +84836,6 @@ index 0000000..5de44df
+
+- Set files with the snort_exec_t type, if you want to transition an executable to the snort_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/snort-plain, /usr/s?bin/snort
+
+.EX
+.PP
@@ -84217,17 +84921,19 @@ index 0000000..5de44df
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), snort(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), snort(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/sosreport_selinux.8 b/man/man8/sosreport_selinux.8
new file mode 100644
-index 0000000..d2d6e10
+index 0000000..4a5318a
--- /dev/null
+++ b/man/man8/sosreport_selinux.8
-@@ -0,0 +1,204 @@
-+.TH "sosreport_selinux" "8" "sosreport" "dwalsh at redhat.com" "sosreport SELinux Policy documentation"
+@@ -0,0 +1,206 @@
++.TH "sosreport_selinux" "8" "12-10-19" "sosreport" "SELinux Policy documentation for sosreport"
+.SH "NAME"
+sosreport_selinux \- Security Enhanced Linux Policy for the sosreport processes
+.SH "DESCRIPTION"
@@ -84365,10 +85071,10 @@ index 0000000..d2d6e10
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -84427,17 +85133,19 @@ index 0000000..d2d6e10
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), sosreport(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), sosreport(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/soundd_selinux.8 b/man/man8/soundd_selinux.8
new file mode 100644
-index 0000000..23790e5
+index 0000000..0b017fc
--- /dev/null
+++ b/man/man8/soundd_selinux.8
-@@ -0,0 +1,196 @@
-+.TH "soundd_selinux" "8" "soundd" "dwalsh at redhat.com" "soundd SELinux Policy documentation"
+@@ -0,0 +1,186 @@
++.TH "soundd_selinux" "8" "12-10-19" "soundd" "SELinux Policy documentation for soundd"
+.SH "NAME"
+soundd_selinux \- Security Enhanced Linux Policy for the soundd processes
+.SH "DESCRIPTION"
@@ -84455,7 +85163,7 @@ index 0000000..23790e5
+
+The soundd_t SELinux type can be entered via the "soundd_exec_t" file type. The default entrypoint paths for the soundd_t domain are the following:"
+
-+/usr/bin/gpe-soundserver, /usr/sbin/yiff, /usr/bin/nasd
++/usr/bin/nasd, /usr/sbin/yiff, /usr/bin/gpe-soundserver
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -84492,10 +85200,6 @@ index 0000000..23790e5
+
+- Set files with the soundd_etc_t type, if you want to store soundd files in the /etc directories.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/yiff(/.*)?, /etc/nas(/.*)?
+
+.EX
+.PP
@@ -84504,10 +85208,6 @@ index 0000000..23790e5
+
+- Set files with the soundd_exec_t type, if you want to transition an executable to the soundd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/gpe-soundserver, /usr/sbin/yiff, /usr/bin/nasd
+
+.EX
+.PP
@@ -84548,10 +85248,6 @@ index 0000000..23790e5
+
+- Set files with the soundd_var_run_t type, if you want to store the soundd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/nasd(/.*)?, /var/run/yiff-[0-9]+\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -84629,17 +85325,19 @@ index 0000000..23790e5
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), soundd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), soundd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/spamass_milter_selinux.8 b/man/man8/spamass_milter_selinux.8
new file mode 100644
-index 0000000..1bbcce2
+index 0000000..de9d080
--- /dev/null
+++ b/man/man8/spamass_milter_selinux.8
-@@ -0,0 +1,134 @@
-+.TH "spamass_milter_selinux" "8" "spamass_milter" "dwalsh at redhat.com" "spamass_milter SELinux Policy documentation"
+@@ -0,0 +1,132 @@
++.TH "spamass_milter_selinux" "8" "12-10-19" "spamass_milter" "SELinux Policy documentation for spamass_milter"
+.SH "NAME"
+spamass_milter_selinux \- Security Enhanced Linux Policy for the spamass_milter processes
+.SH "DESCRIPTION"
@@ -84694,10 +85392,6 @@ index 0000000..1bbcce2
+
+- Set files with the spamass_milter_data_t type, if you want to treat the files as spamass milter content.
+
-+.br
-+.TP 5
-+Paths:
-+/var/spool/postfix/spamass(/.*)?, /var/run/spamass(/.*)?, /var/run/spamass-milter\.pid, /var/run/spamass-milter(/.*)?
+
+.EX
+.PP
@@ -84769,17 +85463,19 @@ index 0000000..1bbcce2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), spamass_milter(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), spamass_milter(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/spamc_selinux.8 b/man/man8/spamc_selinux.8
new file mode 100644
-index 0000000..3620826
+index 0000000..3348bf0
--- /dev/null
+++ b/man/man8/spamc_selinux.8
@@ -0,0 +1,172 @@
-+.TH "spamc_selinux" "8" "spamc" "dwalsh at redhat.com" "spamc SELinux Policy documentation"
++.TH "spamc_selinux" "8" "12-10-19" "spamc" "SELinux Policy documentation for spamc"
+.SH "NAME"
+spamc_selinux \- Security Enhanced Linux Policy for the spamc processes
+.SH "DESCRIPTION"
@@ -84797,7 +85493,7 @@ index 0000000..3620826
+
+The spamc_t SELinux type can be entered via the "spamc_exec_t" file type. The default entrypoint paths for the spamc_t domain are the following:"
+
-+/usr/bin/pyzor, /usr/bin/spamc, /usr/bin/razor.*, /usr/bin/sa-learn, /usr/bin/spamassassin
++/usr/bin/razor.*, /usr/bin/spamc, /usr/bin/pyzor, /usr/bin/sa-learn, /usr/bin/spamassassin
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -84834,10 +85530,6 @@ index 0000000..3620826
+
+- Set files with the spamc_exec_t type, if you want to transition an executable to the spamc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/pyzor, /usr/bin/spamc, /usr/bin/razor.*, /usr/bin/sa-learn, /usr/bin/spamassassin
+
+.EX
+.PP
@@ -84846,10 +85538,6 @@ index 0000000..3620826
+
+- Set files with the spamc_home_t type, if you want to store spamc files in the users home directory.
+
-+.br
-+.TP 5
-+Paths:
-+/root/\.spamd(/.*)?, /root/\.pyzor(/.*)?, /root/\.razor(/.*)?, /root/\.spamassassin(/.*)?
+
+.EX
+.PP
@@ -84871,6 +85559,12 @@ index 0000000..3620826
+The SELinux process type spamc_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
++.B amavis_spool_t
++
++ /var/spool/amavisd(/.*)?
++.br
++
++.br
+.B spamass_milter_state_t
+
+ /var/lib/spamass-milter(/.*)?
@@ -84947,17 +85641,19 @@ index 0000000..3620826
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), spamc(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), spamc(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/spamd_selinux.8 b/man/man8/spamd_selinux.8
new file mode 100644
-index 0000000..c84d4bc
+index 0000000..3801e12
--- /dev/null
+++ b/man/man8/spamd_selinux.8
-@@ -0,0 +1,377 @@
-+.TH "spamd_selinux" "8" "spamd" "dwalsh at redhat.com" "spamd SELinux Policy documentation"
+@@ -0,0 +1,378 @@
++.TH "spamd_selinux" "8" "12-10-19" "spamd" "SELinux Policy documentation for spamd"
+.SH "NAME"
+spamd_selinux \- Security Enhanced Linux Policy for the spamd processes
+.SH "DESCRIPTION"
@@ -84975,7 +85671,7 @@ index 0000000..c84d4bc
+
+The spamd_t SELinux type can be entered via the "spamd_exec_t" file type. The default entrypoint paths for the spamd_t domain are the following:"
+
-+/usr/sbin/spampd, /usr/sbin/spamd, /usr/bin/mimedefang-multiplexor, /usr/bin/pyzord, /usr/bin/spamd, /usr/bin/mimedefang
++/usr/bin/spamd, /usr/sbin/spamd, /usr/bin/pyzord, /usr/sbin/spampd, /usr/bin/mimedefang, /usr/bin/mimedefang-multiplexor
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -85019,6 +85715,27 @@ index 0000000..c84d4bc
+.B setsebool -P httpd_can_check_spam 1
+.EE
+
++.PP
++If you want to allow user spamassassin clients to use the network, you must turn on the spamassassin_can_network boolean.
++
++.EX
++.B setsebool -P spamassassin_can_network 1
++.EE
++
++.PP
++If you want to allow spamd to read/write user home directories, you must turn on the spamd_enable_home_dirs boolean.
++
++.EX
++.B setsebool -P spamd_enable_home_dirs 1
++.EE
++
++.PP
++If you want to allow http daemon to check spam, you must turn on the httpd_can_check_spam boolean.
++
++.EX
++.B setsebool -P httpd_can_check_spam 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -85045,10 +85762,6 @@ index 0000000..c84d4bc
+
+- Set files with the spamd_etc_t type, if you want to store spamd files in the /etc directories.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/pyzor(/.*)?, /etc/razor(/.*)?
+
+.EX
+.PP
@@ -85057,10 +85770,6 @@ index 0000000..c84d4bc
+
+- Set files with the spamd_exec_t type, if you want to transition an executable to the spamd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/spampd, /usr/sbin/spamd, /usr/bin/mimedefang-multiplexor, /usr/bin/pyzord, /usr/bin/spamd, /usr/bin/mimedefang
+
+.EX
+.PP
@@ -85069,10 +85778,6 @@ index 0000000..c84d4bc
+
+- Set files with the spamd_initrc_exec_t type, if you want to transition an executable to the spamd_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/spampd, /etc/rc\.d/init\.d/pyzord, /etc/rc\.d/init\.d/spamd, /etc/rc\.d/init\.d/mimedefang.*
+
+.EX
+.PP
@@ -85081,10 +85786,6 @@ index 0000000..c84d4bc
+
+- Set files with the spamd_log_t type, if you want to treat the data as spamd log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/razor-agent\.log.*, /var/log/mimedefang, /var/log/pyzord\.log.*, /var/log/spamd\.log.*
+
+.EX
+.PP
@@ -85093,10 +85794,6 @@ index 0000000..c84d4bc
+
+- Set files with the spamd_spool_t type, if you want to store the spamd files under the /var/spool directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/spool/spamd(/.*)?, /var/spool/spamassassin(/.*)?, /var/spool/spampd(/.*)?
+
+.EX
+.PP
@@ -85121,10 +85818,6 @@ index 0000000..c84d4bc
+
+- Set files with the spamd_var_lib_t type, if you want to store the spamd files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/spamassassin(/.*)?, /var/lib/razor(/.*)?, /var/lib/pyzord(/.*)?
+
+.EX
+.PP
@@ -85133,10 +85826,6 @@ index 0000000..c84d4bc
+
+- Set files with the spamd_var_run_t type, if you want to store the spamd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/spamassassin(/.*)?, /var/spool/MIMEDefang(/.*)?, /var/spool/MD-Quarantine(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -85179,8 +85868,6 @@ index 0000000..c84d4bc
+.br
+ /var/lib/amavis(/.*)?
+.br
-+ /var/opt/f-secure(/.*)?
-+.br
+
+.br
+.B exim_spool_t
@@ -85237,6 +85924,14 @@ index 0000000..c84d4bc
+.br
+
+.br
++.B spamd_etc_t
++
++ /etc/pyzor(/.*)?
++.br
++ /etc/razor(/.*)?
++.br
++
++.br
+.B spamd_log_t
+
+ /var/log/spamd\.log.*
@@ -85329,19 +86024,21 @@ index 0000000..c84d4bc
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), spamd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), spamd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), spamass_milter_selinux(8), spamc_selinux(8), spamd_update_selinux(8)
\ No newline at end of file
diff --git a/man/man8/spamd_update_selinux.8 b/man/man8/spamd_update_selinux.8
new file mode 100644
-index 0000000..51de035
+index 0000000..5435e71
--- /dev/null
+++ b/man/man8/spamd_update_selinux.8
-@@ -0,0 +1,117 @@
-+.TH "spamd_update_selinux" "8" "spamd_update" "dwalsh at redhat.com" "spamd_update SELinux Policy documentation"
+@@ -0,0 +1,119 @@
++.TH "spamd_update_selinux" "8" "12-10-19" "spamd_update" "SELinux Policy documentation for spamd_update"
+.SH "NAME"
+spamd_update_selinux \- Security Enhanced Linux Policy for the spamd_update processes
+.SH "DESCRIPTION"
@@ -85453,19 +86150,21 @@ index 0000000..51de035
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), spamd_update(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), spamd_update(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, spamd_selinux(8), spamd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/squid_cron_selinux.8 b/man/man8/squid_cron_selinux.8
new file mode 100644
-index 0000000..9b57c2c
+index 0000000..2f1abca
--- /dev/null
+++ b/man/man8/squid_cron_selinux.8
-@@ -0,0 +1,101 @@
-+.TH "squid_cron_selinux" "8" "squid_cron" "dwalsh at redhat.com" "squid_cron SELinux Policy documentation"
+@@ -0,0 +1,103 @@
++.TH "squid_cron_selinux" "8" "12-10-19" "squid_cron" "SELinux Policy documentation for squid_cron"
+.SH "NAME"
+squid_cron_selinux \- Security Enhanced Linux Policy for the squid_cron processes
+.SH "DESCRIPTION"
@@ -85561,19 +86260,21 @@ index 0000000..9b57c2c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), squid_cron(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), squid_cron(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, squid_selinux(8), squid_selinux(8)
\ No newline at end of file
diff --git a/man/man8/squid_selinux.8 b/man/man8/squid_selinux.8
new file mode 100644
-index 0000000..7fbe24e
+index 0000000..87748c1
--- /dev/null
+++ b/man/man8/squid_selinux.8
-@@ -0,0 +1,310 @@
-+.TH "squid_selinux" "8" "squid" "dwalsh at redhat.com" "squid SELinux Policy documentation"
+@@ -0,0 +1,316 @@
++.TH "squid_selinux" "8" "12-10-19" "squid" "SELinux Policy documentation for squid"
+.SH "NAME"
+squid_selinux \- Security Enhanced Linux Policy for the squid processes
+.SH "DESCRIPTION"
@@ -85615,6 +86316,13 @@ index 0000000..7fbe24e
+
+
+.PP
++If you want to allow squid to connect to all ports, not just HTTP, FTP, and Gopher ports, you must turn on the squid_connect_any boolean.
++
++.EX
++.B setsebool -P squid_connect_any 1
++.EE
++
++.PP
+If you want to allow squid to run as a transparent proxy (TPROXY), you must turn on the squid_use_tproxy boolean.
+
+.EX
@@ -85628,6 +86336,13 @@ index 0000000..7fbe24e
+.B setsebool -P squid_connect_any 1
+.EE
+
++.PP
++If you want to allow squid to run as a transparent proxy (TPROXY), you must turn on the squid_use_tproxy boolean.
++
++.EX
++.B setsebool -P squid_use_tproxy 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -85646,10 +86361,6 @@ index 0000000..7fbe24e
+
+- Set files with the squid_cache_t type, if you want to store the files under the /var/cache directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lightsquid(/.*)?, /var/cache/squid(/.*)?, /var/spool/squid(/.*)?, /var/squidGuard(/.*)?
+
+.EX
+.PP
@@ -85658,10 +86369,6 @@ index 0000000..7fbe24e
+
+- Set files with the squid_conf_t type, if you want to treat the files as squid configuration data, usually stored under the /etc directory.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/lightsquid(/.*)?, /etc/squid(/.*)?, /usr/share/squid(/.*)?
+
+.EX
+.PP
@@ -85694,10 +86401,6 @@ index 0000000..7fbe24e
+
+- Set files with the squid_log_t type, if you want to treat the data as squid log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/squid(/.*)?, /var/log/squidGuard(/.*)?
+
+.EX
+.PP
@@ -85778,6 +86481,8 @@ index 0000000..7fbe24e
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -85878,19 +86583,21 @@ index 0000000..7fbe24e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), squid(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), squid(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), squid_cron_selinux(8)
\ No newline at end of file
diff --git a/man/man8/srvsvcd_selinux.8 b/man/man8/srvsvcd_selinux.8
new file mode 100644
-index 0000000..f911e32
+index 0000000..b8702d6
--- /dev/null
+++ b/man/man8/srvsvcd_selinux.8
-@@ -0,0 +1,122 @@
-+.TH "srvsvcd_selinux" "8" "srvsvcd" "dwalsh at redhat.com" "srvsvcd SELinux Policy documentation"
+@@ -0,0 +1,124 @@
++.TH "srvsvcd_selinux" "8" "12-10-19" "srvsvcd" "SELinux Policy documentation for srvsvcd"
+.SH "NAME"
+srvsvcd_selinux \- Security Enhanced Linux Policy for the srvsvcd processes
+.SH "DESCRIPTION"
@@ -86008,17 +86715,19 @@ index 0000000..f911e32
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), srvsvcd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), srvsvcd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ssh_keygen_selinux.8 b/man/man8/ssh_keygen_selinux.8
new file mode 100644
-index 0000000..218aff7
+index 0000000..10f2108
--- /dev/null
+++ b/man/man8/ssh_keygen_selinux.8
-@@ -0,0 +1,151 @@
-+.TH "ssh_keygen_selinux" "8" "ssh_keygen" "dwalsh at redhat.com" "ssh_keygen SELinux Policy documentation"
+@@ -0,0 +1,155 @@
++.TH "ssh_keygen_selinux" "8" "12-10-19" "ssh_keygen" "SELinux Policy documentation for ssh_keygen"
+.SH "NAME"
+ssh_keygen_selinux \- Security Enhanced Linux Policy for the ssh_keygen processes
+.SH "DESCRIPTION"
@@ -86090,6 +86799,8 @@ index 0000000..218aff7
+
+ /root/\.ssh(/.*)?
+.br
++ /var/lib/openshift/[^/]+/\.ssh(/.*)?
++.br
+ /var/lib/amanda/\.ssh(/.*)?
+.br
+ /var/lib/stickshift/[^/]+/\.ssh(/.*)?
@@ -86164,19 +86875,21 @@ index 0000000..218aff7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ssh_keygen(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ssh_keygen(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, ssh_selinux(8), ssh_selinux(8), ssh_keysign_selinux(8), sshd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/ssh_keysign_selinux.8 b/man/man8/ssh_keysign_selinux.8
new file mode 100644
-index 0000000..bf2202b
+index 0000000..0d9116a
--- /dev/null
+++ b/man/man8/ssh_keysign_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "ssh_keysign_selinux" "8" "ssh_keysign" "dwalsh at redhat.com" "ssh_keysign SELinux Policy documentation"
+@@ -0,0 +1,108 @@
++.TH "ssh_keysign_selinux" "8" "12-10-19" "ssh_keysign" "SELinux Policy documentation for ssh_keysign"
+.SH "NAME"
+ssh_keysign_selinux \- Security Enhanced Linux Policy for the ssh_keysign processes
+.SH "DESCRIPTION"
@@ -86224,6 +86937,13 @@ index 0000000..bf2202b
+.B setsebool -P ssh_keysign 1
+.EE
+
++.PP
++If you want to allow host key based authentication, you must turn on the ssh_keysign boolean.
++
++.EX
++.B setsebool -P ssh_keysign 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -86250,10 +86970,6 @@ index 0000000..bf2202b
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type ssh_keysign_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -86274,19 +86990,21 @@ index 0000000..bf2202b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ssh_keysign(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ssh_keysign(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), ssh_selinux(8), ssh_selinux(8), ssh_keygen_selinux(8), sshd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/ssh_selinux.8 b/man/man8/ssh_selinux.8
new file mode 100644
-index 0000000..05959fb
+index 0000000..6329ca7
--- /dev/null
+++ b/man/man8/ssh_selinux.8
-@@ -0,0 +1,359 @@
-+.TH "ssh_selinux" "8" "ssh" "dwalsh at redhat.com" "ssh SELinux Policy documentation"
+@@ -0,0 +1,386 @@
++.TH "ssh_selinux" "8" "12-10-19" "ssh" "SELinux Policy documentation for ssh"
+.SH "NAME"
+ssh_selinux \- Security Enhanced Linux Policy for the ssh processes
+.SH "DESCRIPTION"
@@ -86328,6 +87046,13 @@ index 0000000..05959fb
+
+
+.PP
++If you want to allow host key based authentication, you must turn on the ssh_keysign boolean.
++
++.EX
++.B setsebool -P ssh_keysign 1
++.EE
++
++.PP
+If you want to allow ssh with chroot env to read and write files in the user home directories, you must turn on the ssh_chroot_rw_homedirs boolean.
+
+.EX
@@ -86335,6 +87060,13 @@ index 0000000..05959fb
+.EE
+
+.PP
++If you want to allow fenced domain to execute ssh, you must turn on the fenced_can_ssh boolean.
++
++.EX
++.B setsebool -P fenced_can_ssh 1
++.EE
++
++.PP
+If you want to allow internal-sftp to read and write files in the user ssh home directories, you must turn on the sftpd_write_ssh_home boolean.
+
+.EX
@@ -86356,12 +87088,33 @@ index 0000000..05959fb
+.EE
+
+.PP
++If you want to allow ssh with chroot env to read and write files in the user home directories, you must turn on the ssh_chroot_rw_homedirs boolean.
++
++.EX
++.B setsebool -P ssh_chroot_rw_homedirs 1
++.EE
++
++.PP
+If you want to allow fenced domain to execute ssh, you must turn on the fenced_can_ssh boolean.
+
+.EX
+.B setsebool -P fenced_can_ssh 1
+.EE
+
++.PP
++If you want to allow internal-sftp to read and write files in the user ssh home directories, you must turn on the sftpd_write_ssh_home boolean.
++
++.EX
++.B setsebool -P sftpd_write_ssh_home 1
++.EE
++
++.PP
++If you want to allow ssh logins as sysadm_r:sysadm_t, you must turn on the ssh_sysadm_login boolean.
++
++.EX
++.B setsebool -P ssh_sysadm_login 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -86404,10 +87157,6 @@ index 0000000..05959fb
+
+- Set files with the ssh_home_t type, if you want to store ssh files in the users home directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/nocpulse/\.ssh(/.*)?, /var/lib/gitolite/\.ssh(/.*)?, /root/\.shosts, /var/lib/amanda/\.ssh(/.*)?, /var/lib/gitolite3/\.ssh(/.*)?, /var/lib/stickshift/[^/]+/\.ssh(/.*)?, /root/\.ssh(/.*)?
+
+.EX
+.PP
@@ -86456,10 +87205,6 @@ index 0000000..05959fb
+
+- Set files with the sshd_key_t type, if you want to treat the files as sshd key data.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_rsa_key.pub, /etc/ssh/ssh_host_dsa_key.pub, /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key, /etc/ssh/primes
+
+.EX
+.PP
@@ -86484,10 +87229,6 @@ index 0000000..05959fb
+
+- Set files with the sshd_var_run_t type, if you want to store the sshd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/sshd\.pid, /var/run/sshd\.init\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -86528,6 +87269,8 @@ index 0000000..05959fb
+
+ /root/\.ssh(/.*)?
+.br
++ /var/lib/openshift/[^/]+/\.ssh(/.*)?
++.br
+ /var/lib/amanda/\.ssh(/.*)?
+.br
+ /var/lib/stickshift/[^/]+/\.ssh(/.*)?
@@ -86640,19 +87383,21 @@ index 0000000..05959fb
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ssh(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ssh(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), ssh_keygen_selinux(8), ssh_keysign_selinux(8), sshd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/sshd_selinux.8 b/man/man8/sshd_selinux.8
new file mode 100644
-index 0000000..922fe19
+index 0000000..8ccc9e8
--- /dev/null
+++ b/man/man8/sshd_selinux.8
-@@ -0,0 +1,457 @@
-+.TH "sshd_selinux" "8" "sshd" "dwalsh at redhat.com" "sshd SELinux Policy documentation"
+@@ -0,0 +1,494 @@
++.TH "sshd_selinux" "8" "12-10-19" "sshd" "SELinux Policy documentation for sshd"
+.SH "NAME"
+sshd_selinux \- Security Enhanced Linux Policy for the sshd processes
+.SH "DESCRIPTION"
@@ -86694,6 +87439,13 @@ index 0000000..922fe19
+
+
+.PP
++If you want to allow host key based authentication, you must turn on the ssh_keysign boolean.
++
++.EX
++.B setsebool -P ssh_keysign 1
++.EE
++
++.PP
+If you want to allow ssh with chroot env to read and write files in the user home directories, you must turn on the ssh_chroot_rw_homedirs boolean.
+
+.EX
@@ -86701,6 +87453,13 @@ index 0000000..922fe19
+.EE
+
+.PP
++If you want to allow fenced domain to execute ssh, you must turn on the fenced_can_ssh boolean.
++
++.EX
++.B setsebool -P fenced_can_ssh 1
++.EE
++
++.PP
+If you want to allow internal-sftp to read and write files in the user ssh home directories, you must turn on the sftpd_write_ssh_home boolean.
+
+.EX
@@ -86722,12 +87481,33 @@ index 0000000..922fe19
+.EE
+
+.PP
++If you want to allow ssh with chroot env to read and write files in the user home directories, you must turn on the ssh_chroot_rw_homedirs boolean.
++
++.EX
++.B setsebool -P ssh_chroot_rw_homedirs 1
++.EE
++
++.PP
+If you want to allow fenced domain to execute ssh, you must turn on the fenced_can_ssh boolean.
+
+.EX
+.B setsebool -P fenced_can_ssh 1
+.EE
+
++.PP
++If you want to allow internal-sftp to read and write files in the user ssh home directories, you must turn on the sftpd_write_ssh_home boolean.
++
++.EX
++.B setsebool -P sftpd_write_ssh_home 1
++.EE
++
++.PP
++If you want to allow ssh logins as sysadm_r:sysadm_t, you must turn on the ssh_sysadm_login boolean.
++
++.EX
++.B setsebool -P ssh_sysadm_login 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -86762,10 +87542,6 @@ index 0000000..922fe19
+
+- Set files with the sshd_key_t type, if you want to treat the files as sshd key data.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_rsa_key.pub, /etc/ssh/ssh_host_dsa_key.pub, /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key, /etc/ssh/primes
+
+.EX
+.PP
@@ -86790,10 +87566,6 @@ index 0000000..922fe19
+
+- Set files with the sshd_var_run_t type, if you want to store the sshd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/sshd\.pid, /var/run/sshd\.init\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -86912,6 +87684,8 @@ index 0000000..922fe19
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -86936,6 +87710,10 @@ index 0000000..922fe19
+.br
+.B openshift_tmp_t
+
++ /var/lib/openshift/.*/\.tmp(/.*)?
++.br
++ /var/lib/openshift/.*/\.sandbox(/.*)?
++.br
+ /var/lib/stickshift/.*/\.tmp(/.*)?
+.br
+ /var/lib/stickshift/.*/\.sandbox(/.*)?
@@ -86978,6 +87756,8 @@ index 0000000..922fe19
+
+ /root/\.ssh(/.*)?
+.br
++ /var/lib/openshift/[^/]+/\.ssh(/.*)?
++.br
+ /var/lib/amanda/\.ssh(/.*)?
+.br
+ /var/lib/stickshift/[^/]+/\.ssh(/.*)?
@@ -87104,19 +87884,21 @@ index 0000000..922fe19
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), sshd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), sshd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), ssh_selinux(8), ssh_selinux(8), ssh_keygen_selinux(8), ssh_keysign_selinux(8)
\ No newline at end of file
diff --git a/man/man8/sssd_selinux.8 b/man/man8/sssd_selinux.8
new file mode 100644
-index 0000000..cace1ad
+index 0000000..6ee34ea
--- /dev/null
+++ b/man/man8/sssd_selinux.8
@@ -0,0 +1,252 @@
-+.TH "sssd_selinux" "8" "sssd" "dwalsh at redhat.com" "sssd SELinux Policy documentation"
++.TH "sssd_selinux" "8" "12-10-19" "sssd" "SELinux Policy documentation for sssd"
+.SH "NAME"
+sssd_selinux \- Security Enhanced Linux Policy for the sssd processes
+.SH "DESCRIPTION"
@@ -87195,10 +87977,6 @@ index 0000000..cace1ad
+
+- Set files with the sssd_public_t type, if you want to treat the files as sssd public data.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/sss/mc(/.*)?, /var/lib/sss/pubconf(/.*)?
+
+.EX
+.PP
@@ -87260,6 +88038,8 @@ index 0000000..cace1ad
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -87364,16 +88144,18 @@ index 0000000..cace1ad
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), sssd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), sssd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/staff_selinux.8 b/man/man8/staff_selinux.8
new file mode 100644
-index 0000000..f1f1523
+index 0000000..92aaa56
--- /dev/null
+++ b/man/man8/staff_selinux.8
-@@ -0,0 +1,574 @@
+@@ -0,0 +1,583 @@
+.TH "staff_selinux" "8" "staff" "mgrepl at redhat.com" "staff SELinux Policy documentation"
+.SH "NAME"
+staff_u \- \fBAdministrator's unprivileged user\fP - Security Enhanced Linux Policy
@@ -87564,10 +88346,10 @@ index 0000000..f1f1523
+.TP
+The SELinux user staff_u is able to listen on the following udp ports.
+
-+.B ephemeral_port_t: 32768-61000
-+
+.B all ports with out defined types
+
++.B ephemeral_port_t: 32768-61000
++
+.TP
+The SELinux user staff_u is able to connect to the following tcp ports.
+
@@ -87584,6 +88366,13 @@ index 0000000..f1f1523
+.B setsebool -P staff_use_svirt 1
+.EE
+
++.PP
++If you want to allow staff user to create and transition to svirt domains, you must turn on the staff_use_svirt boolean.
++
++.EX
++.B setsebool -P staff_use_svirt 1
++.EE
++
+.SH HOME_EXEC
+
+The SELinux user staff_u is able execute home content files.
@@ -87600,7 +88389,7 @@ index 0000000..f1f1523
+
+Execute the following to see the types that the SELinux user staff_t can execute without transitioning:
+
-+.B sesearch -A -s staff_t -c file -p execute_no_trans
++.B search -A -s staff_t -c file -p execute_no_trans
+
+.TP
+
@@ -87608,7 +88397,7 @@ index 0000000..f1f1523
+
+Execute the following to see the types that the SELinux user staff_t can execute and transition:
+
-+.B $ sesearch -A -s staff_t -c process -p transition
++.B $ search -A -s staff_t -c process -p transition
+
+
+.SH "MANAGED FILES"
@@ -87943,19 +88732,21 @@ index 0000000..f1f1523
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), staff(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), staff(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/stapserver_selinux.8 b/man/man8/stapserver_selinux.8
new file mode 100644
-index 0000000..296ab8b
+index 0000000..5ac3e75
--- /dev/null
+++ b/man/man8/stapserver_selinux.8
-@@ -0,0 +1,144 @@
-+.TH "stapserver_selinux" "8" "stapserver" "dwalsh at redhat.com" "stapserver SELinux Policy documentation"
+@@ -0,0 +1,146 @@
++.TH "stapserver_selinux" "8" "12-10-19" "stapserver" "SELinux Policy documentation for stapserver"
+.SH "NAME"
+stapserver_selinux \- Security Enhanced Linux Policy for the stapserver processes
+.SH "DESCRIPTION"
@@ -88095,17 +88886,19 @@ index 0000000..296ab8b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), stapserver(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), stapserver(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/stunnel_selinux.8 b/man/man8/stunnel_selinux.8
new file mode 100644
-index 0000000..1e88acd
+index 0000000..6d1be26
--- /dev/null
+++ b/man/man8/stunnel_selinux.8
-@@ -0,0 +1,162 @@
-+.TH "stunnel_selinux" "8" "stunnel" "dwalsh at redhat.com" "stunnel SELinux Policy documentation"
+@@ -0,0 +1,160 @@
++.TH "stunnel_selinux" "8" "12-10-19" "stunnel" "SELinux Policy documentation for stunnel"
+.SH "NAME"
+stunnel_selinux \- Security Enhanced Linux Policy for the stunnel processes
+.SH "DESCRIPTION"
@@ -88123,7 +88916,7 @@ index 0000000..1e88acd
+
+The stunnel_t SELinux type can be entered via the "stunnel_exec_t" file type. The default entrypoint paths for the stunnel_t domain are the following:"
+
-+/usr/sbin/stunnel, /usr/bin/stunnel
++/usr/bin/stunnel, /usr/sbin/stunnel
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -88168,10 +88961,6 @@ index 0000000..1e88acd
+
+- Set files with the stunnel_exec_t type, if you want to transition an executable to the stunnel_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/stunnel, /usr/bin/stunnel
+
+.EX
+.PP
@@ -88263,17 +89052,19 @@ index 0000000..1e88acd
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), stunnel(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), stunnel(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/sulogin_selinux.8 b/man/man8/sulogin_selinux.8
new file mode 100644
-index 0000000..33d3718
+index 0000000..fc4aa3c
--- /dev/null
+++ b/man/man8/sulogin_selinux.8
-@@ -0,0 +1,112 @@
-+.TH "sulogin_selinux" "8" "sulogin" "dwalsh at redhat.com" "sulogin SELinux Policy documentation"
+@@ -0,0 +1,110 @@
++.TH "sulogin_selinux" "8" "12-10-19" "sulogin" "SELinux Policy documentation for sulogin"
+.SH "NAME"
+sulogin_selinux \- Security Enhanced Linux Policy for the sulogin processes
+.SH "DESCRIPTION"
@@ -88291,7 +89082,7 @@ index 0000000..33d3718
+
+The sulogin_t SELinux type can be entered via the "sulogin_exec_t" file type. The default entrypoint paths for the sulogin_t domain are the following:"
+
-+/usr/sbin/sushell, /sbin/sulogin, /usr/sbin/sulogin, /sbin/sushell
++/sbin/sulogin, /sbin/sushell, /usr/sbin/sulogin, /usr/sbin/sushell
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -88328,10 +89119,6 @@ index 0000000..33d3718
+
+- Set files with the sulogin_exec_t type, if you want to transition an executable to the sulogin_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/sushell, /sbin/sulogin, /usr/sbin/sulogin, /sbin/sushell
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -88381,17 +89168,19 @@ index 0000000..33d3718
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), sulogin(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), sulogin(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/svc_multilog_selinux.8 b/man/man8/svc_multilog_selinux.8
new file mode 100644
-index 0000000..0fd43da
+index 0000000..6aa4f70
--- /dev/null
+++ b/man/man8/svc_multilog_selinux.8
-@@ -0,0 +1,157 @@
-+.TH "svc_multilog_selinux" "8" "svc_multilog" "dwalsh at redhat.com" "svc_multilog SELinux Policy documentation"
+@@ -0,0 +1,155 @@
++.TH "svc_multilog_selinux" "8" "12-10-19" "svc_multilog" "SELinux Policy documentation for svc_multilog"
+.SH "NAME"
+svc_multilog_selinux \- Security Enhanced Linux Policy for the svc_multilog processes
+.SH "DESCRIPTION"
@@ -88519,12 +89308,8 @@ index 0000000..0fd43da
+.br
+ /var/log/syslog
+.br
-+ /var/log/boot\.log
-+.br
+ /var/named/chroot/var/log
+.br
-+ /var/spool/plymouth/boot\.log
-+.br
+
+.SH NSSWITCH DOMAIN
+
@@ -88543,19 +89328,21 @@ index 0000000..0fd43da
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), svc_multilog(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), svc_multilog(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, svc_run_selinux(8), svc_start_selinux(8)
\ No newline at end of file
diff --git a/man/man8/svc_run_selinux.8 b/man/man8/svc_run_selinux.8
new file mode 100644
-index 0000000..dd025cb
+index 0000000..a133412
--- /dev/null
+++ b/man/man8/svc_run_selinux.8
-@@ -0,0 +1,93 @@
-+.TH "svc_run_selinux" "8" "svc_run" "dwalsh at redhat.com" "svc_run SELinux Policy documentation"
+@@ -0,0 +1,87 @@
++.TH "svc_run_selinux" "8" "12-10-19" "svc_run" "SELinux Policy documentation for svc_run"
+.SH "NAME"
+svc_run_selinux \- Security Enhanced Linux Policy for the svc_run processes
+.SH "DESCRIPTION"
@@ -88573,7 +89360,7 @@ index 0000000..dd025cb
+
+The svc_run_t SELinux type can be entered via the "svc_run_exec_t" file type. The default entrypoint paths for the svc_run_t domain are the following:"
+
-+/var/tinydns/run, /var/dnscache/log/run, /var/qmail/supervise/.*/run, /var/axfrdns/log/run, /usr/bin/setuidgid, /usr/bin/fghack, /var/tinydns/log/run, /var/service/.*/log/run, /var/axfrdns/run, /var/qmail/supervise/.*/log/run, /usr/bin/envuidgid, /usr/bin/envdir, /var/dnscache/run, /usr/bin/softlimit, /var/service/.*/run.*, /usr/bin/pgrphack, /usr/bin/setlock
++/var/service/.*/run.*, /var/service/.*/log/run, /var/qmail/supervise/.*/run, /var/qmail/supervise/.*/log/run, /usr/bin/envdir, /usr/bin/fghack, /usr/bin/setlock, /var/axfrdns/run, /var/tinydns/run, /usr/bin/pgrphack, /var/dnscache/run, /usr/bin/envuidgid, /usr/bin/setuidgid, /usr/bin/softlimit, /var/axfrdns/log/run, /var/tinydns/log/run, /var/dnscache/log/run
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -88610,10 +89397,6 @@ index 0000000..dd025cb
+
+- Set files with the svc_run_exec_t type, if you want to transition an executable to the svc_run_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/var/tinydns/run, /var/dnscache/log/run, /var/qmail/supervise/.*/run, /var/axfrdns/log/run, /usr/bin/setuidgid, /usr/bin/fghack, /var/tinydns/log/run, /var/service/.*/log/run, /var/axfrdns/run, /var/qmail/supervise/.*/log/run, /usr/bin/envuidgid, /usr/bin/envdir, /var/dnscache/run, /usr/bin/softlimit, /var/service/.*/run.*, /usr/bin/pgrphack, /usr/bin/setlock
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -88622,10 +89405,6 @@ index 0000000..dd025cb
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type svc_run_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -88643,19 +89422,21 @@ index 0000000..dd025cb
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), svc_run(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), svc_run(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, svc_multilog_selinux(8), svc_start_selinux(8)
\ No newline at end of file
diff --git a/man/man8/svc_start_selinux.8 b/man/man8/svc_start_selinux.8
new file mode 100644
-index 0000000..be0ca5c
+index 0000000..80dc649
--- /dev/null
+++ b/man/man8/svc_start_selinux.8
-@@ -0,0 +1,111 @@
-+.TH "svc_start_selinux" "8" "svc_start" "dwalsh at redhat.com" "svc_start SELinux Policy documentation"
+@@ -0,0 +1,109 @@
++.TH "svc_start_selinux" "8" "12-10-19" "svc_start" "SELinux Policy documentation for svc_start"
+.SH "NAME"
+svc_start_selinux \- Security Enhanced Linux Policy for the svc_start processes
+.SH "DESCRIPTION"
@@ -88673,7 +89454,7 @@ index 0000000..be0ca5c
+
+The svc_start_t SELinux type can be entered via the "svc_start_exec_t" file type. The default entrypoint paths for the svc_start_t domain are the following:"
+
-+/usr/bin/svok, /usr/bin/svscan, /usr/bin/svc, /usr/bin/svscanboot, /usr/bin/supervise
++/usr/bin/svc, /usr/bin/svok, /usr/bin/svscan, /usr/bin/supervise, /usr/bin/svscanboot
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -88710,10 +89491,6 @@ index 0000000..be0ca5c
+
+- Set files with the svc_start_exec_t type, if you want to transition an executable to the svc_start_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/svok, /usr/bin/svscan, /usr/bin/svc, /usr/bin/svscanboot, /usr/bin/supervise
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -88761,19 +89538,21 @@ index 0000000..be0ca5c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), svc_start(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), svc_start(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, svc_multilog_selinux(8), svc_run_selinux(8)
\ No newline at end of file
diff --git a/man/man8/svnserve_selinux.8 b/man/man8/svnserve_selinux.8
new file mode 100644
-index 0000000..70bd027
+index 0000000..32a81ff
--- /dev/null
+++ b/man/man8/svnserve_selinux.8
-@@ -0,0 +1,148 @@
-+.TH "svnserve_selinux" "8" "svnserve" "dwalsh at redhat.com" "svnserve SELinux Policy documentation"
+@@ -0,0 +1,138 @@
++.TH "svnserve_selinux" "8" "12-10-19" "svnserve" "SELinux Policy documentation for svnserve"
+.SH "NAME"
+svnserve_selinux \- Security Enhanced Linux Policy for the svnserve processes
+.SH "DESCRIPTION"
@@ -88828,10 +89607,6 @@ index 0000000..70bd027
+
+- Set files with the svnserve_content_t type, if you want to treat the files as svnserve content.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/subversion/repo(/.*)?, /var/subversion/repo(/.*)?
+
+.EX
+.PP
@@ -88856,10 +89631,6 @@ index 0000000..70bd027
+
+- Set files with the svnserve_unit_file_t type, if you want to treat the files as svnserve unit content.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/systemd/system/svnserve\.service, /lib/systemd/system/svnserve\.service
+
+.EX
+.PP
@@ -88868,10 +89639,6 @@ index 0000000..70bd027
+
+- Set files with the svnserve_var_run_t type, if you want to store the svnserve files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/svnserve(/.*)?, /var/run/svnserve.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -88917,17 +89684,19 @@ index 0000000..70bd027
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), svnserve(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), svnserve(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/swat_selinux.8 b/man/man8/swat_selinux.8
new file mode 100644
-index 0000000..46a0fbb
+index 0000000..43de01c
--- /dev/null
+++ b/man/man8/swat_selinux.8
-@@ -0,0 +1,212 @@
-+.TH "swat_selinux" "8" "swat" "dwalsh at redhat.com" "swat SELinux Policy documentation"
+@@ -0,0 +1,214 @@
++.TH "swat_selinux" "8" "12-10-19" "swat" "SELinux Policy documentation for swat"
+.SH "NAME"
+swat_selinux \- Security Enhanced Linux Policy for the swat processes
+.SH "DESCRIPTION"
@@ -89135,16 +89904,18 @@ index 0000000..46a0fbb
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), swat(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), swat(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/sysadm_selinux.8 b/man/man8/sysadm_selinux.8
new file mode 100644
-index 0000000..f5b5bf8
+index 0000000..c0224be
--- /dev/null
+++ b/man/man8/sysadm_selinux.8
-@@ -0,0 +1,514 @@
+@@ -0,0 +1,532 @@
+.TH "sysadm_selinux" "8" "sysadm" "mgrepl at redhat.com" "sysadm SELinux Policy documentation"
+.SH "NAME"
+sysadm_u \- \fBGeneral system administration role\fP - Security Enhanced Linux Policy
@@ -89274,10 +90045,10 @@ index 0000000..f5b5bf8
+.TP
+The SELinux user sysadm_u is able to listen on the following tcp ports.
+
-+.B all ports with out defined types
-+
+.B ephemeral_port_t: 32768-61000
+
++.B all ports with out defined types
++
+.TP
+The SELinux user sysadm_u is able to connect to the following tcp ports.
+
@@ -89288,10 +90059,10 @@ index 0000000..f5b5bf8
+
+.B ephemeral_port_t: 32768-61000
+
-+.B all ports with out defined types
-+
+.B ntp_port_t: 123
+
++.B all ports with out defined types
++
+.TP
+The SELinux user sysadm_u is able to connect to the following tcp ports.
+
@@ -89302,6 +90073,13 @@ index 0000000..f5b5bf8
+
+
+.PP
++If you want to allow ssh logins as sysadm_r:sysadm_t, you must turn on the ssh_sysadm_login boolean.
++
++.EX
++.B setsebool -P ssh_sysadm_login 1
++.EE
++
++.PP
+If you want to allow the graphical login program to login directly as sysadm_r:sysadm_t, you must turn on the xdm_sysadm_login boolean.
+
+.EX
@@ -89315,6 +90093,13 @@ index 0000000..f5b5bf8
+.B setsebool -P ssh_sysadm_login 1
+.EE
+
++.PP
++If you want to allow the graphical login program to login directly as sysadm_r:sysadm_t, you must turn on the xdm_sysadm_login boolean.
++
++.EX
++.B setsebool -P xdm_sysadm_login 1
++.EE
++
+.SH HOME_EXEC
+
+The SELinux user sysadm_u is able execute home content files.
@@ -89331,7 +90116,7 @@ index 0000000..f5b5bf8
+
+Execute the following to see the types that the SELinux user sysadm_t can execute without transitioning:
+
-+.B sesearch -A -s sysadm_t -c file -p execute_no_trans
++.B search -A -s sysadm_t -c file -p execute_no_trans
+
+.TP
+
@@ -89339,7 +90124,7 @@ index 0000000..f5b5bf8
+
+Execute the following to see the types that the SELinux user sysadm_t can execute and transition:
+
-+.B $ sesearch -A -s sysadm_t -c process -p transition
++.B $ search -A -s sysadm_t -c process -p transition
+
+
+.SH "MANAGED FILES"
@@ -89397,10 +90182,10 @@ index 0000000..f5b5bf8
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -89445,6 +90230,8 @@ index 0000000..f5b5bf8
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -89654,19 +90441,21 @@ index 0000000..f5b5bf8
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), sysadm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), sysadm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/syslogd_selinux.8 b/man/man8/syslogd_selinux.8
new file mode 100644
-index 0000000..d90c6a8
+index 0000000..f24d6ab
--- /dev/null
+++ b/man/man8/syslogd_selinux.8
-@@ -0,0 +1,234 @@
-+.TH "syslogd_selinux" "8" "syslogd" "dwalsh at redhat.com" "syslogd SELinux Policy documentation"
+@@ -0,0 +1,286 @@
++.TH "syslogd_selinux" "8" "12-10-19" "syslogd" "SELinux Policy documentation for syslogd"
+.SH "NAME"
+syslogd_selinux \- Security Enhanced Linux Policy for the syslogd processes
+.SH "DESCRIPTION"
@@ -89684,7 +90473,7 @@ index 0000000..d90c6a8
+
+The syslogd_t SELinux type can be entered via the "syslogd_exec_t" file type. The default entrypoint paths for the syslogd_t domain are the following:"
+
-+/usr/sbin/rsyslogd, /usr/sbin/syslog-ng, /usr/sbin/metalog, /usr/lib/systemd/systemd-journald, /usr/sbin/syslogd, /usr/sbin/minilogd, /sbin/rsyslogd, /usr/lib/systemd/systemd-kmsg-syslogd, /sbin/syslogd, /sbin/syslog-ng, /sbin/minilogd
++/sbin/syslogd, /sbin/minilogd, /sbin/rsyslogd, /sbin/syslog-ng, /usr/sbin/metalog, /usr/sbin/syslogd, /usr/sbin/minilogd, /usr/sbin/rsyslogd, /usr/sbin/syslog-ng, /usr/lib/systemd/systemd-journald, /usr/lib/systemd/systemd-kmsg-syslogd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -89721,6 +90510,20 @@ index 0000000..d90c6a8
+.B setsebool -P logging_syslogd_can_sendmail 1
+.EE
+
++.PP
++If you want to allow syslogd the ability to read/write terminals, you must turn on the logging_syslogd_use_tty boolean.
++
++.EX
++.B setsebool -P logging_syslogd_use_tty 1
++.EE
++
++.PP
++If you want to allow syslogd daemon to send mail, you must turn on the logging_syslogd_can_sendmail boolean.
++
++.EX
++.B setsebool -P logging_syslogd_can_sendmail 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -89739,10 +90542,6 @@ index 0000000..d90c6a8
+
+- Set files with the syslogd_exec_t type, if you want to transition an executable to the syslogd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/rsyslogd, /usr/sbin/syslog-ng, /usr/sbin/metalog, /usr/lib/systemd/systemd-journald, /usr/sbin/syslogd, /usr/sbin/minilogd, /sbin/rsyslogd, /usr/lib/systemd/systemd-kmsg-syslogd, /sbin/syslogd, /sbin/syslog-ng, /sbin/minilogd
+
+.EX
+.PP
@@ -89754,6 +90553,14 @@ index 0000000..d90c6a8
+
+.EX
+.PP
++.B syslogd_keytab_t
++.EE
++
++- Set files with the syslogd_keytab_t type, if you want to treat the files as kerberos keytab files.
++
++
++.EX
++.PP
+.B syslogd_tmp_t
+.EE
+
@@ -89767,10 +90574,6 @@ index 0000000..d90c6a8
+
+- Set files with the syslogd_var_lib_t type, if you want to store the syslogd files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/syslog-ng.persist, /var/lib/r?syslog(/.*)?, /var/lib/syslog-ng(/.*)?
+
+.EX
+.PP
@@ -89779,10 +90582,6 @@ index 0000000..d90c6a8
+
+- Set files with the syslogd_var_run_t type, if you want to store the syslogd files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/syslogd\.pid, /var/log/syslog-ng(/.*)?, /var/run/syslog-ng(/.*)?, /var/run/systemd/journal(/.*)?, /var/run/metalog\.pid, /var/run/log(/.*)?, /var/run/syslog-ng.ctl
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -89821,12 +90620,42 @@ index 0000000..d90c6a8
+The SELinux process type syslogd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
++.B krb5_host_rcache_t
++
++ /var/cache/krb5rcache(/.*)?
++.br
++ /var/tmp/nfs_0
++.br
++ /var/tmp/DNS_25
++.br
++ /var/tmp/host_0
++.br
++ /var/tmp/imap_0
++.br
++ /var/tmp/HTTP_23
++.br
++ /var/tmp/HTTP_48
++.br
++ /var/tmp/ldap_55
++.br
++ /var/tmp/ldap_487
++.br
++ /var/tmp/ldapmap1_0
++.br
++
++.br
+.B logfile
+
+ all log files
+.br
+
+.br
++.B security_t
++
++ /selinux
++.br
++
++.br
+.B syslogd_tmp_t
+
+
@@ -89858,6 +90687,16 @@ index 0000000..d90c6a8
+ /var/run/syslogd\.pid
+.br
+
++.br
++.B tmpfs_t
++
++ /dev/shm
++.br
++ /lib/udev/devices/shm
++.br
++ /usr/lib/udev/devices/shm
++.br
++
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -89895,19 +90734,21 @@ index 0000000..d90c6a8
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), syslogd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), syslogd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/sysstat_selinux.8 b/man/man8/sysstat_selinux.8
new file mode 100644
-index 0000000..64b45de
+index 0000000..b546652
--- /dev/null
+++ b/man/man8/sysstat_selinux.8
-@@ -0,0 +1,130 @@
-+.TH "sysstat_selinux" "8" "sysstat" "dwalsh at redhat.com" "sysstat SELinux Policy documentation"
+@@ -0,0 +1,124 @@
++.TH "sysstat_selinux" "8" "12-10-19" "sysstat" "SELinux Policy documentation for sysstat"
+.SH "NAME"
+sysstat_selinux \- Security Enhanced Linux Policy for the sysstat processes
+.SH "DESCRIPTION"
@@ -89925,7 +90766,7 @@ index 0000000..64b45de
+
+The sysstat_t SELinux type can be entered via the "sysstat_exec_t" file type. The default entrypoint paths for the sysstat_t domain are the following:"
+
-+/usr/lib/sa/sa.*, /usr/lib/sysstat/sa.*, /usr/lib/atsar/atsa.*
++/usr/lib/sa/sa.*, /usr/lib/atsar/atsa.*, /usr/lib/sysstat/sa.*
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -89962,10 +90803,6 @@ index 0000000..64b45de
+
+- Set files with the sysstat_exec_t type, if you want to transition an executable to the sysstat_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/sa/sa.*, /usr/lib/sysstat/sa.*, /usr/lib/atsar/atsa.*
+
+.EX
+.PP
@@ -89974,10 +90811,6 @@ index 0000000..64b45de
+
+- Set files with the sysstat_log_t type, if you want to treat the data as sysstat log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/opt/sartest(/.*)?, /var/log/sysstat(/.*)?, /var/log/sa(/.*)?, /var/log/atsar(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -90033,17 +90866,19 @@ index 0000000..64b45de
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), sysstat(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), sysstat(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/system_munin_plugin_selinux.8 b/man/man8/system_munin_plugin_selinux.8
new file mode 100644
-index 0000000..a9bb092
+index 0000000..f11e442
--- /dev/null
+++ b/man/man8/system_munin_plugin_selinux.8
-@@ -0,0 +1,117 @@
-+.TH "system_munin_plugin_selinux" "8" "system_munin_plugin" "dwalsh at redhat.com" "system_munin_plugin SELinux Policy documentation"
+@@ -0,0 +1,115 @@
++.TH "system_munin_plugin_selinux" "8" "12-10-19" "system_munin_plugin" "SELinux Policy documentation for system_munin_plugin"
+.SH "NAME"
+system_munin_plugin_selinux \- Security Enhanced Linux Policy for the system_munin_plugin processes
+.SH "DESCRIPTION"
@@ -90061,7 +90896,7 @@ index 0000000..a9bb092
+
+The system_munin_plugin_t SELinux type can be entered via the "system_munin_plugin_exec_t" file type. The default entrypoint paths for the system_munin_plugin_t domain are the following:"
+
-+/usr/share/munin/plugins/swap, /usr/share/munin/plugins/interrupts, /usr/share/munin/plugins/memory, /usr/share/munin/plugins/cpu.*, /usr/share/munin/plugins/yum, /usr/share/munin/plugins/load, /usr/share/munin/plugins/irqstats, /usr/share/munin/plugins/processes, /usr/share/munin/plugins/iostat.*, /usr/share/munin/plugins/nfs.*, /usr/share/munin/plugins/munin_.*, /usr/share/munin/plugins/threads, /usr/share/munin/plugins/netstat, /usr/share/munin/plugins/acpi, /usr/share/munin/plugins/forks, /usr/share/munin/plugins/uptime, /usr/share/munin/plugins/users, /usr/share/munin/plugins/proc_pri, /usr/share/munin/plugins/if_.*, /usr/share/munin/plugins/open_files
++/usr/share/munin/plugins/cpu.*, /usr/share/munin/plugins/if_.*, /usr/share/munin/plugins/nfs.*, /usr/share/munin/plugins/iostat.*, /usr/share/munin/plugins/munin_.*, /usr/share/munin/plugins/yum, /usr/share/munin/plugins/acpi, /usr/share/munin/plugins/load, /usr/share/munin/plugins/swap, /usr/share/munin/plugins/forks, /usr/share/munin/plugins/users, /usr/share/munin/plugins/memory, /usr/share/munin/plugins/uptime, /usr/share/munin/plugins/netstat, /usr/share/munin/plugins/threads, /usr/share/munin/plugins/irqstats, /usr/share/munin/plugins/proc_pri, /usr/share/munin/plugins/processes, /usr/share/munin/plugins/interrupts, /usr/share/munin/plugins/open_files
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -90098,10 +90933,6 @@ index 0000000..a9bb092
+
+- Set files with the system_munin_plugin_exec_t type, if you want to transition an executable to the system_munin_plugin_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/share/munin/plugins/swap, /usr/share/munin/plugins/interrupts, /usr/share/munin/plugins/memory, /usr/share/munin/plugins/cpu.*, /usr/share/munin/plugins/yum, /usr/share/munin/plugins/load, /usr/share/munin/plugins/irqstats, /usr/share/munin/plugins/processes, /usr/share/munin/plugins/iostat.*, /usr/share/munin/plugins/nfs.*, /usr/share/munin/plugins/munin_.*, /usr/share/munin/plugins/threads, /usr/share/munin/plugins/netstat, /usr/share/munin/plugins/acpi, /usr/share/munin/plugins/forks, /usr/share/munin/plugins/uptime, /usr/share/munin/plugins/users, /usr/share/munin/plugins/proc_pri, /usr/share/munin/plugins/if_.*, /usr/share/munin/plugins/open_files
+
+.EX
+.PP
@@ -90155,19 +90986,21 @@ index 0000000..a9bb092
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), system_munin_plugin(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), system_munin_plugin(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, systemd_logger_selinux(8), systemd_logind_selinux(8), systemd_notify_selinux(8), systemd_passwd_agent_selinux(8), systemd_tmpfiles_selinux(8)
\ No newline at end of file
diff --git a/man/man8/systemd_logger_selinux.8 b/man/man8/systemd_logger_selinux.8
new file mode 100644
-index 0000000..ae822c51
+index 0000000..cf29c01
--- /dev/null
+++ b/man/man8/systemd_logger_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "systemd_logger_selinux" "8" "systemd_logger" "dwalsh at redhat.com" "systemd_logger SELinux Policy documentation"
+@@ -0,0 +1,101 @@
++.TH "systemd_logger_selinux" "8" "12-10-19" "systemd_logger" "SELinux Policy documentation for systemd_logger"
+.SH "NAME"
+systemd_logger_selinux \- Security Enhanced Linux Policy for the systemd_logger processes
+.SH "DESCRIPTION"
@@ -90230,10 +91063,6 @@ index 0000000..ae822c51
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type systemd_logger_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -90265,19 +91094,21 @@ index 0000000..ae822c51
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), systemd_logger(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), systemd_logger(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, systemd_logind_selinux(8), systemd_notify_selinux(8), systemd_passwd_agent_selinux(8), systemd_tmpfiles_selinux(8)
\ No newline at end of file
diff --git a/man/man8/systemd_logind_selinux.8 b/man/man8/systemd_logind_selinux.8
new file mode 100644
-index 0000000..652cae2
+index 0000000..9cd08b5
--- /dev/null
+++ b/man/man8/systemd_logind_selinux.8
-@@ -0,0 +1,137 @@
-+.TH "systemd_logind_selinux" "8" "systemd_logind" "dwalsh at redhat.com" "systemd_logind SELinux Policy documentation"
+@@ -0,0 +1,249 @@
++.TH "systemd_logind_selinux" "8" "12-10-19" "systemd_logind" "SELinux Policy documentation for systemd_logind"
+.SH "NAME"
+systemd_logind_selinux \- Security Enhanced Linux Policy for the systemd_logind processes
+.SH "DESCRIPTION"
@@ -90293,9 +91124,9 @@ index 0000000..652cae2
+
+.SH "ENTRYPOINTS"
+
-+The systemd_logind_t SELinux type can be entered via the "proc_type,file_type,mtrr_device_t,sysctl_type,filesystem_type,systemd_logind_exec_t,unlabeled_t" file types. The default entrypoint paths for the systemd_logind_t domain are the following:"
++The systemd_logind_t SELinux type can be entered via the "systemd_logind_exec_t" file type. The default entrypoint paths for the systemd_logind_t domain are the following:"
+
-+/dev/cpu/mtrr, /usr/lib/systemd/systemd-logind
++/usr/lib/systemd/systemd-logind
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -90356,10 +91187,6 @@ index 0000000..652cae2
+
+- Set files with the systemd_logind_var_run_t type, if you want to store the systemd logind files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/nologin, /var/run/systemd/users(/.*)?, /var/run/systemd/seats(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -90373,9 +91200,123 @@ index 0000000..652cae2
+The SELinux process type systemd_logind_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
+
+.br
-+.B file_type
++.B cgroup_t
+
-+ all files on the system
++ /cgroup
++.br
++ /sys/fs/cgroup
++.br
++
++.br
++.B config_home_t
++
++ /root/\.kde(/.*)?
++.br
++ /root/\.xine(/.*)?
++.br
++ /root/\.config(/.*)?
++.br
++ /var/run/user/[^/]*/dconf(/.*)?
++.br
++ /root/\.Xdefaults
++.br
++ /home/[^/]*/\.kde(/.*)?
++.br
++ /home/[^/]*/\.xine(/.*)?
++.br
++ /home/[^/]*/\.config(/.*)?
++.br
++ /home/[^/]*/\.Xdefaults
++.br
++ /home/dwalsh/\.kde(/.*)?
++.br
++ /home/dwalsh/\.xine(/.*)?
++.br
++ /home/dwalsh/\.config(/.*)?
++.br
++ /home/dwalsh/\.Xdefaults
++.br
++ /var/lib/xguest/home/xguest/\.kde(/.*)?
++.br
++ /var/lib/xguest/home/xguest/\.xine(/.*)?
++.br
++ /var/lib/xguest/home/xguest/\.config(/.*)?
++.br
++ /var/lib/xguest/home/xguest/\.Xdefaults
++.br
++
++.br
++.B sysfs_t
++
++ /sys(/.*)?
++.br
++
++.br
++.B systemd_logind_inhibit_var_run_t
++
++ /var/run/systemd/inhibit(/.*)?
++.br
++
++.br
++.B systemd_logind_sessions_t
++
++ /var/run/systemd/sessions(/.*)?
++.br
++
++.br
++.B systemd_logind_var_run_t
++
++ /var/run/systemd/seats(/.*)?
++.br
++ /var/run/systemd/users(/.*)?
++.br
++ /var/run/nologin
++.br
++
++.br
++.B systemd_passwd_var_run_t
++
++ /var/run/systemd/ask-password(/.*)?
++.br
++ /var/run/systemd/ask-password-block(/.*)?
++.br
++
++.br
++.B udev_rules_t
++
++ /etc/udev/rules.d(/.*)?
++.br
++
++.br
++.B user_tmp_t
++
++ /var/run/user(/.*)?
++.br
++ /tmp/gconfd-.*
++.br
++ /tmp/gconfd-dwalsh
++.br
++ /tmp/gconfd-xguest
++.br
++
++.br
++.B var_auth_t
++
++ /var/ace(/.*)?
++.br
++ /var/rsa(/.*)?
++.br
++ /var/lib/abl(/.*)?
++.br
++ /var/lib/rsa(/.*)?
++.br
++ /var/lib/pam_ssh(/.*)?
++.br
++ /var/run/pam_ssh(/.*)?
++.br
++ /var/lib/pam_shield(/.*)?
++.br
++ /var/lib/google-authenticator(/.*)?
+.br
+
+.SH NSSWITCH DOMAIN
@@ -90409,19 +91350,21 @@ index 0000000..652cae2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), systemd_logind(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), systemd_logind(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, systemd_logger_selinux(8), systemd_notify_selinux(8), systemd_passwd_agent_selinux(8), systemd_tmpfiles_selinux(8)
\ No newline at end of file
diff --git a/man/man8/systemd_notify_selinux.8 b/man/man8/systemd_notify_selinux.8
new file mode 100644
-index 0000000..5b14284
+index 0000000..76b612b
--- /dev/null
+++ b/man/man8/systemd_notify_selinux.8
-@@ -0,0 +1,115 @@
-+.TH "systemd_notify_selinux" "8" "systemd_notify" "dwalsh at redhat.com" "systemd_notify SELinux Policy documentation"
+@@ -0,0 +1,113 @@
++.TH "systemd_notify_selinux" "8" "12-10-19" "systemd_notify" "SELinux Policy documentation for systemd_notify"
+.SH "NAME"
+systemd_notify_selinux \- Security Enhanced Linux Policy for the systemd_notify processes
+.SH "DESCRIPTION"
@@ -90439,7 +91382,7 @@ index 0000000..5b14284
+
+The systemd_notify_t SELinux type can be entered via the "systemd_notify_exec_t" file type. The default entrypoint paths for the systemd_notify_t domain are the following:"
+
-+/usr/bin/systemd-notify, /bin/systemd-notify
++/bin/systemd-notify, /usr/bin/systemd-notify
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -90476,10 +91419,6 @@ index 0000000..5b14284
+
+- Set files with the systemd_notify_exec_t type, if you want to transition an executable to the systemd_notify_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/systemd-notify, /bin/systemd-notify
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -90531,19 +91470,21 @@ index 0000000..5b14284
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), systemd_notify(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), systemd_notify(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, systemd_logger_selinux(8), systemd_logind_selinux(8), systemd_passwd_agent_selinux(8), systemd_tmpfiles_selinux(8)
\ No newline at end of file
diff --git a/man/man8/systemd_passwd_agent_selinux.8 b/man/man8/systemd_passwd_agent_selinux.8
new file mode 100644
-index 0000000..f9eeb7e
+index 0000000..213d1f3
--- /dev/null
+++ b/man/man8/systemd_passwd_agent_selinux.8
-@@ -0,0 +1,115 @@
-+.TH "systemd_passwd_agent_selinux" "8" "systemd_passwd_agent" "dwalsh at redhat.com" "systemd_passwd_agent SELinux Policy documentation"
+@@ -0,0 +1,113 @@
++.TH "systemd_passwd_agent_selinux" "8" "12-10-19" "systemd_passwd_agent" "SELinux Policy documentation for systemd_passwd_agent"
+.SH "NAME"
+systemd_passwd_agent_selinux \- Security Enhanced Linux Policy for the systemd_passwd_agent processes
+.SH "DESCRIPTION"
@@ -90561,7 +91502,7 @@ index 0000000..f9eeb7e
+
+The systemd_passwd_agent_t SELinux type can be entered via the "systemd_passwd_agent_exec_t" file type. The default entrypoint paths for the systemd_passwd_agent_t domain are the following:"
+
-+/bin/systemd-tty-ask-password-agent, /usr/bin/systemd-gnome-ask-password-agent, /usr/bin/systemd-tty-ask-password-agent
++/bin/systemd-tty-ask-password-agent, /usr/bin/systemd-tty-ask-password-agent, /usr/bin/systemd-gnome-ask-password-agent
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -90598,10 +91539,6 @@ index 0000000..f9eeb7e
+
+- Set files with the systemd_passwd_agent_exec_t type, if you want to transition an executable to the systemd_passwd_agent_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/bin/systemd-tty-ask-password-agent, /usr/bin/systemd-gnome-ask-password-agent, /usr/bin/systemd-tty-ask-password-agent
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -90653,19 +91590,21 @@ index 0000000..f9eeb7e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), systemd_passwd_agent(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), systemd_passwd_agent(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, systemd_logger_selinux(8), systemd_logind_selinux(8), systemd_notify_selinux(8), systemd_tmpfiles_selinux(8)
\ No newline at end of file
diff --git a/man/man8/systemd_tmpfiles_selinux.8 b/man/man8/systemd_tmpfiles_selinux.8
new file mode 100644
-index 0000000..f4aeccc
+index 0000000..be38904
--- /dev/null
+++ b/man/man8/systemd_tmpfiles_selinux.8
-@@ -0,0 +1,191 @@
-+.TH "systemd_tmpfiles_selinux" "8" "systemd_tmpfiles" "dwalsh at redhat.com" "systemd_tmpfiles SELinux Policy documentation"
+@@ -0,0 +1,187 @@
++.TH "systemd_tmpfiles_selinux" "8" "12-10-19" "systemd_tmpfiles" "SELinux Policy documentation for systemd_tmpfiles"
+.SH "NAME"
+systemd_tmpfiles_selinux \- Security Enhanced Linux Policy for the systemd_tmpfiles processes
+.SH "DESCRIPTION"
@@ -90683,7 +91622,7 @@ index 0000000..f4aeccc
+
+The systemd_tmpfiles_t SELinux type can be entered via the "systemd_tmpfiles_exec_t" file type. The default entrypoint paths for the systemd_tmpfiles_t domain are the following:"
+
-+/usr/bin/systemd-tmpfiles, /bin/systemd-tmpfiles, /usr/lib/systemd/systemd-tmpfiles
++/bin/systemd-tmpfiles, /usr/bin/systemd-tmpfiles, /usr/lib/systemd/systemd-tmpfiles
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -90720,10 +91659,6 @@ index 0000000..f4aeccc
+
+- Set files with the systemd_tmpfiles_exec_t type, if you want to transition an executable to the systemd_tmpfiles_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/systemd-tmpfiles, /bin/systemd-tmpfiles, /usr/lib/systemd/systemd-tmpfiles
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -90763,8 +91698,6 @@ index 0000000..f4aeccc
+.br
+ /usr/X11R6/man(/.*)?
+.br
-+ /var/cache/man(/.*)?
-+.br
+ /usr/lib/perl5/man(/.*)?
+.br
+
@@ -90851,19 +91784,21 @@ index 0000000..f4aeccc
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), systemd_tmpfiles(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), systemd_tmpfiles(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, systemd_logger_selinux(8), systemd_logind_selinux(8), systemd_notify_selinux(8), systemd_passwd_agent_selinux(8)
\ No newline at end of file
diff --git a/man/man8/tcpd_selinux.8 b/man/man8/tcpd_selinux.8
new file mode 100644
-index 0000000..fbccb45
+index 0000000..7b17b7e
--- /dev/null
+++ b/man/man8/tcpd_selinux.8
-@@ -0,0 +1,129 @@
-+.TH "tcpd_selinux" "8" "tcpd" "dwalsh at redhat.com" "tcpd SELinux Policy documentation"
+@@ -0,0 +1,152 @@
++.TH "tcpd_selinux" "8" "12-10-19" "tcpd" "SELinux Policy documentation for tcpd"
+.SH "NAME"
+tcpd_selinux \- Security Enhanced Linux Policy for the tcpd processes
+.SH "DESCRIPTION"
@@ -90905,10 +91840,10 @@ index 0000000..fbccb45
+
+
+.PP
-+If you want to allow the Telepathy connection managers to connect to any generic TCP port, you must turn on the telepathy_tcp_connect_generic_network_ports boolean.
++If you want to allow all daemons to use tcp wrappers, you must turn on the daemons_use_tcp_wrapper boolean.
+
+.EX
-+.B setsebool -P telepathy_tcp_connect_generic_network_ports 1
++.B setsebool -P daemons_use_tcp_wrapper 1
+.EE
+
+.PP
@@ -90919,12 +91854,33 @@ index 0000000..fbccb45
+.EE
+
+.PP
++If you want to allow the Telepathy connection managers to connect to any generic TCP port, you must turn on the telepathy_tcp_connect_generic_network_ports boolean.
++
++.EX
++.B setsebool -P telepathy_tcp_connect_generic_network_ports 1
++.EE
++
++.PP
+If you want to allow all daemons to use tcp wrappers, you must turn on the daemons_use_tcp_wrapper boolean.
+
+.EX
+.B setsebool -P daemons_use_tcp_wrapper 1
+.EE
+
++.PP
++If you want to allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols, you must turn on the selinuxuser_tcp_server boolean.
++
++.EX
++.B setsebool -P selinuxuser_tcp_server 1
++.EE
++
++.PP
++If you want to allow the Telepathy connection managers to connect to any generic TCP port, you must turn on the telepathy_tcp_connect_generic_network_ports boolean.
++
++.EX
++.B setsebool -P telepathy_tcp_connect_generic_network_ports 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -90987,19 +91943,21 @@ index 0000000..fbccb45
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), tcpd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), tcpd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/tcsd_selinux.8 b/man/man8/tcsd_selinux.8
new file mode 100644
-index 0000000..10ef7e3
+index 0000000..67c80eb
--- /dev/null
+++ b/man/man8/tcsd_selinux.8
-@@ -0,0 +1,150 @@
-+.TH "tcsd_selinux" "8" "tcsd" "dwalsh at redhat.com" "tcsd SELinux Policy documentation"
+@@ -0,0 +1,152 @@
++.TH "tcsd_selinux" "8" "12-10-19" "tcsd" "SELinux Policy documentation for tcsd"
+.SH "NAME"
+tcsd_selinux \- Security Enhanced Linux Policy for the tcsd processes
+.SH "DESCRIPTION"
@@ -91145,17 +92103,19 @@ index 0000000..10ef7e3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), tcsd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), tcsd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/telepathy_gabble_selinux.8 b/man/man8/telepathy_gabble_selinux.8
new file mode 100644
-index 0000000..9daffb0
+index 0000000..36f9ed7
--- /dev/null
+++ b/man/man8/telepathy_gabble_selinux.8
-@@ -0,0 +1,191 @@
-+.TH "telepathy_gabble_selinux" "8" "telepathy_gabble" "dwalsh at redhat.com" "telepathy_gabble SELinux Policy documentation"
+@@ -0,0 +1,193 @@
++.TH "telepathy_gabble_selinux" "8" "12-10-19" "telepathy_gabble" "SELinux Policy documentation for telepathy_gabble"
+.SH "NAME"
+telepathy_gabble_selinux \- Security Enhanced Linux Policy for the telepathy_gabble processes
+.SH "DESCRIPTION"
@@ -91341,19 +92301,21 @@ index 0000000..9daffb0
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), telepathy_gabble(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), telepathy_gabble(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, telepathy_idle_selinux(8), telepathy_logger_selinux(8), telepathy_mission_control_selinux(8), telepathy_msn_selinux(8), telepathy_salut_selinux(8), telepathy_sofiasip_selinux(8), telepathy_stream_engine_selinux(8), telepathy_sunshine_selinux(8)
\ No newline at end of file
diff --git a/man/man8/telepathy_idle_selinux.8 b/man/man8/telepathy_idle_selinux.8
new file mode 100644
-index 0000000..971c379
+index 0000000..97b9c76
--- /dev/null
+++ b/man/man8/telepathy_idle_selinux.8
-@@ -0,0 +1,129 @@
-+.TH "telepathy_idle_selinux" "8" "telepathy_idle" "dwalsh at redhat.com" "telepathy_idle SELinux Policy documentation"
+@@ -0,0 +1,131 @@
++.TH "telepathy_idle_selinux" "8" "12-10-19" "telepathy_idle" "SELinux Policy documentation for telepathy_idle"
+.SH "NAME"
+telepathy_idle_selinux \- Security Enhanced Linux Policy for the telepathy_idle processes
+.SH "DESCRIPTION"
@@ -91477,19 +92439,21 @@ index 0000000..971c379
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), telepathy_idle(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), telepathy_idle(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, telepathy_gabble_selinux(8), telepathy_logger_selinux(8), telepathy_mission_control_selinux(8), telepathy_msn_selinux(8), telepathy_salut_selinux(8), telepathy_sofiasip_selinux(8), telepathy_stream_engine_selinux(8), telepathy_sunshine_selinux(8)
\ No newline at end of file
diff --git a/man/man8/telepathy_logger_selinux.8 b/man/man8/telepathy_logger_selinux.8
new file mode 100644
-index 0000000..d7db537
+index 0000000..e6fb76c
--- /dev/null
+++ b/man/man8/telepathy_logger_selinux.8
-@@ -0,0 +1,203 @@
-+.TH "telepathy_logger_selinux" "8" "telepathy_logger" "dwalsh at redhat.com" "telepathy_logger SELinux Policy documentation"
+@@ -0,0 +1,205 @@
++.TH "telepathy_logger_selinux" "8" "12-10-19" "telepathy_logger" "SELinux Policy documentation for telepathy_logger"
+.SH "NAME"
+telepathy_logger_selinux \- Security Enhanced Linux Policy for the telepathy_logger processes
+.SH "DESCRIPTION"
@@ -91687,19 +92651,21 @@ index 0000000..d7db537
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), telepathy_logger(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), telepathy_logger(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, telepathy_gabble_selinux(8), telepathy_idle_selinux(8), telepathy_mission_control_selinux(8), telepathy_msn_selinux(8), telepathy_salut_selinux(8), telepathy_sofiasip_selinux(8), telepathy_stream_engine_selinux(8), telepathy_sunshine_selinux(8)
\ No newline at end of file
diff --git a/man/man8/telepathy_mission_control_selinux.8 b/man/man8/telepathy_mission_control_selinux.8
new file mode 100644
-index 0000000..5ce02c3
+index 0000000..37acdf9
--- /dev/null
+++ b/man/man8/telepathy_mission_control_selinux.8
-@@ -0,0 +1,221 @@
-+.TH "telepathy_mission_control_selinux" "8" "telepathy_mission_control" "dwalsh at redhat.com" "telepathy_mission_control SELinux Policy documentation"
+@@ -0,0 +1,223 @@
++.TH "telepathy_mission_control_selinux" "8" "12-10-19" "telepathy_mission_control" "SELinux Policy documentation for telepathy_mission_control"
+.SH "NAME"
+telepathy_mission_control_selinux \- Security Enhanced Linux Policy for the telepathy_mission_control processes
+.SH "DESCRIPTION"
@@ -91915,19 +92881,21 @@ index 0000000..5ce02c3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), telepathy_mission_control(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), telepathy_mission_control(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, telepathy_gabble_selinux(8), telepathy_idle_selinux(8), telepathy_logger_selinux(8), telepathy_msn_selinux(8), telepathy_salut_selinux(8), telepathy_sofiasip_selinux(8), telepathy_stream_engine_selinux(8), telepathy_sunshine_selinux(8)
\ No newline at end of file
diff --git a/man/man8/telepathy_msn_selinux.8 b/man/man8/telepathy_msn_selinux.8
new file mode 100644
-index 0000000..31f72d7
+index 0000000..c884e74
--- /dev/null
+++ b/man/man8/telepathy_msn_selinux.8
-@@ -0,0 +1,137 @@
-+.TH "telepathy_msn_selinux" "8" "telepathy_msn" "dwalsh at redhat.com" "telepathy_msn SELinux Policy documentation"
+@@ -0,0 +1,135 @@
++.TH "telepathy_msn_selinux" "8" "12-10-19" "telepathy_msn" "SELinux Policy documentation for telepathy_msn"
+.SH "NAME"
+telepathy_msn_selinux \- Security Enhanced Linux Policy for the telepathy_msn processes
+.SH "DESCRIPTION"
@@ -91945,7 +92913,7 @@ index 0000000..31f72d7
+
+The telepathy_msn_t SELinux type can be entered via the "telepathy_msn_exec_t" file type. The default entrypoint paths for the telepathy_msn_t domain are the following:"
+
-+/usr/libexec/telepathy-butterfly, /usr/libexec/telepathy-haze
++/usr/libexec/telepathy-haze, /usr/libexec/telepathy-butterfly
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -91982,10 +92950,6 @@ index 0000000..31f72d7
+
+- Set files with the telepathy_msn_exec_t type, if you want to transition an executable to the telepathy_msn_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/libexec/telepathy-butterfly, /usr/libexec/telepathy-haze
+
+.EX
+.PP
@@ -92059,19 +93023,21 @@ index 0000000..31f72d7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), telepathy_msn(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), telepathy_msn(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, telepathy_gabble_selinux(8), telepathy_idle_selinux(8), telepathy_logger_selinux(8), telepathy_mission_control_selinux(8), telepathy_salut_selinux(8), telepathy_sofiasip_selinux(8), telepathy_stream_engine_selinux(8), telepathy_sunshine_selinux(8)
\ No newline at end of file
diff --git a/man/man8/telepathy_salut_selinux.8 b/man/man8/telepathy_salut_selinux.8
new file mode 100644
-index 0000000..99807a4
+index 0000000..ae11a5f
--- /dev/null
+++ b/man/man8/telepathy_salut_selinux.8
-@@ -0,0 +1,129 @@
-+.TH "telepathy_salut_selinux" "8" "telepathy_salut" "dwalsh at redhat.com" "telepathy_salut SELinux Policy documentation"
+@@ -0,0 +1,131 @@
++.TH "telepathy_salut_selinux" "8" "12-10-19" "telepathy_salut" "SELinux Policy documentation for telepathy_salut"
+.SH "NAME"
+telepathy_salut_selinux \- Security Enhanced Linux Policy for the telepathy_salut processes
+.SH "DESCRIPTION"
@@ -92195,19 +93161,21 @@ index 0000000..99807a4
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), telepathy_salut(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), telepathy_salut(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, telepathy_gabble_selinux(8), telepathy_idle_selinux(8), telepathy_logger_selinux(8), telepathy_mission_control_selinux(8), telepathy_msn_selinux(8), telepathy_sofiasip_selinux(8), telepathy_stream_engine_selinux(8), telepathy_sunshine_selinux(8)
\ No newline at end of file
diff --git a/man/man8/telepathy_sofiasip_selinux.8 b/man/man8/telepathy_sofiasip_selinux.8
new file mode 100644
-index 0000000..ff0e3cc
+index 0000000..72e0b76
--- /dev/null
+++ b/man/man8/telepathy_sofiasip_selinux.8
-@@ -0,0 +1,129 @@
-+.TH "telepathy_sofiasip_selinux" "8" "telepathy_sofiasip" "dwalsh at redhat.com" "telepathy_sofiasip SELinux Policy documentation"
+@@ -0,0 +1,131 @@
++.TH "telepathy_sofiasip_selinux" "8" "12-10-19" "telepathy_sofiasip" "SELinux Policy documentation for telepathy_sofiasip"
+.SH "NAME"
+telepathy_sofiasip_selinux \- Security Enhanced Linux Policy for the telepathy_sofiasip processes
+.SH "DESCRIPTION"
@@ -92331,19 +93299,21 @@ index 0000000..ff0e3cc
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), telepathy_sofiasip(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), telepathy_sofiasip(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, telepathy_gabble_selinux(8), telepathy_idle_selinux(8), telepathy_logger_selinux(8), telepathy_mission_control_selinux(8), telepathy_msn_selinux(8), telepathy_salut_selinux(8), telepathy_stream_engine_selinux(8), telepathy_sunshine_selinux(8)
\ No newline at end of file
diff --git a/man/man8/telepathy_stream_engine_selinux.8 b/man/man8/telepathy_stream_engine_selinux.8
new file mode 100644
-index 0000000..692ac39
+index 0000000..d13402c
--- /dev/null
+++ b/man/man8/telepathy_stream_engine_selinux.8
-@@ -0,0 +1,129 @@
-+.TH "telepathy_stream_engine_selinux" "8" "telepathy_stream_engine" "dwalsh at redhat.com" "telepathy_stream_engine SELinux Policy documentation"
+@@ -0,0 +1,131 @@
++.TH "telepathy_stream_engine_selinux" "8" "12-10-19" "telepathy_stream_engine" "SELinux Policy documentation for telepathy_stream_engine"
+.SH "NAME"
+telepathy_stream_engine_selinux \- Security Enhanced Linux Policy for the telepathy_stream_engine processes
+.SH "DESCRIPTION"
@@ -92467,19 +93437,21 @@ index 0000000..692ac39
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), telepathy_stream_engine(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), telepathy_stream_engine(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, telepathy_gabble_selinux(8), telepathy_idle_selinux(8), telepathy_logger_selinux(8), telepathy_mission_control_selinux(8), telepathy_msn_selinux(8), telepathy_salut_selinux(8), telepathy_sofiasip_selinux(8), telepathy_sunshine_selinux(8)
\ No newline at end of file
diff --git a/man/man8/telepathy_sunshine_selinux.8 b/man/man8/telepathy_sunshine_selinux.8
new file mode 100644
-index 0000000..c26b9f1
+index 0000000..eef7f80
--- /dev/null
+++ b/man/man8/telepathy_sunshine_selinux.8
-@@ -0,0 +1,151 @@
-+.TH "telepathy_sunshine_selinux" "8" "telepathy_sunshine" "dwalsh at redhat.com" "telepathy_sunshine SELinux Policy documentation"
+@@ -0,0 +1,153 @@
++.TH "telepathy_sunshine_selinux" "8" "12-10-19" "telepathy_sunshine" "SELinux Policy documentation for telepathy_sunshine"
+.SH "NAME"
+telepathy_sunshine_selinux \- Security Enhanced Linux Policy for the telepathy_sunshine processes
+.SH "DESCRIPTION"
@@ -92625,19 +93597,21 @@ index 0000000..c26b9f1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), telepathy_sunshine(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), telepathy_sunshine(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, telepathy_gabble_selinux(8), telepathy_idle_selinux(8), telepathy_logger_selinux(8), telepathy_mission_control_selinux(8), telepathy_msn_selinux(8), telepathy_salut_selinux(8), telepathy_sofiasip_selinux(8), telepathy_stream_engine_selinux(8)
\ No newline at end of file
diff --git a/man/man8/telnetd_selinux.8 b/man/man8/telnetd_selinux.8
new file mode 100644
-index 0000000..767d7d3
+index 0000000..d94b011
--- /dev/null
+++ b/man/man8/telnetd_selinux.8
@@ -0,0 +1,222 @@
-+.TH "telnetd_selinux" "8" "telnetd" "dwalsh at redhat.com" "telnetd SELinux Policy documentation"
++.TH "telnetd_selinux" "8" "12-10-19" "telnetd" "SELinux Policy documentation for telnetd"
+.SH "NAME"
+telnetd_selinux \- Security Enhanced Linux Policy for the telnetd processes
+.SH "DESCRIPTION"
@@ -92655,7 +93629,7 @@ index 0000000..767d7d3
+
+The telnetd_t SELinux type can be entered via the "telnetd_exec_t" file type. The default entrypoint paths for the telnetd_t domain are the following:"
+
-+/usr/kerberos/sbin/telnetd, /usr/sbin/in\.telnetd
++/usr/sbin/in\.telnetd, /usr/kerberos/sbin/telnetd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -92692,10 +93666,6 @@ index 0000000..767d7d3
+
+- Set files with the telnetd_exec_t type, if you want to transition an executable to the telnetd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/kerberos/sbin/telnetd, /usr/sbin/in\.telnetd
+
+.EX
+.PP
@@ -92774,6 +93744,8 @@ index 0000000..767d7d3
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -92855,17 +93827,19 @@ index 0000000..767d7d3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), telnetd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), telnetd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/tftpd_selinux.8 b/man/man8/tftpd_selinux.8
new file mode 100644
-index 0000000..1181d2e
+index 0000000..7f3f50e
--- /dev/null
+++ b/man/man8/tftpd_selinux.8
-@@ -0,0 +1,204 @@
-+.TH "tftpd_selinux" "8" "tftpd" "dwalsh at redhat.com" "tftpd SELinux Policy documentation"
+@@ -0,0 +1,205 @@
++.TH "tftpd_selinux" "8" "12-10-19" "tftpd" "SELinux Policy documentation for tftpd"
+.SH "NAME"
+tftpd_selinux \- Security Enhanced Linux Policy for the tftpd processes
+.SH "DESCRIPTION"
@@ -92883,7 +93857,7 @@ index 0000000..1181d2e
+
+The tftpd_t SELinux type can be entered via the "tftpd_exec_t" file type. The default entrypoint paths for the tftpd_t domain are the following:"
+
-+/usr/sbin/in\.tftpd, /usr/sbin/atftpd
++/usr/sbin/atftpd, /usr/sbin/in\.tftpd
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -92928,6 +93902,13 @@ index 0000000..1181d2e
+.B setsebool -P tftp_anon_write 1
+.EE
+
++.PP
++If you want to allow tftp to modify public files used for public file transfer services., you must turn on the tftp_anon_write boolean.
++
++.EX
++.B setsebool -P tftp_anon_write 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -92954,10 +93935,6 @@ index 0000000..1181d2e
+
+- Set files with the tftpd_exec_t type, if you want to transition an executable to the tftpd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/in\.tftpd, /usr/sbin/atftpd
+
+.EX
+.PP
@@ -92982,10 +93959,6 @@ index 0000000..1181d2e
+
+- Set files with the tftpdir_t type, if you want to treat the files as tftpdir data.
+
-+.br
-+.TP 5
-+Paths:
-+/tftpboot/.*, /tftpboot
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -93065,17 +94038,19 @@ index 0000000..1181d2e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), tftpd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), tftpd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/tgtd_selinux.8 b/man/man8/tgtd_selinux.8
new file mode 100644
-index 0000000..797d38e
+index 0000000..5ca763c
--- /dev/null
+++ b/man/man8/tgtd_selinux.8
-@@ -0,0 +1,144 @@
-+.TH "tgtd_selinux" "8" "tgtd" "dwalsh at redhat.com" "tgtd SELinux Policy documentation"
+@@ -0,0 +1,146 @@
++.TH "tgtd_selinux" "8" "12-10-19" "tgtd" "SELinux Policy documentation for tgtd"
+.SH "NAME"
+tgtd_selinux \- Security Enhanced Linux Policy for the tgtd processes
+.SH "DESCRIPTION"
@@ -93215,17 +94190,317 @@ index 0000000..797d38e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), tgtd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), tgtd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+diff --git a/man/man8/thin_aeolus_configserver_selinux.8 b/man/man8/thin_aeolus_configserver_selinux.8
+new file mode 100644
+index 0000000..baf375f
+--- /dev/null
++++ b/man/man8/thin_aeolus_configserver_selinux.8
+@@ -0,0 +1,133 @@
++.TH "thin_aeolus_configserver_selinux" "8" "12-10-19" "thin_aeolus_configserver" "SELinux Policy documentation for thin_aeolus_configserver"
++.SH "NAME"
++thin_aeolus_configserver_selinux \- Security Enhanced Linux Policy for the thin_aeolus_configserver processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the thin_aeolus_configserver processes via flexible mandatory access control.
++
++The thin_aeolus_configserver processes execute with the thin_aeolus_configserver_t SELinux type. You can check if you have these processes running by executing the \fBps\fP command with the \fB\-Z\fP qualifier.
++
++For example:
++
++.B ps -eZ | grep thin_aeolus_configserver_t
++
++
++.SH "ENTRYPOINTS"
++
++The thin_aeolus_configserver_t SELinux type can be entered via the "thin_aeolus_configserver_exec_t" file type. The default entrypoint paths for the thin_aeolus_configserver_t domain are the following:"
++
++/usr/bin/aeolus-configserver-thinwrapper
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux thin_aeolus_configserver policy is very flexible allowing users to setup their thin_aeolus_configserver processes in as secure a method as possible.
++.PP
++The following process types are defined for thin_aeolus_configserver:
++
++.EX
++.B thin_aeolus_configserver_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux thin_aeolus_configserver policy is very flexible allowing users to setup their thin_aeolus_configserver processes in as secure a method as possible.
++.PP
++The following file types are defined for thin_aeolus_configserver:
++
++
++.EX
++.PP
++.B thin_aeolus_configserver_exec_t
++.EE
++
++- Set files with the thin_aeolus_configserver_exec_t type, if you want to transition an executable to the thin_aeolus_configserver_t domain.
++
++
++.EX
++.PP
++.B thin_aeolus_configserver_lib_t
++.EE
++
++- Set files with the thin_aeolus_configserver_lib_t type, if you want to treat the files as thin aeolus configserver lib data.
++
++
++.EX
++.PP
++.B thin_aeolus_configserver_log_t
++.EE
++
++- Set files with the thin_aeolus_configserver_log_t type, if you want to treat the data as thin aeolus configserver log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B thin_aeolus_configserver_var_run_t
++.EE
++
++- Set files with the thin_aeolus_configserver_var_run_t type, if you want to store the thin aeolus configserver files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH "MANAGED FILES"
++
++The SELinux process type thin_aeolus_configserver_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B thin_aeolus_configserver_lib_t
++
++ /var/lib/aeolus-configserver(/.*)?
++.br
++
++.br
++.B thin_aeolus_configserver_log_t
++
++ /var/log/aeolus-configserver(/.*)?
++.br
++
++.br
++.B thin_aeolus_configserver_var_run_t
++
++ /var/run/aeolus-configserver(/.*)?
++.br
++
++.SH NSSWITCH DOMAIN
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
++
++.SH "SEE ALSO"
++selinux(8), thin_aeolus_configserver(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
++, thin_selinux(8), thin_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/thin_selinux.8 b/man/man8/thin_selinux.8
+new file mode 100644
+index 0000000..12d1f83
+--- /dev/null
++++ b/man/man8/thin_selinux.8
+@@ -0,0 +1,151 @@
++.TH "thin_selinux" "8" "12-10-19" "thin" "SELinux Policy documentation for thin"
++.SH "NAME"
++thin_selinux \- Security Enhanced Linux Policy for the thin processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the thin processes via flexible mandatory access control.
++
++The thin processes execute with the thin_t SELinux type. You can check if you have these processes running by executing the \fBps\fP command with the \fB\-Z\fP qualifier.
++
++For example:
++
++.B ps -eZ | grep thin_t
++
++
++.SH "ENTRYPOINTS"
++
++The thin_t SELinux type can be entered via the "thin_exec_t" file type. The default entrypoint paths for the thin_t domain are the following:"
++
++/usr/bin/thin
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux thin policy is very flexible allowing users to setup their thin processes in as secure a method as possible.
++.PP
++The following process types are defined for thin:
++
++.EX
++.B thin_t, thin_aeolus_configserver_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux thin policy is very flexible allowing users to setup their thin processes in as secure a method as possible.
++.PP
++The following file types are defined for thin:
++
++
++.EX
++.PP
++.B thin_aeolus_configserver_exec_t
++.EE
++
++- Set files with the thin_aeolus_configserver_exec_t type, if you want to transition an executable to the thin_aeolus_configserver_t domain.
++
++
++.EX
++.PP
++.B thin_aeolus_configserver_lib_t
++.EE
++
++- Set files with the thin_aeolus_configserver_lib_t type, if you want to treat the files as thin aeolus configserver lib data.
++
++
++.EX
++.PP
++.B thin_aeolus_configserver_log_t
++.EE
++
++- Set files with the thin_aeolus_configserver_log_t type, if you want to treat the data as thin aeolus configserver log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B thin_aeolus_configserver_var_run_t
++.EE
++
++- Set files with the thin_aeolus_configserver_var_run_t type, if you want to store the thin aeolus configserver files under the /run directory.
++
++
++.EX
++.PP
++.B thin_exec_t
++.EE
++
++- Set files with the thin_exec_t type, if you want to transition an executable to the thin_t domain.
++
++
++.EX
++.PP
++.B thin_log_t
++.EE
++
++- Set files with the thin_log_t type, if you want to treat the data as thin log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B thin_var_run_t
++.EE
++
++- Set files with the thin_var_run_t type, if you want to store the thin files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH "MANAGED FILES"
++
++The SELinux process type thin_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B thin_log_t
++
++ /var/log/thin\.log.*
++.br
++
++.br
++.B thin_var_run_t
++
++ /var/run/aeolus/thin\.pid
++.br
++
++.SH NSSWITCH DOMAIN
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
++
++.SH "SEE ALSO"
++selinux(8), thin(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
++, thin_aeolus_configserver_selinux(8)
+\ No newline at end of file
diff --git a/man/man8/thumb_selinux.8 b/man/man8/thumb_selinux.8
new file mode 100644
-index 0000000..e6ab0d7
+index 0000000..bdf5681
--- /dev/null
+++ b/man/man8/thumb_selinux.8
-@@ -0,0 +1,238 @@
-+.TH "thumb_selinux" "8" "thumb" "dwalsh at redhat.com" "thumb SELinux Policy documentation"
+@@ -0,0 +1,236 @@
++.TH "thumb_selinux" "8" "12-10-19" "thumb" "SELinux Policy documentation for thumb"
+.SH "NAME"
+thumb_selinux \- Security Enhanced Linux Policy for the thumb processes
+.SH "DESCRIPTION"
@@ -93243,7 +94518,7 @@ index 0000000..e6ab0d7
+
+The thumb_t SELinux type can be entered via the "thumb_exec_t" file type. The default entrypoint paths for the thumb_t domain are the following:"
+
-+/usr/bin/whaaw-thumbnailer, /usr/lib/tumbler[^/]*/tumblerd, /usr/bin/raw-thumbnailer, /usr/bin/shotwell-video-thumbnailer, /usr/bin/evince-thumbnailer, /usr/bin/[^/]*thumbnailer, /usr/bin/ffmpegthumbnailer, /usr/bin/gsf-office-thumbnailer, /usr/bin/totem-video-thumbnailer, /usr/bin/gnome-thumbnail-font, /usr/bin/gnome-[^/]*-thumbnailer(.sh)?
++/usr/bin/[^/]*thumbnailer, /usr/bin/gnome-[^/]*-thumbnailer(.sh)?, /usr/lib/tumbler[^/]*/tumblerd, /usr/bin/raw-thumbnailer, /usr/bin/whaaw-thumbnailer, /usr/bin/ffmpegthumbnailer, /usr/bin/evince-thumbnailer, /usr/bin/gnome-thumbnail-font, /usr/bin/gsf-office-thumbnailer, /usr/bin/totem-video-thumbnailer, /usr/bin/shotwell-video-thumbnailer
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -93280,10 +94555,6 @@ index 0000000..e6ab0d7
+
+- Set files with the thumb_exec_t type, if you want to transition an executable to the thumb_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/whaaw-thumbnailer, /usr/lib/tumbler[^/]*/tumblerd, /usr/bin/raw-thumbnailer, /usr/bin/shotwell-video-thumbnailer, /usr/bin/evince-thumbnailer, /usr/bin/[^/]*thumbnailer, /usr/bin/ffmpegthumbnailer, /usr/bin/gsf-office-thumbnailer, /usr/bin/totem-video-thumbnailer, /usr/bin/gnome-thumbnail-font, /usr/bin/gnome-[^/]*-thumbnailer(.sh)?
+
+.EX
+.PP
@@ -93459,17 +94730,19 @@ index 0000000..e6ab0d7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), thumb(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), thumb(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/tmpreaper_selinux.8 b/man/man8/tmpreaper_selinux.8
new file mode 100644
-index 0000000..b615ec6
+index 0000000..4d98949
--- /dev/null
+++ b/man/man8/tmpreaper_selinux.8
-@@ -0,0 +1,138 @@
-+.TH "tmpreaper_selinux" "8" "tmpreaper" "dwalsh at redhat.com" "tmpreaper SELinux Policy documentation"
+@@ -0,0 +1,136 @@
++.TH "tmpreaper_selinux" "8" "12-10-19" "tmpreaper" "SELinux Policy documentation for tmpreaper"
+.SH "NAME"
+tmpreaper_selinux \- Security Enhanced Linux Policy for the tmpreaper processes
+.SH "DESCRIPTION"
@@ -93524,10 +94797,6 @@ index 0000000..b615ec6
+
+- Set files with the tmpreaper_exec_t type, if you want to transition an executable to the tmpreaper_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/tmpwatch, /usr/sbin/tmpreaper
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -93603,17 +94872,19 @@ index 0000000..b615ec6
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), tmpreaper(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), tmpreaper(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/tomcat_selinux.8 b/man/man8/tomcat_selinux.8
new file mode 100644
-index 0000000..e8eb1aa
+index 0000000..325c6f5
--- /dev/null
+++ b/man/man8/tomcat_selinux.8
-@@ -0,0 +1,164 @@
-+.TH "tomcat_selinux" "8" "tomcat" "dwalsh at redhat.com" "tomcat SELinux Policy documentation"
+@@ -0,0 +1,166 @@
++.TH "tomcat_selinux" "8" "12-10-19" "tomcat" "SELinux Policy documentation for tomcat"
+.SH "NAME"
+tomcat_selinux \- Security Enhanced Linux Policy for the tomcat processes
+.SH "DESCRIPTION"
@@ -93773,17 +95044,19 @@ index 0000000..e8eb1aa
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), tomcat(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), tomcat(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/tor_selinux.8 b/man/man8/tor_selinux.8
new file mode 100644
-index 0000000..d6c27eb
+index 0000000..ad6ffd9
--- /dev/null
+++ b/man/man8/tor_selinux.8
-@@ -0,0 +1,230 @@
-+.TH "tor_selinux" "8" "tor" "dwalsh at redhat.com" "tor SELinux Policy documentation"
+@@ -0,0 +1,231 @@
++.TH "tor_selinux" "8" "12-10-19" "tor" "SELinux Policy documentation for tor"
+.SH "NAME"
+tor_selinux \- Security Enhanced Linux Policy for the tor processes
+.SH "DESCRIPTION"
@@ -93801,7 +95074,7 @@ index 0000000..d6c27eb
+
+The tor_t SELinux type can be entered via the "tor_exec_t" file type. The default entrypoint paths for the tor_t domain are the following:"
+
-+/usr/sbin/tor, /usr/bin/tor
++/usr/bin/tor, /usr/sbin/tor
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -93831,6 +95104,13 @@ index 0000000..d6c27eb
+.B setsebool -P tor_bind_all_unreserved_ports 1
+.EE
+
++.PP
++If you want to allow tor daemon to bind tcp sockets to all unreserved ports, you must turn on the tor_bind_all_unreserved_ports boolean.
++
++.EX
++.B setsebool -P tor_bind_all_unreserved_ports 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -93857,10 +95137,6 @@ index 0000000..d6c27eb
+
+- Set files with the tor_exec_t type, if you want to transition an executable to the tor_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/tor, /usr/bin/tor
+
+.EX
+.PP
@@ -93885,10 +95161,6 @@ index 0000000..d6c27eb
+
+- Set files with the tor_var_lib_t type, if you want to store the tor files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/tor(/.*)?, /var/lib/tor-data(/.*)?
+
+.EX
+.PP
@@ -94008,19 +95280,21 @@ index 0000000..d6c27eb
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), tor(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), tor(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/traceroute_selinux.8 b/man/man8/traceroute_selinux.8
new file mode 100644
-index 0000000..40fae9f
+index 0000000..068445b
--- /dev/null
+++ b/man/man8/traceroute_selinux.8
-@@ -0,0 +1,132 @@
-+.TH "traceroute_selinux" "8" "traceroute" "dwalsh at redhat.com" "traceroute SELinux Policy documentation"
+@@ -0,0 +1,126 @@
++.TH "traceroute_selinux" "8" "12-10-19" "traceroute" "SELinux Policy documentation for traceroute"
+.SH "NAME"
+traceroute_selinux \- Security Enhanced Linux Policy for the traceroute processes
+.SH "DESCRIPTION"
@@ -94038,7 +95312,7 @@ index 0000000..40fae9f
+
+The traceroute_t SELinux type can be entered via the "traceroute_exec_t" file type. The default entrypoint paths for the traceroute_t domain are the following:"
+
-+/bin/tracepath.*, /usr/sbin/mtr, /usr/bin/traceroute.*, /usr/bin/nmap, /usr/bin/lft, /bin/traceroute.*, /usr/bin/tracepath.*, /usr/sbin/traceroute.*, /usr/bin/mtr
++/bin/tracepath.*, /bin/traceroute.*, /usr/bin/tracepath.*, /usr/bin/traceroute.*, /usr/sbin/traceroute.*, /usr/bin/lft, /usr/bin/mtr, /usr/bin/nmap, /usr/sbin/mtr
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -94075,10 +95349,6 @@ index 0000000..40fae9f
+
+- Set files with the traceroute_exec_t type, if you want to transition an executable to the traceroute_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/bin/tracepath.*, /usr/sbin/mtr, /usr/bin/traceroute.*, /usr/bin/nmap, /usr/bin/lft, /bin/traceroute.*, /usr/bin/tracepath.*, /usr/sbin/traceroute.*, /usr/bin/mtr
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -94110,10 +95380,6 @@ index 0000000..40fae9f
+Default Defined Ports:
+udp 64000-64010
+.EE
-+.SH "MANAGED FILES"
-+
-+The SELinux process type traceroute_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -94148,17 +95414,19 @@ index 0000000..40fae9f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), traceroute(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), traceroute(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/tuned_selinux.8 b/man/man8/tuned_selinux.8
new file mode 100644
-index 0000000..c7a9d44
+index 0000000..fd221b4
--- /dev/null
+++ b/man/man8/tuned_selinux.8
-@@ -0,0 +1,178 @@
-+.TH "tuned_selinux" "8" "tuned" "dwalsh at redhat.com" "tuned SELinux Policy documentation"
+@@ -0,0 +1,172 @@
++.TH "tuned_selinux" "8" "12-10-19" "tuned" "SELinux Policy documentation for tuned"
+.SH "NAME"
+tuned_selinux \- Security Enhanced Linux Policy for the tuned processes
+.SH "DESCRIPTION"
@@ -94237,10 +95505,6 @@ index 0000000..c7a9d44
+
+- Set files with the tuned_log_t type, if you want to treat the data as tuned log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/tuned\.log.*, /var/log/tuned(/.*)?
+
+.EX
+.PP
@@ -94257,10 +95521,6 @@ index 0000000..c7a9d44
+
+- Set files with the tuned_var_run_t type, if you want to store the tuned files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/tuned(/.*)?, /var/run/tuned\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -94332,17 +95592,19 @@ index 0000000..c7a9d44
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), tuned(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), tuned(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/tvtime_selinux.8 b/man/man8/tvtime_selinux.8
new file mode 100644
-index 0000000..03585c4
+index 0000000..ff273f8
--- /dev/null
+++ b/man/man8/tvtime_selinux.8
-@@ -0,0 +1,152 @@
-+.TH "tvtime_selinux" "8" "tvtime" "dwalsh at redhat.com" "tvtime SELinux Policy documentation"
+@@ -0,0 +1,154 @@
++.TH "tvtime_selinux" "8" "12-10-19" "tvtime" "SELinux Policy documentation for tvtime"
+.SH "NAME"
+tvtime_selinux \- Security Enhanced Linux Policy for the tvtime processes
+.SH "DESCRIPTION"
@@ -94490,17 +95752,19 @@ index 0000000..03585c4
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), tvtime(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), tvtime(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/udev_selinux.8 b/man/man8/udev_selinux.8
new file mode 100644
-index 0000000..dae2181
+index 0000000..dd00f98
--- /dev/null
+++ b/man/man8/udev_selinux.8
-@@ -0,0 +1,334 @@
-+.TH "udev_selinux" "8" "udev" "dwalsh at redhat.com" "udev SELinux Policy documentation"
+@@ -0,0 +1,330 @@
++.TH "udev_selinux" "8" "12-10-19" "udev" "SELinux Policy documentation for udev"
+.SH "NAME"
+udev_selinux \- Security Enhanced Linux Policy for the udev processes
+.SH "DESCRIPTION"
@@ -94518,7 +95782,7 @@ index 0000000..dae2181
+
+The udev_t SELinux type can be entered via the "udev_exec_t,udev_helper_exec_t" file types. The default entrypoint paths for the udev_t domain are the following:"
+
-+/lib/udev/udevd, /usr/bin/udevinfo, /sbin/udevd, /sbin/udev, /usr/sbin/wait_for_sysfs, /sbin/udevsend, /usr/sbin/udevadm, /usr/bin/udevadm, /usr/sbin/start_udev, /usr/sbin/udev, /usr/sbin/udevsend, /sbin/start_udev, /sbin/udevstart, /bin/udevadm, /sbin/wait_for_sysfs, /lib/udev/udev-acl, /sbin/udevadm, /usr/sbin/udevd, /usr/lib/systemd/systemd-udevd, /usr/sbin/udevstart, /usr/lib/udev/udev-acl, /usr/lib/udev/udevd, /etc/udev/scripts/.+, /etc/hotplug\.d/default/udev.*, /etc/dev\.d/.+
++/sbin/udev, /sbin/udevd, /bin/udevadm, /sbin/udevadm, /sbin/udevsend, /usr/sbin/udev, /lib/udev/udevd, /sbin/udevstart, /usr/sbin/udevd, /sbin/start_udev, /usr/bin/udevadm, /usr/bin/udevinfo, /usr/sbin/udevadm, /lib/udev/udev-acl, /usr/sbin/udevsend, /usr/sbin/udevstart, /usr/lib/udev/udevd, /sbin/wait_for_sysfs, /usr/sbin/start_udev, /usr/lib/udev/udev-acl, /usr/sbin/wait_for_sysfs, /usr/lib/systemd/systemd-udevd, /etc/dev\.d/.+, /etc/udev/scripts/.+, /etc/hotplug\.d/default/udev.*
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -94563,10 +95827,6 @@ index 0000000..dae2181
+
+- Set files with the udev_exec_t type, if you want to transition an executable to the udev_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/lib/udev/udevd, /usr/bin/udevinfo, /sbin/udevd, /sbin/udev, /usr/sbin/wait_for_sysfs, /sbin/udevsend, /usr/sbin/udevadm, /usr/bin/udevadm, /usr/sbin/start_udev, /usr/sbin/udev, /usr/sbin/udevsend, /sbin/start_udev, /sbin/udevstart, /bin/udevadm, /sbin/wait_for_sysfs, /lib/udev/udev-acl, /sbin/udevadm, /usr/sbin/udevd, /usr/lib/systemd/systemd-udevd, /usr/sbin/udevstart, /usr/lib/udev/udev-acl, /usr/lib/udev/udevd
+
+.EX
+.PP
@@ -94575,10 +95835,6 @@ index 0000000..dae2181
+
+- Set files with the udev_helper_exec_t type, if you want to transition an executable to the udev_helper_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/udev/scripts/.+, /etc/hotplug\.d/default/udev.*, /etc/dev\.d/.+
+
+.EX
+.PP
@@ -94595,10 +95851,6 @@ index 0000000..dae2181
+
+- Set files with the udev_var_run_t type, if you want to store the udev files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/udev(/.*)?, /var/run/PackageKit/udev(/.*)?, /dev/\.udevdb, /dev/\.udev(/.*)?, /dev/udev\.tbl, /var/run/libgpod(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -94662,6 +95914,12 @@ index 0000000..dae2181
+.br
+ /var/ftp/etc(/.*)?
+.br
++ /var/lib/openshift/.limits.d(/.*)?
++.br
++ /var/lib/openshift/.openshift-proxy.d(/.*)?
++.br
++ /var/lib/openshift/.stickshift-proxy.d(/.*)?
++.br
+ /var/lib/stickshift/.limits.d(/.*)?
+.br
+ /var/lib/stickshift/.stickshift-proxy.d(/.*)?
@@ -94830,17 +96088,19 @@ index 0000000..dae2181
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), udev(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), udev(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ulogd_selinux.8 b/man/man8/ulogd_selinux.8
new file mode 100644
-index 0000000..dd4e7bb
+index 0000000..5a8e319
--- /dev/null
+++ b/man/man8/ulogd_selinux.8
-@@ -0,0 +1,126 @@
-+.TH "ulogd_selinux" "8" "ulogd" "dwalsh at redhat.com" "ulogd SELinux Policy documentation"
+@@ -0,0 +1,128 @@
++.TH "ulogd_selinux" "8" "12-10-19" "ulogd" "SELinux Policy documentation for ulogd"
+.SH "NAME"
+ulogd_selinux \- Security Enhanced Linux Policy for the ulogd processes
+.SH "DESCRIPTION"
@@ -94962,17 +96222,19 @@ index 0000000..dd4e7bb
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ulogd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ulogd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/uml_selinux.8 b/man/man8/uml_selinux.8
new file mode 100644
-index 0000000..efb8e95
+index 0000000..7573309
--- /dev/null
+++ b/man/man8/uml_selinux.8
-@@ -0,0 +1,155 @@
-+.TH "uml_selinux" "8" "uml" "dwalsh at redhat.com" "uml SELinux Policy documentation"
+@@ -0,0 +1,157 @@
++.TH "uml_selinux" "8" "12-10-19" "uml" "SELinux Policy documentation for uml"
+.SH "NAME"
+uml_selinux \- Security Enhanced Linux Policy for the uml processes
+.SH "DESCRIPTION"
@@ -95122,19 +96384,21 @@ index 0000000..efb8e95
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), uml(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), uml(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, uml_switch_selinux(8)
\ No newline at end of file
diff --git a/man/man8/uml_switch_selinux.8 b/man/man8/uml_switch_selinux.8
new file mode 100644
-index 0000000..6c1bc5e
+index 0000000..bc24ea1
--- /dev/null
+++ b/man/man8/uml_switch_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "uml_switch_selinux" "8" "uml_switch" "dwalsh at redhat.com" "uml_switch SELinux Policy documentation"
+@@ -0,0 +1,105 @@
++.TH "uml_switch_selinux" "8" "12-10-19" "uml_switch" "SELinux Policy documentation for uml_switch"
+.SH "NAME"
+uml_switch_selinux \- Security Enhanced Linux Policy for the uml_switch processes
+.SH "DESCRIPTION"
@@ -95232,18 +96496,20 @@ index 0000000..6c1bc5e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), uml_switch(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), uml_switch(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, uml_selinux(8), uml_selinux(8)
\ No newline at end of file
diff --git a/man/man8/unconfined_selinux.8 b/man/man8/unconfined_selinux.8
new file mode 100644
-index 0000000..105d368
+index 0000000..af0e66b
--- /dev/null
+++ b/man/man8/unconfined_selinux.8
-@@ -0,0 +1,121 @@
+@@ -0,0 +1,165 @@
+.TH "unconfined_selinux" "8" "unconfined" "mgrepl at redhat.com" "unconfined SELinux Policy documentation"
+.SH "NAME"
+unconfined_r \- \fBUnconfiend user role\fP - Security Enhanced Linux Policy
@@ -95291,17 +96557,17 @@ index 0000000..105d368
+
+
+.PP
-+If you want to allow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container, you must turn on the unconfined_mozilla_plugin_transition boolean.
++If you want to allow database admins to execute DML statement, you must turn on the postgresql_selinux_unconfined_dbadm boolean.
+
+.EX
-+.B setsebool -P unconfined_mozilla_plugin_transition 1
++.B setsebool -P postgresql_selinux_unconfined_dbadm 1
+.EE
+
+.PP
-+If you want to allow database admins to execute DML statement, you must turn on the postgresql_selinux_unconfined_dbadm boolean.
++If you want to allow unconfined users to transition to the chrome sandbox domains when running chrome-sandbox, you must turn on the unconfined_chrome_sandbox_transition boolean.
+
+.EX
-+.B setsebool -P postgresql_selinux_unconfined_dbadm 1
++.B setsebool -P unconfined_chrome_sandbox_transition 1
+.EE
+
+.PP
@@ -95312,6 +96578,34 @@ index 0000000..105d368
+.EE
+
+.PP
++If you want to allow samba to run unconfined scripts, you must turn on the samba_run_unconfined boolean.
++
++.EX
++.B setsebool -P samba_run_unconfined 1
++.EE
++
++.PP
++If you want to allow video playing tools to run unconfined, you must turn on the unconfined_mplayer boolean.
++
++.EX
++.B setsebool -P unconfined_mplayer 1
++.EE
++
++.PP
++If you want to allow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container, you must turn on the unconfined_mozilla_plugin_transition boolean.
++
++.EX
++.B setsebool -P unconfined_mozilla_plugin_transition 1
++.EE
++
++.PP
++If you want to allow database admins to execute DML statement, you must turn on the postgresql_selinux_unconfined_dbadm boolean.
++
++.EX
++.B setsebool -P postgresql_selinux_unconfined_dbadm 1
++.EE
++
++.PP
+If you want to allow unconfined users to transition to the chrome sandbox domains when running chrome-sandbox, you must turn on the unconfined_chrome_sandbox_transition boolean.
+
+.EX
@@ -95319,6 +96613,13 @@ index 0000000..105d368
+.EE
+
+.PP
++If you want to allow a user to login as an unconfined domain, you must turn on the unconfined_login boolean.
++
++.EX
++.B setsebool -P unconfined_login 1
++.EE
++
++.PP
+If you want to allow samba to run unconfined scripts, you must turn on the samba_run_unconfined boolean.
+
+.EX
@@ -95332,6 +96633,13 @@ index 0000000..105d368
+.B setsebool -P unconfined_mplayer 1
+.EE
+
++.PP
++If you want to allow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container, you must turn on the unconfined_mozilla_plugin_transition boolean.
++
++.EX
++.B setsebool -P unconfined_mozilla_plugin_transition 1
++.EE
++
+.SH "MANAGED FILES"
+
+The SELinux process type unconfined_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
@@ -95360,19 +96668,21 @@ index 0000000..105d368
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), unconfined(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), unconfined(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/update_modules_selinux.8 b/man/man8/update_modules_selinux.8
new file mode 100644
-index 0000000..a14a513
+index 0000000..499e40e
--- /dev/null
+++ b/man/man8/update_modules_selinux.8
-@@ -0,0 +1,124 @@
-+.TH "update_modules_selinux" "8" "update_modules" "dwalsh at redhat.com" "update_modules SELinux Policy documentation"
+@@ -0,0 +1,122 @@
++.TH "update_modules_selinux" "8" "12-10-19" "update_modules" "SELinux Policy documentation for update_modules"
+.SH "NAME"
+update_modules_selinux \- Security Enhanced Linux Policy for the update_modules processes
+.SH "DESCRIPTION"
@@ -95390,7 +96700,7 @@ index 0000000..a14a513
+
+The update_modules_t SELinux type can be entered via the "update_modules_exec_t" file type. The default entrypoint paths for the update_modules_t domain are the following:"
+
-+/usr/sbin/modules-update, /sbin/modules-update, /sbin/generate-modprobe\.conf, /sbin/update-modules, /usr/sbin/generate-modprobe\.conf, /usr/sbin/update-modules
++/sbin/modules-update, /sbin/update-modules, /usr/sbin/modules-update, /usr/sbin/update-modules, /sbin/generate-modprobe\.conf, /usr/sbin/generate-modprobe\.conf
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -95427,10 +96737,6 @@ index 0000000..a14a513
+
+- Set files with the update_modules_exec_t type, if you want to transition an executable to the update_modules_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/modules-update, /sbin/modules-update, /sbin/generate-modprobe\.conf, /sbin/update-modules, /usr/sbin/generate-modprobe\.conf, /usr/sbin/update-modules
+
+.EX
+.PP
@@ -95492,17 +96798,19 @@ index 0000000..a14a513
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), update_modules(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), update_modules(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/updfstab_selinux.8 b/man/man8/updfstab_selinux.8
new file mode 100644
-index 0000000..1d57844
+index 0000000..762e143
--- /dev/null
+++ b/man/man8/updfstab_selinux.8
-@@ -0,0 +1,166 @@
-+.TH "updfstab_selinux" "8" "updfstab" "dwalsh at redhat.com" "updfstab SELinux Policy documentation"
+@@ -0,0 +1,170 @@
++.TH "updfstab_selinux" "8" "12-10-19" "updfstab" "SELinux Policy documentation for updfstab"
+.SH "NAME"
+updfstab_selinux \- Security Enhanced Linux Policy for the updfstab processes
+.SH "DESCRIPTION"
@@ -95557,10 +96865,6 @@ index 0000000..1d57844
+
+- Set files with the updfstab_exec_t type, if you want to transition an executable to the updfstab_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/updfstab, /usr/sbin/fstab-sync
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -95584,6 +96888,12 @@ index 0000000..1d57844
+.br
+ /var/ftp/etc(/.*)?
+.br
++ /var/lib/openshift/.limits.d(/.*)?
++.br
++ /var/lib/openshift/.openshift-proxy.d(/.*)?
++.br
++ /var/lib/openshift/.stickshift-proxy.d(/.*)?
++.br
+ /var/lib/stickshift/.limits.d(/.*)?
+.br
+ /var/lib/stickshift/.stickshift-proxy.d(/.*)?
@@ -95664,17 +96974,19 @@ index 0000000..1d57844
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), updfstab(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), updfstab(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/updpwd_selinux.8 b/man/man8/updpwd_selinux.8
new file mode 100644
-index 0000000..957e845
+index 0000000..d7c1efd
--- /dev/null
+++ b/man/man8/updpwd_selinux.8
-@@ -0,0 +1,168 @@
-+.TH "updpwd_selinux" "8" "updpwd" "dwalsh at redhat.com" "updpwd SELinux Policy documentation"
+@@ -0,0 +1,172 @@
++.TH "updpwd_selinux" "8" "12-10-19" "updpwd" "SELinux Policy documentation for updpwd"
+.SH "NAME"
+updpwd_selinux \- Security Enhanced Linux Policy for the updpwd processes
+.SH "DESCRIPTION"
@@ -95729,10 +97041,6 @@ index 0000000..957e845
+
+- Set files with the updpwd_exec_t type, if you want to transition an executable to the updpwd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/unix_update, /usr/sbin/unix_update
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -95756,6 +97064,12 @@ index 0000000..957e845
+.br
+ /var/ftp/etc(/.*)?
+.br
++ /var/lib/openshift/.limits.d(/.*)?
++.br
++ /var/lib/openshift/.openshift-proxy.d(/.*)?
++.br
++ /var/lib/openshift/.stickshift-proxy.d(/.*)?
++.br
+ /var/lib/stickshift/.limits.d(/.*)?
+.br
+ /var/lib/stickshift/.stickshift-proxy.d(/.*)?
@@ -95838,17 +97152,19 @@ index 0000000..957e845
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), updpwd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), updpwd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/usbmodules_selinux.8 b/man/man8/usbmodules_selinux.8
new file mode 100644
-index 0000000..4134cc4
+index 0000000..356c800
--- /dev/null
+++ b/man/man8/usbmodules_selinux.8
-@@ -0,0 +1,96 @@
-+.TH "usbmodules_selinux" "8" "usbmodules" "dwalsh at redhat.com" "usbmodules SELinux Policy documentation"
+@@ -0,0 +1,94 @@
++.TH "usbmodules_selinux" "8" "12-10-19" "usbmodules" "SELinux Policy documentation for usbmodules"
+.SH "NAME"
+usbmodules_selinux \- Security Enhanced Linux Policy for the usbmodules processes
+.SH "DESCRIPTION"
@@ -95866,7 +97182,7 @@ index 0000000..4134cc4
+
+The usbmodules_t SELinux type can be entered via the "usbmodules_exec_t" file type. The default entrypoint paths for the usbmodules_t domain are the following:"
+
-+/usr/sbin/usbmodules, /sbin/usbmodules
++/sbin/usbmodules, /usr/sbin/usbmodules
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -95903,10 +97219,6 @@ index 0000000..4134cc4
+
+- Set files with the usbmodules_exec_t type, if you want to transition an executable to the usbmodules_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/usbmodules, /sbin/usbmodules
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -95940,17 +97252,19 @@ index 0000000..4134cc4
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), usbmodules(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), usbmodules(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/usbmuxd_selinux.8 b/man/man8/usbmuxd_selinux.8
new file mode 100644
-index 0000000..b1c1d8b
+index 0000000..85568af
--- /dev/null
+++ b/man/man8/usbmuxd_selinux.8
-@@ -0,0 +1,116 @@
-+.TH "usbmuxd_selinux" "8" "usbmuxd" "dwalsh at redhat.com" "usbmuxd SELinux Policy documentation"
+@@ -0,0 +1,126 @@
++.TH "usbmuxd_selinux" "8" "12-10-19" "usbmuxd" "SELinux Policy documentation for usbmuxd"
+.SH "NAME"
+usbmuxd_selinux \- Security Enhanced Linux Policy for the usbmuxd processes
+.SH "DESCRIPTION"
@@ -96008,6 +97322,14 @@ index 0000000..b1c1d8b
+
+.EX
+.PP
++.B usbmuxd_unit_file_t
++.EE
++
++- Set files with the usbmuxd_unit_file_t type, if you want to treat the files as usbmuxd unit content.
++
++
++.EX
++.PP
+.B usbmuxd_var_run_t
+.EE
+
@@ -96062,16 +97384,18 @@ index 0000000..b1c1d8b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), usbmuxd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), usbmuxd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/user_selinux.8 b/man/man8/user_selinux.8
new file mode 100644
-index 0000000..117ac1a
+index 0000000..591eeb2
--- /dev/null
+++ b/man/man8/user_selinux.8
-@@ -0,0 +1,586 @@
+@@ -0,0 +1,749 @@
+.TH "user_selinux" "8" "user" "mgrepl at redhat.com" "user SELinux Policy documentation"
+.SH "NAME"
+user_u \- \fBGeneric unprivileged user\fP - Security Enhanced Linux Policy
@@ -96134,10 +97458,10 @@ index 0000000..117ac1a
+.TP
+The SELinux user user_u is able to listen on the following udp ports.
+
-+.B all ports with out defined types
-+
+.B ephemeral_port_t: 32768-61000
+
++.B all ports with out defined types
++
+.TP
+The SELinux user user_u is able to connect to the following tcp ports.
+
@@ -96148,10 +97472,52 @@ index 0000000..117ac1a
+
+
+.PP
-+If you want to allow clamscan to read user content, you must turn on the clamscan_read_user_content boolean.
++If you want to allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla, you must turn on the selinuxuser_execstack boolean.
+
+.EX
-+.B setsebool -P clamscan_read_user_content 1
++.B setsebool -P selinuxuser_execstack 1
++.EE
++
++.PP
++If you want to determine whether calling user domains can execute Polipo daemon in the polipo_session_t domain, you must turn on the polipo_session_users boolean.
++
++.EX
++.B setsebool -P polipo_session_users 1
++.EE
++
++.PP
++If you want to allow confined users the ability to execute the ping and traceroute commands, you must turn on the selinuxuser_ping boolean.
++
++.EX
++.B setsebool -P selinuxuser_ping 1
++.EE
++
++.PP
++If you want to allow user music sharing, you must turn on the selinuxuser_user_share_music boolean.
++
++.EX
++.B setsebool -P selinuxuser_user_share_music 1
++.EE
++
++.PP
++If you want to allow unprivledged user to create and transition to svirt domains, you must turn on the unprivuser_use_svirt boolean.
++
++.EX
++.B setsebool -P unprivuser_use_svirt 1
++.EE
++
++.PP
++If you want to allow regular users direct dri device access, you must turn on the selinuxuser_direct_dri_enabled boolean.
++
++.EX
++.B setsebool -P selinuxuser_direct_dri_enabled 1
++.EE
++
++.PP
++If you want to allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols, you must turn on the selinuxuser_tcp_server boolean.
++
++.EX
++.B setsebool -P selinuxuser_tcp_server 1
+.EE
+
+.PP
@@ -96162,17 +97528,24 @@ index 0000000..117ac1a
+.EE
+
+.PP
-+If you want to allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t, you must turn on the selinuxuser_execmod boolean.
++If you want to allow users to connect to PostgreSQL, you must turn on the selinuxuser_postgresql_connect_enabled boolean.
+
+.EX
-+.B setsebool -P selinuxuser_execmod 1
++.B setsebool -P selinuxuser_postgresql_connect_enabled 1
+.EE
+
+.PP
-+If you want to allow exim to read unprivileged user files, you must turn on the exim_read_user_files boolean.
++If you want to allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY), you must turn on the selinuxuser_rw_noexattrfile boolean.
+
+.EX
-+.B setsebool -P exim_read_user_files 1
++.B setsebool -P selinuxuser_rw_noexattrfile 1
++.EE
++
++.PP
++If you want to allow httpd to read user content, you must turn on the httpd_read_user_content boolean.
++
++.EX
++.B setsebool -P httpd_read_user_content 1
+.EE
+
+.PP
@@ -96183,6 +97556,20 @@ index 0000000..117ac1a
+.EE
+
+.PP
++If you want to allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t, you must turn on the selinuxuser_execmod boolean.
++
++.EX
++.B setsebool -P selinuxuser_execmod 1
++.EE
++
++.PP
++If you want to allow webadm to manage files in users home directories, you must turn on the webadm_manage_user_files boolean.
++
++.EX
++.B setsebool -P webadm_manage_user_files 1
++.EE
++
++.PP
+If you want to allow pppd to be run for a regular user, you must turn on the pppd_for_user boolean.
+
+.EX
@@ -96190,10 +97577,31 @@ index 0000000..117ac1a
+.EE
+
+.PP
-+If you want to allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY), you must turn on the selinuxuser_rw_noexattrfile boolean.
++If you want to allow users to connect to the local mysql server, you must turn on the selinuxuser_mysql_connect_enabled boolean.
+
+.EX
-+.B setsebool -P selinuxuser_rw_noexattrfile 1
++.B setsebool -P selinuxuser_mysql_connect_enabled 1
++.EE
++
++.PP
++If you want to allow clamscan to read user content, you must turn on the clamscan_read_user_content boolean.
++
++.EX
++.B setsebool -P clamscan_read_user_content 1
++.EE
++
++.PP
++If you want to allow dbadm to manage files in users home directories, you must turn on the dbadm_manage_user_files boolean.
++
++.EX
++.B setsebool -P dbadm_manage_user_files 1
++.EE
++
++.PP
++If you want to allow exim to create, read, write, and delete unprivileged user files, you must turn on the exim_manage_user_files boolean.
++
++.EX
++.B setsebool -P exim_manage_user_files 1
+.EE
+
+.PP
@@ -96204,17 +97612,45 @@ index 0000000..117ac1a
+.EE
+
+.PP
-+If you want to allow regular users direct dri device access, you must turn on the selinuxuser_direct_dri_enabled boolean.
++If you want to allow dbadm to read files in users home directories, you must turn on the dbadm_read_user_files boolean.
+
+.EX
-+.B setsebool -P selinuxuser_direct_dri_enabled 1
++.B setsebool -P dbadm_read_user_files 1
+.EE
+
+.PP
-+If you want to allow dbadm to manage files in users home directories, you must turn on the dbadm_manage_user_files boolean.
++If you want to allow exim to read unprivileged user files, you must turn on the exim_read_user_files boolean.
+
+.EX
-+.B setsebool -P dbadm_manage_user_files 1
++.B setsebool -P exim_read_user_files 1
++.EE
++
++.PP
++If you want to allow webadm to read files in users home directories, you must turn on the webadm_read_user_files boolean.
++
++.EX
++.B setsebool -P webadm_read_user_files 1
++.EE
++
++.PP
++If you want to allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla, you must turn on the selinuxuser_execstack boolean.
++
++.EX
++.B setsebool -P selinuxuser_execstack 1
++.EE
++
++.PP
++If you want to determine whether calling user domains can execute Polipo daemon in the polipo_session_t domain, you must turn on the polipo_session_users boolean.
++
++.EX
++.B setsebool -P polipo_session_users 1
++.EE
++
++.PP
++If you want to allow confined users the ability to execute the ping and traceroute commands, you must turn on the selinuxuser_ping boolean.
++
++.EX
++.B setsebool -P selinuxuser_ping 1
+.EE
+
+.PP
@@ -96225,10 +97661,17 @@ index 0000000..117ac1a
+.EE
+
+.PP
-+If you want to allow users to connect to PostgreSQL, you must turn on the selinuxuser_postgresql_connect_enabled boolean.
++If you want to allow unprivledged user to create and transition to svirt domains, you must turn on the unprivuser_use_svirt boolean.
+
+.EX
-+.B setsebool -P selinuxuser_postgresql_connect_enabled 1
++.B setsebool -P unprivuser_use_svirt 1
++.EE
++
++.PP
++If you want to allow regular users direct dri device access, you must turn on the selinuxuser_direct_dri_enabled boolean.
++
++.EX
++.B setsebool -P selinuxuser_direct_dri_enabled 1
+.EE
+
+.PP
@@ -96239,24 +97682,24 @@ index 0000000..117ac1a
+.EE
+
+.PP
-+If you want to allow unprivledged user to create and transition to svirt domains, you must turn on the unprivuser_use_svirt boolean.
++If you want to allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla, you must turn on the selinuxuser_execheap boolean.
+
+.EX
-+.B setsebool -P unprivuser_use_svirt 1
++.B setsebool -P selinuxuser_execheap 1
+.EE
+
+.PP
-+If you want to allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla, you must turn on the selinuxuser_execstack boolean.
++If you want to allow users to connect to PostgreSQL, you must turn on the selinuxuser_postgresql_connect_enabled boolean.
+
+.EX
-+.B setsebool -P selinuxuser_execstack 1
++.B setsebool -P selinuxuser_postgresql_connect_enabled 1
+.EE
+
+.PP
-+If you want to allow webadm to read files in users home directories, you must turn on the webadm_read_user_files boolean.
++If you want to allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY), you must turn on the selinuxuser_rw_noexattrfile boolean.
+
+.EX
-+.B setsebool -P webadm_read_user_files 1
++.B setsebool -P selinuxuser_rw_noexattrfile 1
+.EE
+
+.PP
@@ -96267,10 +97710,52 @@ index 0000000..117ac1a
+.EE
+
+.PP
-+If you want to allow confined users the ability to execute the ping and traceroute commands, you must turn on the selinuxuser_ping boolean.
++If you want to allow unprivileged users to execute DDL statement, you must turn on the postgresql_selinux_users_ddl boolean.
+
+.EX
-+.B setsebool -P selinuxuser_ping 1
++.B setsebool -P postgresql_selinux_users_ddl 1
++.EE
++
++.PP
++If you want to allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t, you must turn on the selinuxuser_execmod boolean.
++
++.EX
++.B setsebool -P selinuxuser_execmod 1
++.EE
++
++.PP
++If you want to allow webadm to manage files in users home directories, you must turn on the webadm_manage_user_files boolean.
++
++.EX
++.B setsebool -P webadm_manage_user_files 1
++.EE
++
++.PP
++If you want to allow pppd to be run for a regular user, you must turn on the pppd_for_user boolean.
++
++.EX
++.B setsebool -P pppd_for_user 1
++.EE
++
++.PP
++If you want to allow users to connect to the local mysql server, you must turn on the selinuxuser_mysql_connect_enabled boolean.
++
++.EX
++.B setsebool -P selinuxuser_mysql_connect_enabled 1
++.EE
++
++.PP
++If you want to allow clamscan to read user content, you must turn on the clamscan_read_user_content boolean.
++
++.EX
++.B setsebool -P clamscan_read_user_content 1
++.EE
++
++.PP
++If you want to allow dbadm to manage files in users home directories, you must turn on the dbadm_manage_user_files boolean.
++
++.EX
++.B setsebool -P dbadm_manage_user_files 1
+.EE
+
+.PP
@@ -96281,31 +97766,31 @@ index 0000000..117ac1a
+.EE
+
+.PP
-+If you want to allow dbadm to read files in users home directories, you must turn on the dbadm_read_user_files boolean.
++If you want to determine whether calling user domains can execute Git daemon in the git_session_t domain, you must turn on the git_session_users boolean.
+
+.EX
-+.B setsebool -P dbadm_read_user_files 1
++.B setsebool -P git_session_users 1
+.EE
+
+.PP
-+If you want to determine whether calling user domains can execute Polipo daemon in the polipo_session_t domain, you must turn on the polipo_session_users boolean.
++If you want to allow dbadm to read files in users home directories, you must turn on the dbadm_read_user_files boolean.
+
+.EX
-+.B setsebool -P polipo_session_users 1
++.B setsebool -P dbadm_read_user_files 1
+.EE
+
+.PP
-+If you want to allow webadm to manage files in users home directories, you must turn on the webadm_manage_user_files boolean.
++If you want to allow exim to read unprivileged user files, you must turn on the exim_read_user_files boolean.
+
+.EX
-+.B setsebool -P webadm_manage_user_files 1
++.B setsebool -P exim_read_user_files 1
+.EE
+
+.PP
-+If you want to allow users to connect to the local mysql server, you must turn on the selinuxuser_mysql_connect_enabled boolean.
++If you want to allow webadm to read files in users home directories, you must turn on the webadm_read_user_files boolean.
+
+.EX
-+.B setsebool -P selinuxuser_mysql_connect_enabled 1
++.B setsebool -P webadm_read_user_files 1
+.EE
+
+.SH HOME_EXEC
@@ -96324,7 +97809,7 @@ index 0000000..117ac1a
+
+Execute the following to see the types that the SELinux user user_t can execute without transitioning:
+
-+.B sesearch -A -s user_t -c file -p execute_no_trans
++.B search -A -s user_t -c file -p execute_no_trans
+
+.TP
+
@@ -96332,7 +97817,7 @@ index 0000000..117ac1a
+
+Execute the following to see the types that the SELinux user user_t can execute and transition:
+
-+.B $ sesearch -A -s user_t -c process -p transition
++.B $ search -A -s user_t -c process -p transition
+
+
+.SH "MANAGED FILES"
@@ -96653,19 +98138,21 @@ index 0000000..117ac1a
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), user(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), user(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), useradd_selinux(8), usernetctl_selinux(8)
\ No newline at end of file
diff --git a/man/man8/useradd_selinux.8 b/man/man8/useradd_selinux.8
new file mode 100644
-index 0000000..4bf88e3
+index 0000000..0405c58
--- /dev/null
+++ b/man/man8/useradd_selinux.8
-@@ -0,0 +1,309 @@
-+.TH "useradd_selinux" "8" "useradd" "dwalsh at redhat.com" "useradd SELinux Policy documentation"
+@@ -0,0 +1,313 @@
++.TH "useradd_selinux" "8" "12-10-19" "useradd" "SELinux Policy documentation for useradd"
+.SH "NAME"
+useradd_selinux \- Security Enhanced Linux Policy for the useradd processes
+.SH "DESCRIPTION"
@@ -96681,9 +98168,9 @@ index 0000000..4bf88e3
+
+.SH "ENTRYPOINTS"
+
-+The useradd_t SELinux type can be entered via the "user_home_t,useradd_exec_t" file types. The default entrypoint paths for the useradd_t domain are the following:"
++The useradd_t SELinux type can be entered via the "useradd_exec_t,user_home_t" file types. The default entrypoint paths for the useradd_t domain are the following:"
+
-+/usr/sbin/useradd, /usr/sbin/usermod, /usr/sbin/userdel, /usr/sbin/newusers
++/usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/usermod, /usr/sbin/newusers, /home/[^/]*/.+, /home/dwalsh/.+, /var/lib/xguest/home/xguest/.+
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -96720,10 +98207,6 @@ index 0000000..4bf88e3
+
+- Set files with the useradd_exec_t type, if you want to transition an executable to the useradd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/useradd, /usr/sbin/usermod, /usr/sbin/userdel, /usr/sbin/newusers
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -96755,6 +98238,12 @@ index 0000000..4bf88e3
+.br
+ /var/ftp/etc(/.*)?
+.br
++ /var/lib/openshift/.limits.d(/.*)?
++.br
++ /var/lib/openshift/.openshift-proxy.d(/.*)?
++.br
++ /var/lib/openshift/.stickshift-proxy.d(/.*)?
++.br
+ /var/lib/stickshift/.limits.d(/.*)?
+.br
+ /var/lib/stickshift/.stickshift-proxy.d(/.*)?
@@ -96969,19 +98458,21 @@ index 0000000..4bf88e3
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), useradd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), useradd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, user_selinux(8)
\ No newline at end of file
diff --git a/man/man8/usernetctl_selinux.8 b/man/man8/usernetctl_selinux.8
new file mode 100644
-index 0000000..8a9b778
+index 0000000..9db2113
--- /dev/null
+++ b/man/man8/usernetctl_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "usernetctl_selinux" "8" "usernetctl" "dwalsh at redhat.com" "usernetctl SELinux Policy documentation"
+@@ -0,0 +1,101 @@
++.TH "usernetctl_selinux" "8" "12-10-19" "usernetctl" "SELinux Policy documentation for usernetctl"
+.SH "NAME"
+usernetctl_selinux \- Security Enhanced Linux Policy for the usernetctl processes
+.SH "DESCRIPTION"
@@ -97044,10 +98535,6 @@ index 0000000..8a9b778
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type usernetctl_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -97079,19 +98566,21 @@ index 0000000..8a9b778
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), usernetctl(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), usernetctl(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, user_selinux(8)
\ No newline at end of file
diff --git a/man/man8/utempter_selinux.8 b/man/man8/utempter_selinux.8
new file mode 100644
-index 0000000..5090b6c
+index 0000000..3111f8a
--- /dev/null
+++ b/man/man8/utempter_selinux.8
-@@ -0,0 +1,132 @@
-+.TH "utempter_selinux" "8" "utempter" "dwalsh at redhat.com" "utempter SELinux Policy documentation"
+@@ -0,0 +1,134 @@
++.TH "utempter_selinux" "8" "12-10-19" "utempter" "SELinux Policy documentation for utempter"
+.SH "NAME"
+utempter_selinux \- Security Enhanced Linux Policy for the utempter processes
+.SH "DESCRIPTION"
@@ -97219,17 +98708,19 @@ index 0000000..5090b6c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), utempter(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), utempter(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/uucpd_selinux.8 b/man/man8/uucpd_selinux.8
new file mode 100644
-index 0000000..cdccb8f
+index 0000000..3001324
--- /dev/null
+++ b/man/man8/uucpd_selinux.8
-@@ -0,0 +1,220 @@
-+.TH "uucpd_selinux" "8" "uucpd" "dwalsh at redhat.com" "uucpd SELinux Policy documentation"
+@@ -0,0 +1,218 @@
++.TH "uucpd_selinux" "8" "12-10-19" "uucpd" "SELinux Policy documentation for uucpd"
+.SH "NAME"
+uucpd_selinux \- Security Enhanced Linux Policy for the uucpd processes
+.SH "DESCRIPTION"
@@ -97324,10 +98815,6 @@ index 0000000..cdccb8f
+
+- Set files with the uucpd_spool_t type, if you want to store the uucpd files under the /var/spool directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/spool/uucppublic(/.*)?, /var/spool/uucp(/.*)?
+
+.EX
+.PP
@@ -97445,17 +98932,19 @@ index 0000000..cdccb8f
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), uucpd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), uucpd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/uuidd_selinux.8 b/man/man8/uuidd_selinux.8
new file mode 100644
-index 0000000..fb3f865
+index 0000000..1f1229d
--- /dev/null
+++ b/man/man8/uuidd_selinux.8
-@@ -0,0 +1,124 @@
-+.TH "uuidd_selinux" "8" "uuidd" "dwalsh at redhat.com" "uuidd SELinux Policy documentation"
+@@ -0,0 +1,126 @@
++.TH "uuidd_selinux" "8" "12-10-19" "uuidd" "SELinux Policy documentation for uuidd"
+.SH "NAME"
+uuidd_selinux \- Security Enhanced Linux Policy for the uuidd processes
+.SH "DESCRIPTION"
@@ -97575,17 +99064,19 @@ index 0000000..fb3f865
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), uuidd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), uuidd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/uux_selinux.8 b/man/man8/uux_selinux.8
new file mode 100644
-index 0000000..4ee339d
+index 0000000..b30b512
--- /dev/null
+++ b/man/man8/uux_selinux.8
-@@ -0,0 +1,114 @@
-+.TH "uux_selinux" "8" "uux" "dwalsh at redhat.com" "uux SELinux Policy documentation"
+@@ -0,0 +1,116 @@
++.TH "uux_selinux" "8" "12-10-19" "uux" "SELinux Policy documentation for uux"
+.SH "NAME"
+uux_selinux \- Security Enhanced Linux Policy for the uux processes
+.SH "DESCRIPTION"
@@ -97695,17 +99186,19 @@ index 0000000..4ee339d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), uux(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), uux(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/varnishd_selinux.8 b/man/man8/varnishd_selinux.8
new file mode 100644
-index 0000000..3934249
+index 0000000..4966494
--- /dev/null
+++ b/man/man8/varnishd_selinux.8
-@@ -0,0 +1,199 @@
-+.TH "varnishd_selinux" "8" "varnishd" "dwalsh at redhat.com" "varnishd SELinux Policy documentation"
+@@ -0,0 +1,208 @@
++.TH "varnishd_selinux" "8" "12-10-19" "varnishd" "SELinux Policy documentation for varnishd"
+.SH "NAME"
+varnishd_selinux \- Security Enhanced Linux Policy for the varnishd processes
+.SH "DESCRIPTION"
@@ -97753,6 +99246,13 @@ index 0000000..3934249
+.B setsebool -P varnishd_connect_any 1
+.EE
+
++.PP
++If you want to allow varnishd to connect to all ports, not just HTTP, you must turn on the varnishd_connect_any boolean.
++
++.EX
++.B setsebool -P varnishd_connect_any 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -97899,19 +99399,21 @@ index 0000000..3934249
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), varnishd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), varnishd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), varnishlog_selinux(8)
\ No newline at end of file
diff --git a/man/man8/varnishlog_selinux.8 b/man/man8/varnishlog_selinux.8
new file mode 100644
-index 0000000..cc040f9
+index 0000000..9ef9816
--- /dev/null
+++ b/man/man8/varnishlog_selinux.8
-@@ -0,0 +1,138 @@
-+.TH "varnishlog_selinux" "8" "varnishlog" "dwalsh at redhat.com" "varnishlog SELinux Policy documentation"
+@@ -0,0 +1,128 @@
++.TH "varnishlog_selinux" "8" "12-10-19" "varnishlog" "SELinux Policy documentation for varnishlog"
+.SH "NAME"
+varnishlog_selinux \- Security Enhanced Linux Policy for the varnishlog processes
+.SH "DESCRIPTION"
@@ -97929,7 +99431,7 @@ index 0000000..cc040f9
+
+The varnishlog_t SELinux type can be entered via the "varnishlog_exec_t" file type. The default entrypoint paths for the varnishlog_t domain are the following:"
+
-+/usr/bin/varnisncsa, /usr/bin/varnishlog
++/usr/bin/varnishlog, /usr/bin/varnisncsa
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -97966,10 +99468,6 @@ index 0000000..cc040f9
+
+- Set files with the varnishlog_exec_t type, if you want to transition an executable to the varnishlog_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/varnisncsa, /usr/bin/varnishlog
+
+.EX
+.PP
@@ -97978,10 +99476,6 @@ index 0000000..cc040f9
+
+- Set files with the varnishlog_initrc_exec_t type, if you want to transition an executable to the varnishlog_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/varnishlog, /etc/rc\.d/init\.d/varnishncsa
+
+.EX
+.PP
@@ -97998,10 +99492,6 @@ index 0000000..cc040f9
+
+- Set files with the varnishlog_var_run_t type, if you want to store the varnishlog files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/varnishncsa\.pid, /var/run/varnishlog\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -98045,17 +99535,19 @@ index 0000000..cc040f9
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), varnishlog(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), varnishlog(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/vbetool_selinux.8 b/man/man8/vbetool_selinux.8
new file mode 100644
-index 0000000..af1a5d0
+index 0000000..b4acdbb
--- /dev/null
+++ b/man/man8/vbetool_selinux.8
-@@ -0,0 +1,115 @@
-+.TH "vbetool_selinux" "8" "vbetool" "dwalsh at redhat.com" "vbetool SELinux Policy documentation"
+@@ -0,0 +1,124 @@
++.TH "vbetool_selinux" "8" "12-10-19" "vbetool" "SELinux Policy documentation for vbetool"
+.SH "NAME"
+vbetool_selinux \- Security Enhanced Linux Policy for the vbetool processes
+.SH "DESCRIPTION"
@@ -98103,6 +99595,13 @@ index 0000000..af1a5d0
+.B setsebool -P vbetool_mmap_zero_ignore 1
+.EE
+
++.PP
++If you want to ignore vbetool mmap_zero errors, you must turn on the vbetool_mmap_zero_ignore boolean.
++
++.EX
++.B setsebool -P vbetool_mmap_zero_ignore 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -98165,19 +99664,21 @@ index 0000000..af1a5d0
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), vbetool(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), vbetool(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/vdagent_selinux.8 b/man/man8/vdagent_selinux.8
new file mode 100644
-index 0000000..f3ddb92
+index 0000000..bc57942
--- /dev/null
+++ b/man/man8/vdagent_selinux.8
-@@ -0,0 +1,128 @@
-+.TH "vdagent_selinux" "8" "vdagent" "dwalsh at redhat.com" "vdagent SELinux Policy documentation"
+@@ -0,0 +1,122 @@
++.TH "vdagent_selinux" "8" "12-10-19" "vdagent" "SELinux Policy documentation for vdagent"
+.SH "NAME"
+vdagent_selinux \- Security Enhanced Linux Policy for the vdagent processes
+.SH "DESCRIPTION"
@@ -98240,10 +99741,6 @@ index 0000000..f3ddb92
+
+- Set files with the vdagent_log_t type, if you want to treat the data as vdagent log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/spice-vdagentd\.log.*, /var/log/spice-vdagentd(/.*)?
+
+.EX
+.PP
@@ -98252,10 +99749,6 @@ index 0000000..f3ddb92
+
+- Set files with the vdagent_var_run_t type, if you want to store the vdagent files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/spice-vdagentd\.pid, /var/run/spice-vdagentd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -98301,17 +99794,19 @@ index 0000000..f3ddb92
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), vdagent(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), vdagent(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/vhostmd_selinux.8 b/man/man8/vhostmd_selinux.8
new file mode 100644
-index 0000000..8704d18
+index 0000000..a53b98e
--- /dev/null
+++ b/man/man8/vhostmd_selinux.8
-@@ -0,0 +1,154 @@
-+.TH "vhostmd_selinux" "8" "vhostmd" "dwalsh at redhat.com" "vhostmd SELinux Policy documentation"
+@@ -0,0 +1,156 @@
++.TH "vhostmd_selinux" "8" "12-10-19" "vhostmd" "SELinux Policy documentation for vhostmd"
+.SH "NAME"
+vhostmd_selinux \- Security Enhanced Linux Policy for the vhostmd processes
+.SH "DESCRIPTION"
@@ -98461,17 +99956,19 @@ index 0000000..8704d18
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), vhostmd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), vhostmd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/virsh_selinux.8 b/man/man8/virsh_selinux.8
new file mode 100644
-index 0000000..45cd61d
+index 0000000..9e65302
--- /dev/null
+++ b/man/man8/virsh_selinux.8
@@ -0,0 +1,186 @@
-+.TH "virsh_selinux" "8" "virsh" "dwalsh at redhat.com" "virsh SELinux Policy documentation"
++.TH "virsh_selinux" "8" "12-10-19" "virsh" "SELinux Policy documentation for virsh"
+.SH "NAME"
+virsh_selinux \- Security Enhanced Linux Policy for the virsh processes
+.SH "DESCRIPTION"
@@ -98489,7 +99986,7 @@ index 0000000..45cd61d
+
+The virsh_t SELinux type can be entered via the "virsh_exec_t" file type. The default entrypoint paths for the virsh_t domain are the following:"
+
-+/usr/bin/virt-sandbox-service.*, /usr/bin/virsh, /usr/sbin/fence_virtd
++/usr/bin/virt-sandbox-service.*, /usr/bin/virsh
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -98526,10 +100023,6 @@ index 0000000..45cd61d
+
+- Set files with the virsh_exec_t type, if you want to transition an executable to the virsh_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/virt-sandbox-service.*, /usr/bin/virsh, /usr/sbin/fence_virtd
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -98547,6 +100040,8 @@ index 0000000..45cd61d
+
+ /root/\.ssh(/.*)?
+.br
++ /var/lib/openshift/[^/]+/\.ssh(/.*)?
++.br
+ /var/lib/amanda/\.ssh(/.*)?
+.br
+ /var/lib/stickshift/[^/]+/\.ssh(/.*)?
@@ -98653,17 +100148,19 @@ index 0000000..45cd61d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), virsh(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), virsh(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/virt_bridgehelper_selinux.8 b/man/man8/virt_bridgehelper_selinux.8
new file mode 100644
-index 0000000..f59570e
+index 0000000..68b941d
--- /dev/null
+++ b/man/man8/virt_bridgehelper_selinux.8
-@@ -0,0 +1,117 @@
-+.TH "virt_bridgehelper_selinux" "8" "virt_bridgehelper" "dwalsh at redhat.com" "virt_bridgehelper SELinux Policy documentation"
+@@ -0,0 +1,119 @@
++.TH "virt_bridgehelper_selinux" "8" "12-10-19" "virt_bridgehelper" "SELinux Policy documentation for virt_bridgehelper"
+.SH "NAME"
+virt_bridgehelper_selinux \- Security Enhanced Linux Policy for the virt_bridgehelper processes
+.SH "DESCRIPTION"
@@ -98775,19 +100272,147 @@ index 0000000..f59570e
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
++
++.SH "SEE ALSO"
++selinux(8), virt_bridgehelper(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
++, virt_qemu_ga_selinux(8), virt_qmf_selinux(8), virtd_selinux(8), virtd_lxc_selinux(8)
+\ No newline at end of file
+diff --git a/man/man8/virt_qemu_ga_selinux.8 b/man/man8/virt_qemu_ga_selinux.8
+new file mode 100644
+index 0000000..980b3bd
+--- /dev/null
++++ b/man/man8/virt_qemu_ga_selinux.8
+@@ -0,0 +1,119 @@
++.TH "virt_qemu_ga_selinux" "8" "12-10-19" "virt_qemu_ga" "SELinux Policy documentation for virt_qemu_ga"
++.SH "NAME"
++virt_qemu_ga_selinux \- Security Enhanced Linux Policy for the virt_qemu_ga processes
++.SH "DESCRIPTION"
++
++Security-Enhanced Linux secures the virt_qemu_ga processes via flexible mandatory access control.
++
++The virt_qemu_ga processes execute with the virt_qemu_ga_t SELinux type. You can check if you have these processes running by executing the \fBps\fP command with the \fB\-Z\fP qualifier.
++
++For example:
++
++.B ps -eZ | grep virt_qemu_ga_t
++
++
++.SH "ENTRYPOINTS"
++
++The virt_qemu_ga_t SELinux type can be entered via the "virt_qemu_ga_exec_t" file type. The default entrypoint paths for the virt_qemu_ga_t domain are the following:"
++
++/usr/bin/qemu-ga
++.SH PROCESS TYPES
++SELinux defines process types (domains) for each process running on the system
++.PP
++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP
++.PP
++Policy governs the access confined processes have to files.
++SELinux virt_qemu_ga policy is very flexible allowing users to setup their virt_qemu_ga processes in as secure a method as possible.
++.PP
++The following process types are defined for virt_qemu_ga:
++
++.EX
++.B virt_qemu_ga_t
++.EE
++.PP
++Note:
++.B semanage permissive -a PROCESS_TYPE
++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
++
++.SH FILE CONTEXTS
++SELinux requires files to have an extended attribute to define the file type.
++.PP
++You can see the context of a file using the \fB\-Z\fP option to \fBls\bP
++.PP
++Policy governs the access confined processes have to these files.
++SELinux virt_qemu_ga policy is very flexible allowing users to setup their virt_qemu_ga processes in as secure a method as possible.
++.PP
++The following file types are defined for virt_qemu_ga:
++
++
++.EX
++.PP
++.B virt_qemu_ga_exec_t
++.EE
++
++- Set files with the virt_qemu_ga_exec_t type, if you want to transition an executable to the virt_qemu_ga_t domain.
++
++
++.EX
++.PP
++.B virt_qemu_ga_log_t
++.EE
++
++- Set files with the virt_qemu_ga_log_t type, if you want to treat the data as virt qemu ga log data, usually stored under the /var/log directory.
++
++
++.EX
++.PP
++.B virt_qemu_ga_var_run_t
++.EE
++
++- Set files with the virt_qemu_ga_var_run_t type, if you want to store the virt qemu ga files under the /run directory.
++
++
++.PP
++Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
++.B semanage fcontext
++command. This will modify the SELinux labeling database. You will need to use
++.B restorecon
++to apply the labels.
++
++.SH "MANAGED FILES"
++
++The SELinux process type virt_qemu_ga_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
++
++.br
++.B virt_qemu_ga_log_t
++
++ /var/log/qemu-ga\.log
++.br
++
++.br
++.B virt_qemu_ga_var_run_t
++
++ /var/run/qemu-ga\.pid
++.br
++
++.SH NSSWITCH DOMAIN
++
++.SH "COMMANDS"
++.B semanage fcontext
++can also be used to manipulate default file context mappings.
++.PP
++.B semanage permissive
++can also be used to manipulate whether or not a process type is permissive.
++.PP
++.B semanage module
++can also be used to enable/disable/install/remove policy modules.
++
++.PP
++.B system-config-selinux
++is a GUI tool available to customize SELinux policy settings.
++
++.SH AUTHOR
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), virt_bridgehelper(8), semanage(8), restorecon(8), chcon(1)
-+, virt_qmf_selinux(8), virtd_selinux(8), virtd_lxc_selinux(8)
++selinux(8), virt_qemu_ga(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
++, virt_bridgehelper_selinux(8), virt_qmf_selinux(8), virtd_selinux(8), virtd_lxc_selinux(8)
\ No newline at end of file
diff --git a/man/man8/virt_qmf_selinux.8 b/man/man8/virt_qmf_selinux.8
new file mode 100644
-index 0000000..d214ebb
+index 0000000..54d2c87
--- /dev/null
+++ b/man/man8/virt_qmf_selinux.8
-@@ -0,0 +1,89 @@
-+.TH "virt_qmf_selinux" "8" "virt_qmf" "dwalsh at redhat.com" "virt_qmf SELinux Policy documentation"
+@@ -0,0 +1,87 @@
++.TH "virt_qmf_selinux" "8" "12-10-19" "virt_qmf" "SELinux Policy documentation for virt_qmf"
+.SH "NAME"
+virt_qmf_selinux \- Security Enhanced Linux Policy for the virt_qmf processes
+.SH "DESCRIPTION"
@@ -98850,10 +100475,6 @@ index 0000000..d214ebb
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type virt_qmf_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -98871,19 +100492,21 @@ index 0000000..d214ebb
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), virt_qmf(8), semanage(8), restorecon(8), chcon(1)
-+, virt_bridgehelper_selinux(8), virtd_selinux(8), virtd_lxc_selinux(8)
++selinux(8), virt_qmf(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
++, virt_bridgehelper_selinux(8), virt_qemu_ga_selinux(8), virtd_selinux(8), virtd_lxc_selinux(8)
\ No newline at end of file
diff --git a/man/man8/virtd_lxc_selinux.8 b/man/man8/virtd_lxc_selinux.8
new file mode 100644
-index 0000000..b30a56c
+index 0000000..42d07e1
--- /dev/null
+++ b/man/man8/virtd_lxc_selinux.8
-@@ -0,0 +1,143 @@
-+.TH "virtd_lxc_selinux" "8" "virtd_lxc" "dwalsh at redhat.com" "virtd_lxc SELinux Policy documentation"
+@@ -0,0 +1,145 @@
++.TH "virtd_lxc_selinux" "8" "12-10-19" "virtd_lxc" "SELinux Policy documentation for virtd_lxc"
+.SH "NAME"
+virtd_lxc_selinux \- Security Enhanced Linux Policy for the virtd_lxc processes
+.SH "DESCRIPTION"
@@ -99021,19 +100644,21 @@ index 0000000..b30a56c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), virtd_lxc(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), virtd_lxc(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, virtd_selinux(8), virtd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/virtd_selinux.8 b/man/man8/virtd_selinux.8
new file mode 100644
-index 0000000..f211332
+index 0000000..e0e99d6
--- /dev/null
+++ b/man/man8/virtd_selinux.8
-@@ -0,0 +1,456 @@
-+.TH "virtd_selinux" "8" "virtd" "dwalsh at redhat.com" "virtd SELinux Policy documentation"
+@@ -0,0 +1,539 @@
++.TH "virtd_selinux" "8" "12-10-19" "virtd" "SELinux Policy documentation for virtd"
+.SH "NAME"
+virtd_selinux \- Security Enhanced Linux Policy for the virtd processes
+.SH "DESCRIPTION"
@@ -99051,7 +100676,7 @@ index 0000000..f211332
+
+The virtd_t SELinux type can be entered via the "virtd_exec_t" file type. The default entrypoint paths for the virtd_t domain are the following:"
+
-+/usr/sbin/condor_vm-gahp, /usr/bin/imagefactory, /usr/bin/vios-proxy-host, /usr/bin/imgfac\.py, /usr/bin/vios-proxy-guest, /usr/bin/nova-compute, /usr/sbin/libvirtd
++/usr/sbin/libvirtd, /usr/bin/imgfac\.py, /usr/bin/imagefactory, /usr/bin/nova-compute, /usr/sbin/condor_vm-gahp, /usr/bin/vios-proxy-host, /usr/bin/vios-proxy-guest
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -99063,7 +100688,7 @@ index 0000000..f211332
+The following process types are defined for virtd:
+
+.EX
-+.B virtd_lxc_t, virt_qmf_t, virt_bridgehelper_t, virtd_t
++.B virtd_lxc_t, virt_qmf_t, virt_qemu_ga_t, virt_bridgehelper_t, virtd_t
+.EE
+.PP
+Note:
@@ -99075,10 +100700,17 @@ index 0000000..f211332
+
+
+.PP
-+If you want to allow staff user to create and transition to svirt domains, you must turn on the staff_use_svirt boolean.
++If you want to allow confined virtual guests to manage device configuration, (pci), you must turn on the virt_use_sysfs boolean.
+
+.EX
-+.B setsebool -P staff_use_svirt 1
++.B setsebool -P virt_use_sysfs 1
++.EE
++
++.PP
++If you want to allow unprivledged user to create and transition to svirt domains, you must turn on the unprivuser_use_svirt boolean.
++
++.EX
++.B setsebool -P unprivuser_use_svirt 1
+.EE
+
+.PP
@@ -99089,6 +100721,20 @@ index 0000000..f211332
+.EE
+
+.PP
++If you want to allow confined virtual guests to manage cifs files, you must turn on the virt_use_samba boolean.
++
++.EX
++.B setsebool -P virt_use_samba 1
++.EE
++
++.PP
++If you want to allow confined virtual guests to use usb devices, you must turn on the virt_use_usb boolean.
++
++.EX
++.B setsebool -P virt_use_usb 1
++.EE
++
++.PP
+If you want to allow confined virtual guests to use serial/parallel communication ports, you must turn on the virt_use_comm boolean.
+
+.EX
@@ -99103,6 +100749,34 @@ index 0000000..f211332
+.EE
+
+.PP
++If you want to allow staff user to create and transition to svirt domains, you must turn on the staff_use_svirt boolean.
++
++.EX
++.B setsebool -P staff_use_svirt 1
++.EE
++
++.PP
++If you want to allow confined virtual guests to read fuse files, you must turn on the virt_use_fusefs boolean.
++
++.EX
++.B setsebool -P virt_use_fusefs 1
++.EE
++
++.PP
++If you want to allow confined virtual guests to use executable memory and executable stack, you must turn on the virt_use_execmem boolean.
++
++.EX
++.B setsebool -P virt_use_execmem 1
++.EE
++
++.PP
++If you want to allow confined virtual guests to interact with the sanlock, you must turn on the virt_use_sanlock boolean.
++
++.EX
++.B setsebool -P virt_use_sanlock 1
++.EE
++
++.PP
+If you want to allow confined virtual guests to manage device configuration, (pci), you must turn on the virt_use_sysfs boolean.
+
+.EX
@@ -99117,17 +100791,45 @@ index 0000000..f211332
+.EE
+
+.PP
-+If you want to allow confined virtual guests to interact with the sanlock, you must turn on the virt_use_sanlock boolean.
++If you want to allow confined virtual guests to manage nfs files, you must turn on the virt_use_nfs boolean.
+
+.EX
-+.B setsebool -P virt_use_sanlock 1
++.B setsebool -P virt_use_nfs 1
+.EE
+
+.PP
-+If you want to allow confined virtual guests to use executable memory and executable stack, you must turn on the virt_use_execmem boolean.
++If you want to allow confined virtual guests to manage cifs files, you must turn on the virt_use_samba boolean.
+
+.EX
-+.B setsebool -P virt_use_execmem 1
++.B setsebool -P virt_use_samba 1
++.EE
++
++.PP
++If you want to allow confined virtual guests to use usb devices, you must turn on the virt_use_usb boolean.
++
++.EX
++.B setsebool -P virt_use_usb 1
++.EE
++
++.PP
++If you want to allow confined virtual guests to use serial/parallel communication ports, you must turn on the virt_use_comm boolean.
++
++.EX
++.B setsebool -P virt_use_comm 1
++.EE
++
++.PP
++If you want to allow confined virtual guests to interact with the xserver, you must turn on the virt_use_xserver boolean.
++
++.EX
++.B setsebool -P virt_use_xserver 1
++.EE
++
++.PP
++If you want to allow staff user to create and transition to svirt domains, you must turn on the staff_use_svirt boolean.
++
++.EX
++.B setsebool -P staff_use_svirt 1
+.EE
+
+.PP
@@ -99138,17 +100840,17 @@ index 0000000..f211332
+.EE
+
+.PP
-+If you want to allow confined virtual guests to use usb devices, you must turn on the virt_use_usb boolean.
++If you want to allow confined virtual guests to use executable memory and executable stack, you must turn on the virt_use_execmem boolean.
+
+.EX
-+.B setsebool -P virt_use_usb 1
++.B setsebool -P virt_use_execmem 1
+.EE
+
+.PP
-+If you want to allow confined virtual guests to manage cifs files, you must turn on the virt_use_samba boolean.
++If you want to allow confined virtual guests to interact with the sanlock, you must turn on the virt_use_sanlock boolean.
+
+.EX
-+.B setsebool -P virt_use_samba 1
++.B setsebool -P virt_use_sanlock 1
+.EE
+
+.SH FILE CONTEXTS
@@ -99169,10 +100871,6 @@ index 0000000..f211332
+
+- Set files with the virtd_exec_t type, if you want to transition an executable to the virtd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/condor_vm-gahp, /usr/bin/imagefactory, /usr/bin/vios-proxy-host, /usr/bin/imgfac\.py, /usr/bin/vios-proxy-guest, /usr/bin/nova-compute, /usr/sbin/libvirtd
+
+.EX
+.PP
@@ -99198,6 +100896,14 @@ index 0000000..f211332
+- Set files with the virtd_lxc_exec_t type, if you want to transition an executable to the virtd_lxc_t domain.
+
+
++.EX
++.PP
++.B virtd_unit_file_t
++.EE
++
++- Set files with the virtd_unit_file_t type, if you want to treat the files as virtd unit content.
++
++
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
+.B semanage fcontext
@@ -99484,19 +101190,21 @@ index 0000000..f211332
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), virtd(8), semanage(8), restorecon(8), chcon(1)
-+, setsebool(8), virt_bridgehelper_selinux(8), virt_qmf_selinux(8), virtd_lxc_selinux(8)
++selinux(8), virtd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
++, setsebool(8), virt_bridgehelper_selinux(8), virt_qemu_ga_selinux(8), virt_qmf_selinux(8), virtd_lxc_selinux(8)
\ No newline at end of file
diff --git a/man/man8/vlock_selinux.8 b/man/man8/vlock_selinux.8
new file mode 100644
-index 0000000..c6faa2d
+index 0000000..1cff758
--- /dev/null
+++ b/man/man8/vlock_selinux.8
-@@ -0,0 +1,128 @@
-+.TH "vlock_selinux" "8" "vlock" "dwalsh at redhat.com" "vlock SELinux Policy documentation"
+@@ -0,0 +1,130 @@
++.TH "vlock_selinux" "8" "12-10-19" "vlock" "SELinux Policy documentation for vlock"
+.SH "NAME"
+vlock_selinux \- Security Enhanced Linux Policy for the vlock processes
+.SH "DESCRIPTION"
@@ -99620,17 +101328,19 @@ index 0000000..c6faa2d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), vlock(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), vlock(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/vmware_host_selinux.8 b/man/man8/vmware_host_selinux.8
new file mode 100644
-index 0000000..2e6c4ce
+index 0000000..fc02428
--- /dev/null
+++ b/man/man8/vmware_host_selinux.8
-@@ -0,0 +1,141 @@
-+.TH "vmware_host_selinux" "8" "vmware_host" "dwalsh at redhat.com" "vmware_host SELinux Policy documentation"
+@@ -0,0 +1,139 @@
++.TH "vmware_host_selinux" "8" "12-10-19" "vmware_host" "SELinux Policy documentation for vmware_host"
+.SH "NAME"
+vmware_host_selinux \- Security Enhanced Linux Policy for the vmware_host processes
+.SH "DESCRIPTION"
@@ -99648,7 +101358,7 @@ index 0000000..2e6c4ce
+
+The vmware_host_t SELinux type can be entered via the "vmware_host_exec_t" file type. The default entrypoint paths for the vmware_host_t domain are the following:"
+
-+/usr/bin/vmware-smbpasswd\.bin, /usr/bin/vmware-smbd, /usr/lib/vmware-tools/sbin64/vmware.*, /usr/bin/vmnet-dhcpd, /usr/bin/vmnet-bridge, /usr/bin/vmware-nmbd, /usr/bin/vmnet-netifup, /usr/sbin/vmware-guest.*, /usr/bin/vmnet-natd, /usr/bin/vmware-vmx, /usr/bin/vmware-network, /usr/bin/vmnet-sniffer, /usr/bin/vmware-smbpasswd, /usr/lib/vmware-tools/sbin32/vmware.*, /usr/lib/vmware/bin/vmware-vmx
++/usr/sbin/vmware-guest.*, /usr/lib/vmware-tools/sbin32/vmware.*, /usr/lib/vmware-tools/sbin64/vmware.*, /usr/bin/vmnet-natd, /usr/bin/vmware-vmx, /usr/bin/vmnet-dhcpd, /usr/bin/vmware-nmbd, /usr/bin/vmware-smbd, /usr/bin/vmnet-bridge, /usr/bin/vmnet-netifup, /usr/bin/vmnet-sniffer, /usr/bin/vmware-network, /usr/bin/vmware-smbpasswd, /usr/bin/vmware-smbpasswd\.bin, /usr/lib/vmware/bin/vmware-vmx
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -99685,10 +101395,6 @@ index 0000000..2e6c4ce
+
+- Set files with the vmware_host_exec_t type, if you want to transition an executable to the vmware_host_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/vmware-smbpasswd\.bin, /usr/bin/vmware-smbd, /usr/lib/vmware-tools/sbin64/vmware.*, /usr/bin/vmnet-dhcpd, /usr/bin/vmnet-bridge, /usr/bin/vmware-nmbd, /usr/bin/vmnet-netifup, /usr/sbin/vmware-guest.*, /usr/bin/vmnet-natd, /usr/bin/vmware-vmx, /usr/bin/vmware-network, /usr/bin/vmnet-sniffer, /usr/bin/vmware-smbpasswd, /usr/lib/vmware-tools/sbin32/vmware.*, /usr/lib/vmware/bin/vmware-vmx
+
+.EX
+.PP
@@ -99766,19 +101472,21 @@ index 0000000..2e6c4ce
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), vmware_host(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), vmware_host(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, vmware_selinux(8), vmware_selinux(8)
\ No newline at end of file
diff --git a/man/man8/vmware_selinux.8 b/man/man8/vmware_selinux.8
new file mode 100644
-index 0000000..d479e7b
+index 0000000..64c56d2
--- /dev/null
+++ b/man/man8/vmware_selinux.8
-@@ -0,0 +1,255 @@
-+.TH "vmware_selinux" "8" "vmware" "dwalsh at redhat.com" "vmware SELinux Policy documentation"
+@@ -0,0 +1,241 @@
++.TH "vmware_selinux" "8" "12-10-19" "vmware" "SELinux Policy documentation for vmware"
+.SH "NAME"
+vmware_selinux \- Security Enhanced Linux Policy for the vmware processes
+.SH "DESCRIPTION"
@@ -99796,7 +101504,7 @@ index 0000000..d479e7b
+
+The vmware_t SELinux type can be entered via the "vmware_exec_t" file type. The default entrypoint paths for the vmware_t domain are the following:"
+
-+/usr/lib/vmware/bin/vmware-mks, /usr/lib/vmware/bin/vmplayer, /usr/bin/vmware-ping, /usr/lib/vmware/bin/vmware-ui, /usr/sbin/vmware-serverd, /usr/bin/vmware-wizard, /usr/bin/vmware
++/usr/bin/vmware, /usr/bin/vmware-ping, /usr/bin/vmware-wizard, /usr/sbin/vmware-serverd, /usr/lib/vmware/bin/vmplayer, /usr/lib/vmware/bin/vmware-ui, /usr/lib/vmware/bin/vmware-mks
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -99841,10 +101549,6 @@ index 0000000..d479e7b
+
+- Set files with the vmware_exec_t type, if you want to transition an executable to the vmware_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/vmware/bin/vmware-mks, /usr/lib/vmware/bin/vmplayer, /usr/bin/vmware-ping, /usr/lib/vmware/bin/vmware-ui, /usr/sbin/vmware-serverd, /usr/bin/vmware-wizard, /usr/bin/vmware
+
+.EX
+.PP
@@ -99861,10 +101565,6 @@ index 0000000..d479e7b
+
+- Set files with the vmware_host_exec_t type, if you want to transition an executable to the vmware_host_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/vmware-smbpasswd\.bin, /usr/bin/vmware-smbd, /usr/lib/vmware-tools/sbin64/vmware.*, /usr/bin/vmnet-dhcpd, /usr/bin/vmnet-bridge, /usr/bin/vmware-nmbd, /usr/bin/vmnet-netifup, /usr/sbin/vmware-guest.*, /usr/bin/vmnet-natd, /usr/bin/vmware-vmx, /usr/bin/vmware-network, /usr/bin/vmnet-sniffer, /usr/bin/vmware-smbpasswd, /usr/lib/vmware-tools/sbin32/vmware.*, /usr/lib/vmware/bin/vmware-vmx
+
+.EX
+.PP
@@ -99889,10 +101589,6 @@ index 0000000..d479e7b
+
+- Set files with the vmware_log_t type, if you want to treat the data as vmware log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/vmware.*, /var/log/vnetlib.*
+
+.EX
+.PP
@@ -99909,10 +101605,6 @@ index 0000000..d479e7b
+
+- Set files with the vmware_sys_conf_t type, if you want to treat the files as vmware sys configuration data, usually stored under the /etc directory.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/vmware/config, /etc/vmware.*(/.*)?
+
+.EX
+.PP
@@ -100028,19 +101720,21 @@ index 0000000..d479e7b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), vmware(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), vmware(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, vmware_host_selinux(8)
\ No newline at end of file
diff --git a/man/man8/vnstat_selinux.8 b/man/man8/vnstat_selinux.8
new file mode 100644
-index 0000000..35d8b26
+index 0000000..9a54b5e
--- /dev/null
+++ b/man/man8/vnstat_selinux.8
-@@ -0,0 +1,119 @@
-+.TH "vnstat_selinux" "8" "vnstat" "dwalsh at redhat.com" "vnstat SELinux Policy documentation"
+@@ -0,0 +1,121 @@
++.TH "vnstat_selinux" "8" "12-10-19" "vnstat" "SELinux Policy documentation for vnstat"
+.SH "NAME"
+vnstat_selinux \- Security Enhanced Linux Policy for the vnstat processes
+.SH "DESCRIPTION"
@@ -100154,19 +101848,21 @@ index 0000000..35d8b26
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), vnstat(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), vnstat(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, vnstatd_selinux(8)
\ No newline at end of file
diff --git a/man/man8/vnstatd_selinux.8 b/man/man8/vnstatd_selinux.8
new file mode 100644
-index 0000000..1508939
+index 0000000..7d31897
--- /dev/null
+++ b/man/man8/vnstatd_selinux.8
-@@ -0,0 +1,117 @@
-+.TH "vnstatd_selinux" "8" "vnstatd" "dwalsh at redhat.com" "vnstatd SELinux Policy documentation"
+@@ -0,0 +1,119 @@
++.TH "vnstatd_selinux" "8" "12-10-19" "vnstatd" "SELinux Policy documentation for vnstatd"
+.SH "NAME"
+vnstatd_selinux \- Security Enhanced Linux Policy for the vnstatd processes
+.SH "DESCRIPTION"
@@ -100278,19 +101974,21 @@ index 0000000..1508939
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), vnstatd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), vnstatd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, vnstat_selinux(8), vnstat_selinux(8)
\ No newline at end of file
diff --git a/man/man8/vpnc_selinux.8 b/man/man8/vpnc_selinux.8
new file mode 100644
-index 0000000..d2851b0
+index 0000000..b7abe7c
--- /dev/null
+++ b/man/man8/vpnc_selinux.8
-@@ -0,0 +1,158 @@
-+.TH "vpnc_selinux" "8" "vpnc" "dwalsh at redhat.com" "vpnc SELinux Policy documentation"
+@@ -0,0 +1,156 @@
++.TH "vpnc_selinux" "8" "12-10-19" "vpnc" "SELinux Policy documentation for vpnc"
+.SH "NAME"
+vpnc_selinux \- Security Enhanced Linux Policy for the vpnc processes
+.SH "DESCRIPTION"
@@ -100308,7 +102006,7 @@ index 0000000..d2851b0
+
+The vpnc_t SELinux type can be entered via the "vpnc_exec_t" file type. The default entrypoint paths for the vpnc_t domain are the following:"
+
-+/usr/sbin/vpnc, /usr/bin/openconnect, /sbin/vpnc
++/sbin/vpnc, /usr/sbin/vpnc, /usr/bin/openconnect
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -100345,10 +102043,6 @@ index 0000000..d2851b0
+
+- Set files with the vpnc_exec_t type, if you want to transition an executable to the vpnc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/vpnc, /usr/bin/openconnect, /sbin/vpnc
+
+.EX
+.PP
@@ -100444,17 +102138,19 @@ index 0000000..d2851b0
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), vpnc(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), vpnc(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/wdmd_selinux.8 b/man/man8/wdmd_selinux.8
new file mode 100644
-index 0000000..abbd5ba
+index 0000000..5eeb4a0
--- /dev/null
+++ b/man/man8/wdmd_selinux.8
-@@ -0,0 +1,136 @@
-+.TH "wdmd_selinux" "8" "wdmd" "dwalsh at redhat.com" "wdmd SELinux Policy documentation"
+@@ -0,0 +1,138 @@
++.TH "wdmd_selinux" "8" "12-10-19" "wdmd" "SELinux Policy documentation for wdmd"
+.SH "NAME"
+wdmd_selinux \- Security Enhanced Linux Policy for the wdmd processes
+.SH "DESCRIPTION"
@@ -100586,16 +102282,18 @@ index 0000000..abbd5ba
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), wdmd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), wdmd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/webadm_selinux.8 b/man/man8/webadm_selinux.8
new file mode 100644
-index 0000000..7c0b82c
+index 0000000..77cab75
--- /dev/null
+++ b/man/man8/webadm_selinux.8
-@@ -0,0 +1,240 @@
+@@ -0,0 +1,253 @@
+.TH "webadm_selinux" "8" "webadm" "mgrepl at redhat.com" "webadm SELinux Policy documentation"
+.SH "NAME"
+webadm_r \- \fBWeb administrator role\fP - Security Enhanced Linux Policy
@@ -100638,20 +102336,18 @@ index 0000000..7c0b82c
+.B $ semanage user -m -R 'staff_r system_r webadm_r' staff_u
+
+
-+
-+SELinux policy also controls which roles can transition to a different role.
-+You can list these rules using the following command.
-+
-+.B sesearch --role_allow
-+
-+SELinux policy allows the staff_r, unconfined_r roles can transition to the webadm_r role.
-+
-+
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. webadm policy is extremely flexible and has several booleans that allow you to manipulate the policy and run webadm with the tightest access possible.
+
+
+.PP
++If you want to allow webadm to manage files in users home directories, you must turn on the webadm_manage_user_files boolean.
++
++.EX
++.B setsebool -P webadm_manage_user_files 1
++.EE
++
++.PP
+If you want to allow webadm to read files in users home directories, you must turn on the webadm_read_user_files boolean.
+
+.EX
@@ -100665,6 +102361,13 @@ index 0000000..7c0b82c
+.B setsebool -P webadm_manage_user_files 1
+.EE
+
++.PP
++If you want to allow webadm to read files in users home directories, you must turn on the webadm_read_user_files boolean.
++
++.EX
++.B setsebool -P webadm_read_user_files 1
++.EE
++
+.SH "MANAGED FILES"
+
+The SELinux process type webadm_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
@@ -100682,6 +102385,8 @@ index 0000000..7c0b82c
+.br
+ /etc/apache-ssl(2)?(/.*)?
+.br
++ /var/lib/openshift/.httpd.d(/.*)?
++.br
+ /var/lib/stickshift/.httpd.d(/.*)?
+.br
+ /etc/vhosts
@@ -100813,6 +102518,10 @@ index 0000000..7c0b82c
+ /var/lock
+.br
+
++.br
++.B webadm_tmp_t
++
++
+.SH "COMMANDS"
+.B semanage fcontext
+can also be used to manipulate default file context mappings.
@@ -100831,19 +102540,21 @@ index 0000000..7c0b82c
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), webadm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), webadm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/webalizer_selinux.8 b/man/man8/webalizer_selinux.8
new file mode 100644
-index 0000000..cefec7b
+index 0000000..d4386c3
--- /dev/null
+++ b/man/man8/webalizer_selinux.8
-@@ -0,0 +1,200 @@
-+.TH "webalizer_selinux" "8" "webalizer" "dwalsh at redhat.com" "webalizer SELinux Policy documentation"
+@@ -0,0 +1,198 @@
++.TH "webalizer_selinux" "8" "12-10-19" "webalizer" "SELinux Policy documentation for webalizer"
+.SH "NAME"
+webalizer_selinux \- Security Enhanced Linux Policy for the webalizer processes
+.SH "DESCRIPTION"
@@ -100861,7 +102572,7 @@ index 0000000..cefec7b
+
+The webalizer_t SELinux type can be entered via the "webalizer_exec_t" file type. The default entrypoint paths for the webalizer_t domain are the following:"
+
-+/usr/bin/webalizer, /usr/bin/awffull
++/usr/bin/awffull, /usr/bin/webalizer
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -100906,10 +102617,6 @@ index 0000000..cefec7b
+
+- Set files with the webalizer_exec_t type, if you want to transition an executable to the webalizer_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/webalizer, /usr/bin/awffull
+
+.EX
+.PP
@@ -101039,17 +102746,19 @@ index 0000000..cefec7b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), webalizer(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), webalizer(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/winbind_helper_selinux.8 b/man/man8/winbind_helper_selinux.8
new file mode 100644
-index 0000000..e2f59d4
+index 0000000..a048e23
--- /dev/null
+++ b/man/man8/winbind_helper_selinux.8
-@@ -0,0 +1,103 @@
-+.TH "winbind_helper_selinux" "8" "winbind_helper" "dwalsh at redhat.com" "winbind_helper SELinux Policy documentation"
+@@ -0,0 +1,101 @@
++.TH "winbind_helper_selinux" "8" "12-10-19" "winbind_helper" "SELinux Policy documentation for winbind_helper"
+.SH "NAME"
+winbind_helper_selinux \- Security Enhanced Linux Policy for the winbind_helper processes
+.SH "DESCRIPTION"
@@ -101112,10 +102821,6 @@ index 0000000..e2f59d4
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type winbind_helper_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -101147,19 +102852,21 @@ index 0000000..e2f59d4
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), winbind_helper(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), winbind_helper(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, winbind_selinux(8), winbind_selinux(8)
\ No newline at end of file
diff --git a/man/man8/winbind_selinux.8 b/man/man8/winbind_selinux.8
new file mode 100644
-index 0000000..0ccdd85
+index 0000000..7d48706
--- /dev/null
+++ b/man/man8/winbind_selinux.8
-@@ -0,0 +1,279 @@
-+.TH "winbind_selinux" "8" "winbind" "dwalsh at redhat.com" "winbind SELinux Policy documentation"
+@@ -0,0 +1,284 @@
++.TH "winbind_selinux" "8" "12-10-19" "winbind" "SELinux Policy documentation for winbind"
+.SH "NAME"
+winbind_selinux \- Security Enhanced Linux Policy for the winbind processes
+.SH "DESCRIPTION"
@@ -101207,6 +102914,13 @@ index 0000000..0ccdd85
+.B setsebool -P httpd_mod_auth_ntlm_winbind 1
+.EE
+
++.PP
++If you want to allow Apache to use mod_auth_ntlm_winbind, you must turn on the httpd_mod_auth_ntlm_winbind boolean.
++
++.EX
++.B setsebool -P httpd_mod_auth_ntlm_winbind 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -101249,10 +102963,6 @@ index 0000000..0ccdd85
+
+- Set files with the winbind_var_run_t type, if you want to store the winbind files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/cache/samba/winbindd_privileged(/.*)?, /var/lib/samba/winbindd_privileged(/.*)?, /var/run/winbindd(/.*)?, /var/run/samba/winbindd(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -101433,19 +103143,21 @@ index 0000000..0ccdd85
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), winbind(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), winbind(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), winbind_helper_selinux(8)
\ No newline at end of file
diff --git a/man/man8/wine_selinux.8 b/man/man8/wine_selinux.8
new file mode 100644
-index 0000000..425eeb1
+index 0000000..a0328a5
--- /dev/null
+++ b/man/man8/wine_selinux.8
-@@ -0,0 +1,119 @@
-+.TH "wine_selinux" "8" "wine" "dwalsh at redhat.com" "wine SELinux Policy documentation"
+@@ -0,0 +1,124 @@
++.TH "wine_selinux" "8" "12-10-19" "wine" "SELinux Policy documentation for wine"
+.SH "NAME"
+wine_selinux \- Security Enhanced Linux Policy for the wine processes
+.SH "DESCRIPTION"
@@ -101463,7 +103175,7 @@ index 0000000..425eeb1
+
+The wine_t SELinux type can be entered via the "wine_exec_t" file type. The default entrypoint paths for the wine_t domain are the following:"
+
-+/opt/google/picasa(/.*)?/bin/msiexec, /usr/bin/regedit, /opt/google/picasa(/.*)?/bin/wine.*, /opt/google/picasa(/.*)?/bin/notepad, /opt/google/picasa(/.*)?/bin/regedit, /usr/bin/regsvr32, /usr/bin/uninstaller, /opt/google/picasa(/.*)?/bin/uninstaller, /opt/google/picasa(/.*)?/bin/wdi, /opt/google/picasa(/.*)?/bin/regsvr32, /usr/bin/msiexec, /opt/google/picasa(/.*)?/Picasa3/.*exe, /opt/teamviewer(/.*)?/bin/wine.*, /usr/bin/wine.*, /opt/google/picasa(/.*)?/bin/progman, /opt/picasa/wine/bin/wine.*, /usr/bin/notepad, /opt/cxoffice/bin/wine.*
++/usr/bin/wine.*, /opt/teamviewer(/.*)?/bin/wine.*, /opt/google/picasa(/.*)?/bin/wdi, /opt/google/picasa(/.*)?/bin/wine.*, /opt/google/picasa(/.*)?/bin/msiexec, /opt/google/picasa(/.*)?/bin/notepad, /opt/google/picasa(/.*)?/bin/progman, /opt/google/picasa(/.*)?/bin/regedit, /opt/google/picasa(/.*)?/bin/regsvr32, /opt/google/picasa(/.*)?/Picasa3/.*exe, /opt/google/picasa(/.*)?/bin/uninstaller, /opt/cxoffice/bin/wine.*, /opt/picasa/wine/bin/wine.*, /usr/bin/msiexec, /usr/bin/notepad, /usr/bin/regedit, /usr/bin/regsvr32, /usr/bin/uninstaller, /home/[^/]*/cxoffice/bin/wine.+, /home/dwalsh/cxoffice/bin/wine.+, /var/lib/xguest/home/xguest/cxoffice/bin/wine.+
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -101493,6 +103205,13 @@ index 0000000..425eeb1
+.B setsebool -P wine_mmap_zero_ignore 1
+.EE
+
++.PP
++If you want to ignore wine mmap_zero errors, you must turn on the wine_mmap_zero_ignore boolean.
++
++.EX
++.B setsebool -P wine_mmap_zero_ignore 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -101511,10 +103230,6 @@ index 0000000..425eeb1
+
+- Set files with the wine_exec_t type, if you want to transition an executable to the wine_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/opt/google/picasa(/.*)?/bin/msiexec, /usr/bin/regedit, /opt/google/picasa(/.*)?/bin/wine.*, /opt/google/picasa(/.*)?/bin/notepad, /opt/google/picasa(/.*)?/bin/regedit, /usr/bin/regsvr32, /usr/bin/uninstaller, /opt/google/picasa(/.*)?/bin/uninstaller, /opt/google/picasa(/.*)?/bin/wdi, /opt/google/picasa(/.*)?/bin/regsvr32, /usr/bin/msiexec, /opt/google/picasa(/.*)?/Picasa3/.*exe, /opt/teamviewer(/.*)?/bin/wine.*, /usr/bin/wine.*, /opt/google/picasa(/.*)?/bin/progman, /opt/picasa/wine/bin/wine.*, /usr/bin/notepad, /opt/cxoffice/bin/wine.*
+
+.EX
+.PP
@@ -101559,19 +103274,21 @@ index 0000000..425eeb1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), wine(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), wine(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/wireshark_selinux.8 b/man/man8/wireshark_selinux.8
new file mode 100644
-index 0000000..f5cf304
+index 0000000..dfa7811
--- /dev/null
+++ b/man/man8/wireshark_selinux.8
-@@ -0,0 +1,182 @@
-+.TH "wireshark_selinux" "8" "wireshark" "dwalsh at redhat.com" "wireshark SELinux Policy documentation"
+@@ -0,0 +1,184 @@
++.TH "wireshark_selinux" "8" "12-10-19" "wireshark" "SELinux Policy documentation for wireshark"
+.SH "NAME"
+wireshark_selinux \- Security Enhanced Linux Policy for the wireshark processes
+.SH "DESCRIPTION"
@@ -101749,17 +103466,19 @@ index 0000000..f5cf304
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), wireshark(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), wireshark(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/wpa_cli_selinux.8 b/man/man8/wpa_cli_selinux.8
new file mode 100644
-index 0000000..d8311e2
+index 0000000..26b065f
--- /dev/null
+++ b/man/man8/wpa_cli_selinux.8
-@@ -0,0 +1,92 @@
-+.TH "wpa_cli_selinux" "8" "wpa_cli" "dwalsh at redhat.com" "wpa_cli SELinux Policy documentation"
+@@ -0,0 +1,86 @@
++.TH "wpa_cli_selinux" "8" "12-10-19" "wpa_cli" "SELinux Policy documentation for wpa_cli"
+.SH "NAME"
+wpa_cli_selinux \- Security Enhanced Linux Policy for the wpa_cli processes
+.SH "DESCRIPTION"
@@ -101777,7 +103496,7 @@ index 0000000..d8311e2
+
+The wpa_cli_t SELinux type can be entered via the "wpa_cli_exec_t" file type. The default entrypoint paths for the wpa_cli_t domain are the following:"
+
-+/usr/sbin/wpa_cli, /sbin/wpa_cli
++/sbin/wpa_cli, /usr/sbin/wpa_cli
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -101814,10 +103533,6 @@ index 0000000..d8311e2
+
+- Set files with the wpa_cli_exec_t type, if you want to transition an executable to the wpa_cli_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/wpa_cli, /sbin/wpa_cli
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -101826,10 +103541,6 @@ index 0000000..d8311e2
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type wpa_cli_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.SH "COMMANDS"
@@ -101847,17 +103558,19 @@ index 0000000..d8311e2
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), wpa_cli(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), wpa_cli(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/xauth_selinux.8 b/man/man8/xauth_selinux.8
new file mode 100644
-index 0000000..a4c3a32
+index 0000000..d099d7f
--- /dev/null
+++ b/man/man8/xauth_selinux.8
-@@ -0,0 +1,238 @@
-+.TH "xauth_selinux" "8" "xauth" "dwalsh at redhat.com" "xauth SELinux Policy documentation"
+@@ -0,0 +1,232 @@
++.TH "xauth_selinux" "8" "12-10-19" "xauth" "SELinux Policy documentation for xauth"
+.SH "NAME"
+xauth_selinux \- Security Enhanced Linux Policy for the xauth processes
+.SH "DESCRIPTION"
@@ -101912,10 +103625,6 @@ index 0000000..a4c3a32
+
+- Set files with the xauth_exec_t type, if you want to transition an executable to the xauth_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/xauth, /usr/X11R6/bin/xauth
+
+.EX
+.PP
@@ -101924,10 +103633,6 @@ index 0000000..a4c3a32
+
+- Set files with the xauth_home_t type, if you want to store xauth files in the users home directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/nxserver/home/\.Xauthority.*, /var/lib/nxserver/home/\.xauth.*, /root/\.Xauth.*, /root/\.Xauthority.*, /root/\.serverauth.*, /var/lib/pqsql/\.Xauthority.*, /root/\.xauth.*, /var/lib/pqsql/\.xauth.*
+
+.EX
+.PP
@@ -102091,17 +103796,19 @@ index 0000000..a4c3a32
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), xauth(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), xauth(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/xdm_selinux.8 b/man/man8/xdm_selinux.8
new file mode 100644
-index 0000000..fc348ab
+index 0000000..f38969d
--- /dev/null
+++ b/man/man8/xdm_selinux.8
-@@ -0,0 +1,772 @@
-+.TH "xdm_selinux" "8" "xdm" "dwalsh at redhat.com" "xdm SELinux Policy documentation"
+@@ -0,0 +1,758 @@
++.TH "xdm_selinux" "8" "12-10-19" "xdm" "SELinux Policy documentation for xdm"
+.SH "NAME"
+xdm_selinux \- Security Enhanced Linux Policy for the xdm processes
+.SH "DESCRIPTION"
@@ -102119,7 +103826,7 @@ index 0000000..fc348ab
+
+The xdm_t SELinux type can be entered via the "xdm_exec_t,bin_t" file types. The default entrypoint paths for the xdm_t domain are the following:"
+
-+/usr/bin/slim, /usr/(s)?bin/lightdm*, /usr/(s)?bin/[mxgkw]dm, /usr/sbin/mdm-binary, /usr/(s)?bin/lxdm(-binary)?, /usr/X11R6/bin/[xgkw]dm, /usr/(s)?bin/gdm-binary, /usr/bin/gpe-dm, /opt/kde3/bin/kdm, /etc/ppp/ip-up\..*, /usr/lib/vmware-tools/(s)?bin32(/.*)?, /usr/lib/virtualbox/VBoxManage, /usr/lib/.*/scripts(/.*)?, /etc/ppp/ip-down\..*, /usr/share/system-config-netboot/system-config-netboot\.py, /usr/share/shorewall-perl(/.*)?, /usr/Brother(/.*)?, /usr/share/doc/ghc/html/libraries/gen_contents_index, /usr/lib/mailman.*/mail(/.*)?, /usr/lib/[^/]*thunderbird[^/]*/open-browser\.sh, /usr/share/cluster/ocf-shellfuncs, /bin, /usr/lib/.*/program(/.*)?, /usr/lib/security/pam_krb5/pam_krb5_storetmp, /usr/share/apr-0/build/libtool, /usr/lib/pm-utils(/.*)?, /etc/sysconfig/network-scripts/net.*, /usr/share/system-config-language/system-config-language, /usr/lib/vte/gnome-pty-helper, /etc/lxdm/Pre.*, /usr/lib/xulrunner[^/]*/crashreporter, /usr/lib/nagios/plugins(/.*)?, /usr/share/Packag
eKit/helpers(/.*)?, /usr/share/e16/misc(/.*)?, /usr/lib/fence(/.*)?, /etc/sysconfig/network-scripts/init.*, /usr/lib/xulrunner[^/]*/updater, /etc/mcelog/cache-error-trigger, /usr/share/system-config-mouse/system-config-mouse, /usr/share/system-config-netboot/pxeos\.py, /usr/share/cluster/.*\.sh, /usr/lib/udev/devices/MAKEDEV, /usr/lib/nfs-utils/scripts(/.*)?, /usr/share/mc/extfs/.*, /emul/ia32-linux/usr(/.*)?/sbin(/.*)?, /var/qmail/rc, /var/mailman.*/bin(/.*)?, /usr/share/system-config-nfs/system-config-nfs\.py, /sbin, /usr/share/texmf/web2c/mktexupd, /usr/lib/readahead(/.*)?, /usr/lib/gimp/.*/plug-ins(/.*)?, /usr/lib/xen/bin(/.*)?, /usr/share/Modules/init(/.*)?, /var/qmail/bin, /opt/google/talkplugin(/.*)?, /etc/profile.d(/.*)?, /usr/share/hwbrowser/hwbrowser, /usr/share/dayplanner/dayplanner, /usr/lib/nspluginwrapper/np.*, /usr/share/printconf/util/print\.py, /usr/lib/[^/]*/run-mozilla\.sh, /usr/linuxprinter/filters(/.*)?, /usr/share/system-config-network/neat-control\.py,
/usr/lib/[^/]*/mozilla-xremote-client, /usr/share/hal/scripts(/.*)?, /usr/lib/[^/]*thunderbird[^/]*/thunderbird, /usr/share/system-config-selinux/polgen\.py, /usr/lib(.*/)?sbin(/.*)?, /lib/udev/devices/MAKEDEV, /etc/vmware-tools(/.*)?, /etc/PackageKit/events(/.*)?, /usr/share/denyhosts/plugins(/.*)?, /usr/share/sectool/.*\.py, /etc/pki/tls/certs/make-dummy-cert, /usr/lib/rpm/rpmd, /usr/lib/tuned/.*/.*\.sh, /usr/share/cluster/svclib_nfslock, /usr/libexec(/.*)?, /usr/share/system-config-nfs/nfs-export\.py, /usr/share/apr-0/build/[^/]+\.sh, /opt/OpenPrinting-Gutenprint/cups/lib/filter(/.*)?, /bin/mountpoint, /usr/share/rhn/rhn_applet/needed-packages\.py, /lib/security/pam_krb5(/.*)?, /emul/ia32-linux/usr/libexec(/.*)?, /usr/lib/rpm/rpmk, /etc/apcupsd/commok, /usr/lib/oracle/xe/apps(/.*)?, /usr/share/clamav/freshclam-sleep, /usr/lib/mediawiki/math/texvc.*, /etc/ConsoleKit/run-seat\.d(/.*)?, /usr/lib/xfce4(/.*)?, /usr/share/system-config-services/system-config-services, /opt/(.*
/)?libexec(/.*)?, /emul/ia32-linux/usr(/.*)?/Bin(/.*)?, /usr/lib/debug/sbin(/.*)?, /etc/sysconfig/libvirtd, /etc/cron.weekly(/.*)?, /usr/lib/ccache/bin(/.*)?, /sbin/.*, /var/lib/asterisk/agi-bin(/.*)?, /usr/lib/[^/]*thunderbird[^/]*/thunderbird-bin, /usr/lib/yp/.+, /usr/share/wicd/daemon(/.*)?, /etc/ppp/ipv6-up\..*, /etc/acpi/actions(/.*)?, /etc/sysconfig/network-scripts/ifdown.*, /usr/share/cluster/SAPDatabase, /usr/share/system-config-soundcard/system-config-soundcard, /usr/lib/udev/scsi_id, /etc/pm/power\.d(/.*)?, /usr/share/system-config-services/gui\.py, /etc/lxdm/Xsession, /usr/lib/cyrus-imapd/.*, /usr/sbin/insmod_ksymoops_clean, /etc/cipe/ip-down.*, /usr/share/PackageKit/pk-upgrade-distro\.sh, /usr/share/shorewall/compiler\.pl, /usr/share/pydict/pydict\.py, /dev/MAKEDEV, /usr/share/shorewall-shell(/.*)?, /emul/ia32-linux/bin(/.*)?, /root/bin(/.*)?, /usr/lib/xfce4/session/balou-export-theme, /usr/share/system-config-selinux/system-config-selinux\.py, /etc/ppp/ipv6-down
\..*, /usr/share/pwlib/make/ptlib-config, /usr/lib/ConsoleKit/scripts(/.*)?, /opt/(.*/)?bin(/.*)?, /etc/init\.d/functions, /lib/readahead(/.*)?, /etc/apcupsd/apccontrol, /usr/share/system-config-samba/system-config-samba\.py, /usr/lib/misc/sftp-server, /etc/apcupsd/onbattery, /usr/lib/qt.*/bin(/.*)?, /usr/share/cvs/contrib/rcs2log, /usr/lib/debug/usr/sbin(/.*)?, /usr/share/system-config-keyboard/system-config-keyboard, /usr/share/fedora-usermgmt/wrapper, /usr/lib/thunderbird.*/mozilla-xremote-client, /usr/share/ssl/misc(/.*)?, /etc/apcupsd/changeme, /etc/apcupsd/offbattery, /etc/apcupsd/commfailure, /etc/sysconfig/readonly-root, /etc/cron.monthly(/.*)?, /var/ftp/bin(/.*)?, /usr/lib/xfce4/xfwm4/helper-dialog, /usr/lib/iscan/network, /usr/share/shorewall-lite(/.*)?, /usr/Printer(/.*)?, /usr/share/authconfig/authconfig-gtk\.py, /usr/share/system-config-rootpassword/system-config-rootpassword, /usr/lib/news/bin(/.*)?, /usr/share/system-config-lvm/system-config-lvm\.py, /usr/shar
e/system-config-netboot/pxeboot\.py, /etc/auto\.[^/]*, /usr/Brother/(.*/)?inf/brprintconf.*, /etc/apcupsd/masterconnect, /etc/avahi/.*\.action, /usr/lib/netsaint/plugins(/.*)?, /usr/share/authconfig/authconfig-tui\.py, /usr/share/system-config-securitylevel/system-config-securitylevel\.py, /usr/lib/xfce4/exo-1/exo-helper-1, /usr/lib/dracut(/.*)?, /usr/share/kde4/apps/kajongg/kajongg.py, /usr/share/hal/device-manager/hal-device-manager, /usr/share/selinux/devel/policygentool, /etc/mail/make, /usr/lib/debug/usr/libexec(/.*)?, /opt/gutenprint/cups/lib/filter(/.*)?, /usr/libexec/openssh/sftp-server, /usr/lib/ruby/gems/.*/agents(/.*)?, /usr/lib/bluetooth(/.*)?, /usr/lib/chromium-browser(/.*)?, /etc/sysconfig/init, /usr/share/system-logviewer/system-logviewer\.py, /emul/ia32-linux/usr(/.*)?/bin(/.*)?, /usr/lib/wicd/monitor\.py, /etc/pki/tls/misc(/.*)?, /etc/cron.hourly(/.*)?, /etc/xen/qemu-ifup, /usr/share/system-config-services/serviceconf\.py, /usr/share/tucan.*/tucan.py, /usr/l
ib/portage/bin(/.*)?, /etc/lxdm/LoginReady, /etc/mcelog/triggers(/.*)?, /usr/share/texmf/web2c/mktexnam, /etc/gdm/XKeepsCrashing[^/]*, /usr/lib/apt/methods.+, /etc/rc\.d/init\.d/functions, /usr/lib/xfce4/exo-1/exo-compose-mail-1, /etc/kde/shutdown(/.*)?, /usr/lib/cups(/.*)?, /usr/share/gedit-2/plugins/externaltools/tools(/.*)?, /usr/share/gnucash/finance-quote-helper, /etc/cron.daily(/.*)?, /usr/share/gitolite/hooks/gitolite-admin/post-update, /usr/lib/rpm/rpmv, /etc/ConsoleKit/run-session\.d(/.*)?, /etc/munin/plugins(/.*)?, /usr/share/clamav/clamd-gen, /etc/lxdm/Post.*, /usr/lib/xulrunner[^/]*/xulrunner[^/]*, /etc/hotplug/.*agent, /usr/lib/emacsen-common/.*, /usr/lib/jvm/java(.*/)bin(/.*), /etc/sysconfig/network-scripts/ifup.*, /usr/lib/xfce4/xfconf/xfconfd, /usr/lib/MailScanner(/.*)?, /usr/share/vhostmd/scripts(/.*)?, /usr/share/ajaxterm/qweb.py.*, /usr/share/switchdesk/switchdesk-gui\.py, /usr/lib/ipsec/.*, /usr/share/turboprint/lib(/.*)?, /usr/sbin/mkfs\.cramfs, /var/qma
il/bin(/.*)?, /etc/sysconfig/crond, /usr/share/hplip/[^/]*, /lib/security/pam_krb5/pam_krb5_storetmp, /usr/share/debconf/.+, /usr/share/shorewall/configpath, /usr/bin/pingus.*, /etc/hotplug/hotplug\.functions, /usr/lib/mailman.*/bin(/.*)?, /usr/share/texmf/web2c/mktexdir, /usr/share/gnucash/finance-quote-check, /etc/redhat-lsb(/.*)?, /usr/X11R6/lib/X11/xkb/xkbcomp, /etc/gdm/[^/]+, /opt/google/chrome(/.*)?, /usr/lib/tumbler-[^/]*/tumblerd, /usr/lib/dpkg/.+, /usr/share/sandbox/sandboxX.sh, /etc/cipe/ip-up.*, /usr/lib/udev/[^/]*, /usr/bin/mountpoint, /lib/udev/scsi_id, /bin/.*, /emul/ia32-linux/sbin(/.*)?, /var/lib/iscan/interpreter, /etc/dhcp/dhclient\.d(/.*)?, /etc/racoon/scripts(/.*)?, /opt/(.*/)?sbin(/.*)?, /usr/share/shorewall6-lite(/.*)?, /usr/share/spamassassin/sa-update\.cron, /usr/share/rhn/rhn_applet/applet\.py, /etc/X11/xdm/TakeConsole, /usr/(.*/)?sbin(/.*)?, /etc/X11/xinit(/.*)?, /usr/share/shorewall/getparams, /usr/share/cluster/checkquorum, /etc/X11/xdm/GiveConsol
e, /usr/lib/xfce4/session/xfsm-shutdown-helper, /lib/upstart(/.*)?, /etc/pm/sleep\.d(/.*)?, /etc/gdm/[^/]+/.*, /usr/share/system-config-httpd/system-config-httpd, /usr/lib/upstart(/.*)?, /usr/lib/pgsql/test/regress/.*\.sh, /usr/share/system-config-users/system-config-users, /etc/mgetty\+sendfax/new_fax, /usr/lib/debug/bin(/.*)?, /usr/lib/debug/usr/bin(/.*)?, /etc/hotplug/.*rc, /usr/lib/courier(/.*)?, /etc/X11/xdm/Xsetup_0, /etc/netplug\.d(/.*)?, /usr/Brother/(.*/)?inf/setup.*, /usr/lib/xfce4/session/balou-install-theme, /usr/(.*/)?bin(/.*)?, /usr/(.*/)?Bin(/.*)?, /etc/xen/scripts(/.*)?, /usr/share/smolt/client(/.*)?, /usr/bin, /etc/sysconfig/netconsole, /usr/share/system-config-network(/netconfig)?/[^/]+\.py, /usr/lib/xfce4/panel/migrate, /usr/share/ajaxterm/ajaxterm.py.*, /sbin/mkfs\.cramfs, /usr/share/authconfig/authconfig\.py, /usr/share/system-config-date/system-config-date\.py, /usr/share/virtualbox/.*\.sh, /etc/apcupsd/mastertimeout, /usr/lib/ruby/gems(/.*)?/helper-scr
ipts(/.*)?, /usr/share/texmf/texconfig/tcfmgr, /etc/kde/env(/.*)?, /usr/lib/rpm/rpmq, /sbin/insmod_ksymoops_clean, /usr/lib/xfce4/panel/wrapper, /usr/share/system-config-printer/applet\.py, /etc/hotplug\.d/default/default.*, /usr/lib(.*/)?bin(/.*)?, /usr/share/gitolite/hooks/common/update, /usr/lib/ConsoleKit/run-session\.d(/.*)?, /usr/lib/sftp-server, /usr/share/system-config-display/system-config-display, /lib/udev/[^/]*, /usr/share/cluster/fence_scsi_check\.pl, /usr/share/denyhosts/scripts(/.*)?, /usr/share/createrepo(/.*)?, /usr/lib/yaboot/addnote, /usr/lib/vmware-tools/(s)?bin64(/.*)?, /usr/share/cluster/SAPInstance
++/usr/(s)?bin/lightdm*, /usr/(s)?bin/[mxgkw]dm, /usr/(s)?bin/gdm-binary, /usr/(s)?bin/lxdm(-binary)?, /usr/X11R6/bin/[xgkw]dm, /usr/bin/slim, /usr/bin/gpe-dm, /opt/kde3/bin/kdm, /usr/sbin/mdm-binary, /bin/.*, /opt/(.*/)?bin(/.*)?, /usr/(.*/)?Bin(/.*)?, /usr/(.*/)?bin(/.*)?, /usr/(.*/)?sbin(/.*)?, /opt/(.*/)?sbin(/.*)?, /opt/(.*/)?libexec(/.*)?, /sbin/.*, /usr/lib(.*/)?bin(/.*)?, /usr/lib(.*/)?sbin(/.*)?, /etc/gdm/[^/]+, /root/bin(/.*)?, /etc/gdm/[^/]+/.*, /etc/cron.daily(/.*)?, /etc/cron.weekly(/.*)?, /etc/cron.hourly(/.*)?, /etc/cron.monthly(/.*)?, /usr/lib/.*/scripts(/.*)?, /usr/lib/.*/program(/.*)?, /usr/lib/[^/]*/run-mozilla\.sh, /usr/lib/[^/]*/mozilla-xremote-client, /usr/lib/[^/]*thunderbird[^/]*/thunderbird, /usr/lib/[^/]*thunderbird[^/]*/thunderbird-bin, /usr/lib/[^/]*thunderbird[^/]*/open-browser\.sh, /lib/udev/[^/]*, /etc/auto\.[^/]*, /etc/avahi/.*\.action, /usr/lib/qt.*/bin(/.*)?, /usr/lib/yp/.+, /var/ftp/bin(/.*)?, /usr/Brother(/.*)?, /usr/Printer(/.*)?, /usr/lib
exec(/.*)?, /lib/upstart(/.*)?, /etc/kde/env(/.*)?, /etc/profile.d(/.*)?, /var/mailman.*/bin(/.*)?, /etc/lxdm/Pre.*, /etc/hotplug/.*rc, /usr/lib/cups(/.*)?, /etc/hotplug/.*agent, /usr/Brother/(.*/)?inf/setup.*, /usr/Brother/(.*/)?inf/brprintconf.*, /usr/lib/dpkg/.+, /etc/lxdm/Post.*, /usr/lib/udev/[^/]*, /var/qmail/bin(/.*)?, /usr/lib/xfce4(/.*)?, /usr/lib/fence(/.*)?, /etc/X11/xinit(/.*)?, /lib/readahead(/.*)?, /etc/netplug\.d(/.*)?, /usr/lib/gimp/.*/plug-ins(/.*)?, /usr/lib/ipsec/.*, /etc/ppp/ip-up\..*, /usr/bin/pingus.*, /etc/cipe/ip-up.*, /usr/lib/dracut(/.*)?, /etc/pm/power\.d(/.*)?, /etc/pm/sleep\.d(/.*)?, /etc/redhat-lsb(/.*)?, /usr/lib/tuned/.*/.*\.sh, /usr/lib/xen/bin(/.*)?, /usr/lib/upstart(/.*)?, /usr/lib/courier(/.*)?, /etc/xen/scripts(/.*)?, /usr/share/tucan.*/tucan.py, /usr/lib/mailman.*/bin(/.*)?, /usr/lib/mailman.*/mail(/.*)?, /etc/ppp/ipv6-up\..*, /etc/ppp/ip-down\..*, /etc/cipe/ip-down.*, /usr/share/hplip/[^/]*, /usr/lib/news/bin(/.*)?, /usr/lib/pm-utils(/.
*)?, /etc/vmware-tools(/.*)?, /etc/kde/shutdown(/.*)?, /etc/acpi/actions(/.*)?, /etc/pki/tls/misc(/.*)?, /usr/lib/jvm/java(.*/)bin(/.*), /usr/lib/tumbler-[^/]*/tumblerd, /usr/lib/readahead(/.*)?, /opt/google/chrome(/.*)?, /etc/munin/plugins(/.*)?, /usr/lib/bluetooth(/.*)?, /usr/lib/debug/bin(/.*)?, /usr/lib/xulrunner[^/]*/updater, /usr/lib/xulrunner[^/]*/crashreporter, /usr/lib/xulrunner[^/]*/xulrunner[^/]*, /usr/lib/ruby/gems(/.*)?/helper-scripts(/.*)?, /usr/share/debconf/.+, /etc/ppp/ipv6-down\..*, /usr/share/cluster/.*\.sh, /usr/share/sectool/.*\.py, /usr/share/ssl/misc(/.*)?, /usr/share/e16/misc(/.*)?, /usr/lib/ccache/bin(/.*)?, /etc/racoon/scripts(/.*)?, /usr/lib/debug/sbin(/.*)?, /usr/lib/ruby/gems/.*/agents(/.*)?, /usr/share/mc/extfs/.*, /usr/lib/apt/methods.+, /usr/lib/portage/bin(/.*)?, /usr/lib/MailScanner(/.*)?, /etc/mcelog/triggers(/.*)?, /etc/dhcp/dhclient\.d(/.*)?, /emul/ia32-linux/bin(/.*)?, /emul/ia32-linux/usr(/.*)?/bin(/.*)?, /emul/ia32-linux/usr(/.*)?/Bin(
/.*)?, /emul/ia32-linux/usr(/.*)?/sbin(/.*)?, /usr/lib/thunderbird.*/mozilla-xremote-client, /usr/lib/cyrus-imapd/.*, /usr/share/createrepo(/.*)?, /emul/ia32-linux/sbin(/.*)?, /usr/share/virtualbox/.*\.sh, /usr/share/hal/scripts(/.*)?, /usr/share/wicd/daemon(/.*)?, /lib/security/pam_krb5(/.*)?, /opt/google/talkplugin(/.*)?, /etc/PackageKit/events(/.*)?, /usr/lib/debug/usr/bin(/.*)?, /usr/lib/vmware-tools/(s)?bin32(/.*)?, /usr/lib/vmware-tools/(s)?bin64(/.*)?, /etc/gdm/XKeepsCrashing[^/]*, /usr/lib/oracle/xe/apps(/.*)?, /usr/share/Modules/init(/.*)?, /usr/share/smolt/client(/.*)?, /usr/lib/nagios/plugins(/.*)?, /usr/lib/debug/usr/sbin(/.*)?, /usr/share/apr-0/build/[^/]+\.sh, /usr/lib/emacsen-common/.*, /usr/share/ajaxterm/qweb.py.*, /var/lib/asterisk/agi-bin(/.*)?, /usr/share/shorewall-perl(/.*)?, /usr/share/shorewall-lite(/.*)?, /usr/linuxprinter/filters(/.*)?, /usr/lib/netsaint/plugins(/.*)?, /usr/lib/chromium-browser(/.*)?, /usr/share/turboprint/lib(/.*)?, /usr/lib/nfs-uti
ls/scripts(/.*)?, /usr/share/shorewall-shell(/.*)?, /usr/share/shorewall6-lite(/.*)?, /usr/share/vhostmd/scripts(/.*)?, /usr/lib/debug/usr/libexec(/.*)?, /etc/ConsoleKit/run-seat\.d(/.*)?, /usr/lib/nspluginwrapper/np.*, /usr/share/sandbox/sandboxX.sh, /usr/lib/ConsoleKit/scripts(/.*)?, /usr/share/ajaxterm/ajaxterm.py.*, /usr/lib/pgsql/test/regress/.*\.sh, /usr/share/denyhosts/plugins(/.*)?, /usr/share/denyhosts/scripts(/.*)?, /emul/ia32-linux/usr/libexec(/.*)?, /usr/lib/mediawiki/math/texvc.*, /usr/share/PackageKit/helpers(/.*)?, /etc/ConsoleKit/run-session\.d(/.*)?, /etc/hotplug\.d/default/default.*, /usr/lib/systemd/system-sleep/(.*)?, /opt/gutenprint/cups/lib/filter(/.*)?, /usr/share/system-config-network(/netconfig)?/[^/]+\.py, /usr/lib/ConsoleKit/run-session\.d(/.*)?, /etc/sysconfig/network-scripts/net.*, /etc/sysconfig/network-scripts/ifup.*, /etc/sysconfig/network-scripts/init.*, /usr/share/kde4/apps/kajongg/kajongg.py, /etc/sysconfig/network-scripts/ifdown.*, /opt/Op
enPrinting-Gutenprint/cups/lib/filter(/.*)?, /usr/share/gedit-2/plugins/externaltools/tools(/.*)?, /bin, /sbin, /usr/bin, /dev/MAKEDEV, /var/qmail/rc, /var/qmail/bin, /etc/mail/make, /bin/mountpoint, /usr/lib/rpm/rpmv, /usr/lib/rpm/rpmk, /usr/lib/rpm/rpmq, /usr/lib/rpm/rpmd, /lib/udev/scsi_id, /sbin/mkfs\.cramfs, /etc/xen/qemu-ifup, /etc/lxdm/Xsession, /etc/sysconfig/init, /usr/bin/mountpoint, /etc/apcupsd/commok, /usr/lib/sftp-server, /etc/sysconfig/crond, /etc/lxdm/LoginReady, /usr/sbin/mkfs\.cramfs, /usr/lib/udev/scsi_id, /etc/X11/xdm/Xsetup_0, /etc/init\.d/functions, /etc/apcupsd/changeme, /usr/lib/iscan/network, /etc/apcupsd/onbattery, /usr/lib/yaboot/addnote, /etc/sysconfig/libvirtd, /etc/apcupsd/apccontrol, /etc/apcupsd/offbattery, /usr/lib/wicd/monitor\.py, /etc/X11/xdm/TakeConsole, /etc/X11/xdm/GiveConsole, /etc/apcupsd/commfailure, /usr/lib/misc/sftp-server, /etc/sysconfig/netconsole, /lib/udev/devices/MAKEDEV, /var/lib/iscan/interpreter, /etc/rc\.d/init\.d/functio
ns, /etc/apcupsd/masterconnect, /etc/apcupsd/mastertimeout, /usr/share/pydict/pydict\.py, /usr/share/clamav/clamd-gen, /sbin/insmod_ksymoops_clean, /etc/mgetty\+sendfax/new_fax, /usr/lib/xfce4/panel/migrate, /usr/lib/xfce4/panel/wrapper, /etc/sysconfig/readonly-root, /usr/lib/udev/devices/MAKEDEV, /usr/lib/vte/gnome-pty-helper, /usr/lib/xfce4/xfconf/xfconfd, /usr/share/hwbrowser/hwbrowser, /usr/share/cvs/contrib/rcs2log, /usr/X11R6/lib/X11/xkb/xkbcomp, /usr/lib/virtualbox/VBoxManage, /usr/share/cluster/checkquorum, /usr/share/shorewall/getparams, /usr/share/apr-0/build/libtool, /usr/share/cluster/SAPDatabase, /usr/share/cluster/SAPInstance, /etc/hotplug/hotplug\.functions, /usr/share/texmf/web2c/mktexdir, /usr/share/texmf/web2c/mktexupd, /usr/share/texmf/web2c/mktexnam, /usr/share/shorewall/configpath, /usr/sbin/insmod_ksymoops_clean, /etc/mcelog/cache-error-trigger, /usr/share/shorewall/compiler\.pl, /usr/share/dayplanner/dayplanner, /usr/libexec/openssh/sftp-server, /usr/s
hare/texmf/texconfig/tcfmgr, /usr/share/clamav/freshclam-sleep, /usr/share/cluster/ocf-shellfuncs, /usr/share/cluster/svclib_nfslock, /usr/lib/xfce4/exo-1/exo-helper-1, /usr/share/pwlib/make/ptlib-config, /usr/share/fedora-usermgmt/wrapper, /usr/share/printconf/util/print\.py, /usr/lib/xfce4/xfwm4/helper-dialog, /etc/pki/tls/certs/make-dummy-cert, /usr/share/rhn/rhn_applet/applet\.py, /usr/share/authconfig/authconfig\.py, /usr/share/spamassassin/sa-update\.cron, /usr/share/gnucash/finance-quote-check, /usr/share/cluster/fence_scsi_check\.pl, /usr/share/selinux/devel/policygentool, /usr/share/switchdesk/switchdesk-gui\.py, /usr/share/authconfig/authconfig-gtk\.py, /usr/share/authconfig/authconfig-tui\.py, /usr/share/gitolite/hooks/common/update, /usr/share/gnucash/finance-quote-helper, /usr/lib/xfce4/exo-1/exo-compose-mail-1, /usr/share/system-config-services/gui\.py, /lib/security/pam_krb5/pam_krb5_storetmp, /usr/share/system-config-netboot/pxeos\.py, /usr/lib/xfce4/session/
balou-export-theme, /usr/share/system-config-nfs/nfs-export\.py, /usr/share/system-config-printer/applet\.py, /usr/share/system-config-selinux/polgen\.py, /usr/share/PackageKit/pk-upgrade-distro\.sh, /usr/lib/xfce4/session/balou-install-theme, /usr/share/system-config-netboot/pxeboot\.py, /usr/lib/xfce4/session/xfsm-shutdown-helper, /usr/share/rhn/rhn_applet/needed-packages\.py, /usr/lib/security/pam_krb5/pam_krb5_storetmp, /usr/share/system-logviewer/system-logviewer\.py, /usr/share/system-config-network/neat-control\.py, /usr/share/system-config-services/serviceconf\.py, /usr/share/hal/device-manager/hal-device-manager, /usr/share/system-config-lvm/system-config-lvm\.py, /usr/share/system-config-nfs/system-config-nfs\.py, /usr/share/system-config-httpd/system-config-httpd, /usr/share/system-config-mouse/system-config-mouse, /usr/share/system-config-users/system-config-users, /usr/share/system-config-date/system-config-date\.py, /usr/share/doc/ghc/html/libraries/gen_content
s_index, /usr/share/gitolite/hooks/gitolite-admin/post-update, /usr/share/system-config-samba/system-config-samba\.py, /usr/share/system-config-display/system-config-display, /usr/share/system-config-keyboard/system-config-keyboard, /usr/share/system-config-language/system-config-language, /usr/share/system-config-services/system-config-services, /usr/share/system-config-selinux/system-config-selinux\.py, /usr/share/system-config-netboot/system-config-netboot\.py, /usr/share/system-config-soundcard/system-config-soundcard, /usr/share/system-config-rootpassword/system-config-rootpassword, /usr/share/system-config-securitylevel/system-config-securitylevel\.py
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -102143,6 +103850,13 @@ index 0000000..fc348ab
+
+
+.PP
++If you want to allow the graphical login program to execute bootloader, you must turn on the xdm_exec_bootloader boolean.
++
++.EX
++.B setsebool -P xdm_exec_bootloader 1
++.EE
++
++.PP
+If you want to allow the graphical login program to login directly as sysadm_r:sysadm_t, you must turn on the xdm_sysadm_login boolean.
+
+.EX
@@ -102156,6 +103870,13 @@ index 0000000..fc348ab
+.B setsebool -P xdm_exec_bootloader 1
+.EE
+
++.PP
++If you want to allow the graphical login program to login directly as sysadm_r:sysadm_t, you must turn on the xdm_sysadm_login boolean.
++
++.EX
++.B setsebool -P xdm_sysadm_login 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -102182,10 +103903,6 @@ index 0000000..fc348ab
+
+- Set files with the xdm_exec_t type, if you want to transition an executable to the xdm_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/slim, /usr/(s)?bin/lightdm*, /usr/(s)?bin/[mxgkw]dm, /usr/sbin/mdm-binary, /usr/(s)?bin/lxdm(-binary)?, /usr/X11R6/bin/[xgkw]dm, /usr/(s)?bin/gdm-binary, /usr/bin/gpe-dm, /opt/kde3/bin/kdm
+
+.EX
+.PP
@@ -102194,10 +103911,6 @@ index 0000000..fc348ab
+
+- Set files with the xdm_home_t type, if you want to store xdm files in the users home directory.
+
-+.br
-+.TP 5
-+Paths:
-+/root/\.xsession-errors.*, /root/\.dmrc.*
+
+.EX
+.PP
@@ -102214,10 +103927,6 @@ index 0000000..fc348ab
+
+- Set files with the xdm_log_t type, if you want to treat the data as xdm log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/slim\.log, /var/log/lxdm\.log.*, /var/log/[mg]dm(/.*)?, /var/log/[mkwx]dm\.log.*
+
+.EX
+.PP
@@ -102226,10 +103935,6 @@ index 0000000..fc348ab
+
+- Set files with the xdm_rw_etc_t type, if you want to store xdm rw files in the /etc directories.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/opt/VirtualGL(/.*)?, /etc/X11/wdm(/.*)?
+
+.EX
+.PP
@@ -102246,10 +103951,6 @@ index 0000000..fc348ab
+
+- Set files with the xdm_tmp_t type, if you want to store xdm temporary files in the /tmp directories.
+
-+.br
-+.TP 5
-+Paths:
-+/tmp/\.X0-lock, /tmp/\.X11-unix(/.*)?, /tmp/\.ICE-unix(/.*)?
+
+.EX
+.PP
@@ -102266,10 +103967,6 @@ index 0000000..fc348ab
+
+- Set files with the xdm_unconfined_exec_t type, if you want to transition an executable to the xdm_unconfined_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/[mg]dm/Init(/.*)?, /etc/[mg]dm/PreSession(/.*)?, /etc/[mg]dm/PostLogin(/.*)?, /etc/[mg]dm/PostSession(/.*)?
+
+.EX
+.PP
@@ -102278,10 +103975,6 @@ index 0000000..fc348ab
+
+- Set files with the xdm_var_lib_t type, if you want to store the xdm files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/lightdm(/.*)?, /var/cache/lightdm(/.*)?, /var/lib/[mxkwg]dm(/.*)?, /var/lib/lxdm(/.*)?, /var/cache/[mg]dm(/.*)?
+
+.EX
+.PP
@@ -102290,10 +103983,6 @@ index 0000000..fc348ab
+
+- Set files with the xdm_var_run_t type, if you want to store the xdm files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/kde[34]?/kdm/backgroundrc, /var/run/slim.*, /var/run/lxdm(/.*)?, /usr/lib/qt-.*/etc/settings(/.*)?, /var/run/lxdm\.auth, /var/run/systemd/multi-session-x(/.*)?, /var/run/xauth(/.*)?, /var/run/xdmctl(/.*)?, /var/run/[gx]dm\.pid, /var/run/[kgm]dm(/.*)?, /var/run/slim(/.*)?, /var/run/gdm_socket, /var/run/lxdm\.pid, /var/run/lightdm(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -102402,10 +104091,10 @@ index 0000000..fc348ab
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -102484,6 +104173,8 @@ index 0000000..fc348ab
+.br
+ /var/tmp/nfs_0
+.br
++ /var/tmp/DNS_25
++.br
+ /var/tmp/host_0
+.br
+ /var/tmp/imap_0
@@ -102868,19 +104559,21 @@ index 0000000..fc348ab
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), xdm(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), xdm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/xenconsoled_selinux.8 b/man/man8/xenconsoled_selinux.8
new file mode 100644
-index 0000000..ab73dce
+index 0000000..4c722a4
--- /dev/null
+++ b/man/man8/xenconsoled_selinux.8
-@@ -0,0 +1,124 @@
-+.TH "xenconsoled_selinux" "8" "xenconsoled" "dwalsh at redhat.com" "xenconsoled SELinux Policy documentation"
+@@ -0,0 +1,126 @@
++.TH "xenconsoled_selinux" "8" "12-10-19" "xenconsoled" "SELinux Policy documentation for xenconsoled"
+.SH "NAME"
+xenconsoled_selinux \- Security Enhanced Linux Policy for the xenconsoled processes
+.SH "DESCRIPTION"
@@ -103000,17 +104693,19 @@ index 0000000..ab73dce
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), xenconsoled(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), xenconsoled(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/xend_selinux.8 b/man/man8/xend_selinux.8
new file mode 100644
-index 0000000..0d9e1e7
+index 0000000..3ba3826
--- /dev/null
+++ b/man/man8/xend_selinux.8
-@@ -0,0 +1,319 @@
-+.TH "xend_selinux" "8" "xend" "dwalsh at redhat.com" "xend SELinux Policy documentation"
+@@ -0,0 +1,330 @@
++.TH "xend_selinux" "8" "12-10-19" "xend" "SELinux Policy documentation for xend"
+.SH "NAME"
+xend_selinux \- Security Enhanced Linux Policy for the xend processes
+.SH "DESCRIPTION"
@@ -103052,6 +104747,13 @@ index 0000000..0d9e1e7
+
+
+.PP
++If you want to allow xend to run blktapctrl/tapdisk. Not required if using dedicated logical volumes for disk images, you must turn on the xend_run_blktap boolean.
++
++.EX
++.B setsebool -P xend_run_blktap 1
++.EE
++
++.PP
+If you want to allow xen to manage nfs files, you must turn on the xen_use_nfs boolean.
+
+.EX
@@ -103072,6 +104774,20 @@ index 0000000..0d9e1e7
+.B setsebool -P xend_run_blktap 1
+.EE
+
++.PP
++If you want to allow xen to manage nfs files, you must turn on the xen_use_nfs boolean.
++
++.EX
++.B setsebool -P xen_use_nfs 1
++.EE
++
++.PP
++If you want to allow xend to run qemu-dm. Not required if using paravirt and no vfb, you must turn on the xend_run_qemu boolean.
++
++.EX
++.B setsebool -P xend_run_qemu 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -103106,10 +104822,6 @@ index 0000000..0d9e1e7
+
+- Set files with the xend_var_lib_t type, if you want to store the xend files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/xen(/.*)?, /var/lib/xend(/.*)?
+
+.EX
+.PP
@@ -103118,10 +104830,6 @@ index 0000000..0d9e1e7
+
+- Set files with the xend_var_log_t type, if you want to treat the data as xend var log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/xen-hotplug\.log.*, /var/log/xen(/.*)?, /var/log/xend-debug\.log.*, /var/log/xend\.log.*
+
+.EX
+.PP
@@ -103130,10 +104838,6 @@ index 0000000..0d9e1e7
+
+- Set files with the xend_var_run_t type, if you want to store the xend files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/xenner(/.*)?, /var/run/xend(/.*)?, /var/run/xend\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -103220,10 +104924,10 @@ index 0000000..0d9e1e7
+.br
+ /etc/securetty
+.br
-+ /etc/nohotplug
-+.br
+ /etc/killpower
+.br
++ /etc/nohotplug
++.br
+ /etc/ioctl\.save
+.br
+ /etc/fstab\.REVOKE
@@ -103324,19 +105028,21 @@ index 0000000..0d9e1e7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), xend(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), xend(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), xenconsoled_selinux(8), xenstored_selinux(8)
\ No newline at end of file
diff --git a/man/man8/xenstored_selinux.8 b/man/man8/xenstored_selinux.8
new file mode 100644
-index 0000000..df38140
+index 0000000..1320c98
--- /dev/null
+++ b/man/man8/xenstored_selinux.8
-@@ -0,0 +1,150 @@
-+.TH "xenstored_selinux" "8" "xenstored" "dwalsh at redhat.com" "xenstored SELinux Policy documentation"
+@@ -0,0 +1,148 @@
++.TH "xenstored_selinux" "8" "12-10-19" "xenstored" "SELinux Policy documentation for xenstored"
+.SH "NAME"
+xenstored_selinux \- Security Enhanced Linux Policy for the xenstored processes
+.SH "DESCRIPTION"
@@ -103423,10 +105129,6 @@ index 0000000..df38140
+
+- Set files with the xenstored_var_run_t type, if you want to store the xenstored files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/xenstore\.pid, /var/run/xenstored(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -103482,16 +105184,18 @@ index 0000000..df38140
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), xenstored(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), xenstored(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/xguest_selinux.8 b/man/man8/xguest_selinux.8
new file mode 100644
-index 0000000..63ecb35
+index 0000000..bae8526
--- /dev/null
+++ b/man/man8/xguest_selinux.8
-@@ -0,0 +1,322 @@
+@@ -0,0 +1,345 @@
+.TH "xguest_selinux" "8" "xguest" "mgrepl at redhat.com" "xguest SELinux Policy documentation"
+.SH "NAME"
+xguest_u \- \fBLeast privledge xwindows user role\fP - Security Enhanced Linux Policy
@@ -103546,18 +105250,6 @@ index 0000000..63ecb35
+
+.B dns_port_t: 53
+
-+.B http_cache_port_t: 8080,8118,10001-10010
-+
-+.B http_port_t: 80,81,443,488,8008,8009,8443
-+
-+.B ocsp_port_t: 9080
-+
-+.B squid_port_t: 3128,3401,4827
-+
-+.B ephemeral_port_t: 32768-61000
-+
-+.B kerberos_port_t: 88,750,4444
-+
+.B pulseaudio_port_t: 4713
+
+.B flash_port_t: 843,1935
@@ -103570,28 +105262,28 @@ index 0000000..63ecb35
+
+.B transproxy_port_t: 8081
+
++.B ocsp_port_t: 9080
++
+.B all ports with out defined types
+
++.B kerberos_port_t: 88,750,4444
++
+.B ftp_port_t: 21,990
+
+.B speech_port_t: 8036
+
-+.TP
-+The SELinux user xguest_u is able to connect to the following tcp ports.
-+
-+.B dns_port_t: 53
-+
+.B http_cache_port_t: 8080,8118,10001-10010
+
+.B http_port_t: 80,81,443,488,8008,8009,8443
+
-+.B ocsp_port_t: 9080
-+
+.B squid_port_t: 3128,3401,4827
+
+.B ephemeral_port_t: 32768-61000
+
-+.B kerberos_port_t: 88,750,4444
++.TP
++The SELinux user xguest_u is able to connect to the following tcp ports.
++
++.B dns_port_t: 53
+
+.B pulseaudio_port_t: 4713
+
@@ -103605,17 +105297,36 @@ index 0000000..63ecb35
+
+.B transproxy_port_t: 8081
+
++.B ocsp_port_t: 9080
++
+.B all ports with out defined types
+
++.B kerberos_port_t: 88,750,4444
++
+.B ftp_port_t: 21,990
+
+.B speech_port_t: 8036
+
++.B http_cache_port_t: 8080,8118,10001-10010
++
++.B http_port_t: 80,81,443,488,8008,8009,8443
++
++.B squid_port_t: 3128,3401,4827
++
++.B ephemeral_port_t: 32768-61000
++
+.SH BOOLEANS
+SELinux policy is customizable based on least access required. xguest policy is extremely flexible and has several booleans that allow you to manipulate the policy and run xguest with the tightest access possible.
+
+
+.PP
++If you want to allow xguest users to mount removable media, you must turn on the xguest_mount_media boolean.
++
++.EX
++.B setsebool -P xguest_mount_media 1
++.EE
++
++.PP
+If you want to allow xguest users to configure Network Manager and connect to apache ports, you must turn on the xguest_connect_network boolean.
+
+.EX
@@ -103623,6 +105334,13 @@ index 0000000..63ecb35
+.EE
+
+.PP
++If you want to allow xguest to use blue tooth devices, you must turn on the xguest_use_bluetooth boolean.
++
++.EX
++.B setsebool -P xguest_use_bluetooth 1
++.EE
++
++.PP
+If you want to allow xguest users to mount removable media, you must turn on the xguest_mount_media boolean.
+
+.EX
@@ -103630,6 +105348,13 @@ index 0000000..63ecb35
+.EE
+
+.PP
++If you want to allow xguest users to configure Network Manager and connect to apache ports, you must turn on the xguest_connect_network boolean.
++
++.EX
++.B setsebool -P xguest_connect_network 1
++.EE
++
++.PP
+If you want to allow xguest to use blue tooth devices, you must turn on the xguest_use_bluetooth boolean.
+
+.EX
@@ -103652,7 +105377,7 @@ index 0000000..63ecb35
+
+Execute the following to see the types that the SELinux user xguest_t can execute without transitioning:
+
-+.B sesearch -A -s xguest_t -c file -p execute_no_trans
++.B search -A -s xguest_t -c file -p execute_no_trans
+
+.TP
+
@@ -103660,7 +105385,7 @@ index 0000000..63ecb35
+
+Execute the following to see the types that the SELinux user xguest_t can execute and transition:
+
-+.B $ sesearch -A -s xguest_t -c process -p transition
++.B $ search -A -s xguest_t -c process -p transition
+
+
+.SH "MANAGED FILES"
@@ -103809,19 +105534,21 @@ index 0000000..63ecb35
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), xguest(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), xguest(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/xserver_selinux.8 b/man/man8/xserver_selinux.8
new file mode 100644
-index 0000000..42bf792
+index 0000000..815737e
--- /dev/null
+++ b/man/man8/xserver_selinux.8
-@@ -0,0 +1,398 @@
-+.TH "xserver_selinux" "8" "xserver" "dwalsh at redhat.com" "xserver SELinux Policy documentation"
+@@ -0,0 +1,416 @@
++.TH "xserver_selinux" "8" "12-10-19" "xserver" "SELinux Policy documentation for xserver"
+.SH "NAME"
+xserver_selinux \- Security Enhanced Linux Policy for the xserver processes
+.SH "DESCRIPTION"
@@ -103839,7 +105566,7 @@ index 0000000..42bf792
+
+The xserver_t SELinux type can be entered via the "xserver_exec_t" file type. The default entrypoint paths for the xserver_t domain are the following:"
+
-+/usr/bin/Xair, /usr/X11R6/bin/XFree86, /etc/init\.d/xfree86-common, /usr/X11R6/bin/Xorg, /usr/X11R6/bin/Xipaq, /usr/bin/Xephyr, /usr/bin/Xorg, /usr/X11R6/bin/Xwrapper, /usr/X11R6/bin/X
++/usr/bin/Xair, /usr/bin/Xorg, /usr/bin/Xephyr, /usr/X11R6/bin/X, /usr/X11R6/bin/Xorg, /usr/X11R6/bin/Xipaq, /usr/X11R6/bin/XFree86, /usr/X11R6/bin/Xwrapper, /etc/init\.d/xfree86-common
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -103870,6 +105597,20 @@ index 0000000..42bf792
+.EE
+
+.PP
++If you want to allow confined virtual guests to interact with the xserver, you must turn on the virt_use_xserver boolean.
++
++.EX
++.B setsebool -P virt_use_xserver 1
++.EE
++
++.PP
++If you want to allows clients to write to the X server shared memory segments, you must turn on the xserver_clients_write_xshm boolean.
++
++.EX
++.B setsebool -P xserver_clients_write_xshm 1
++.EE
++
++.PP
+If you want to allows XServer to execute writable memory, you must turn on the xserver_execmem boolean.
+
+.EX
@@ -103877,6 +105618,13 @@ index 0000000..42bf792
+.EE
+
+.PP
++If you want to support X userspace object manager, you must turn on the xserver_object_manager boolean.
++
++.EX
++.B setsebool -P xserver_object_manager 1
++.EE
++
++.PP
+If you want to allow confined virtual guests to interact with the xserver, you must turn on the virt_use_xserver boolean.
+
+.EX
@@ -103890,6 +105638,13 @@ index 0000000..42bf792
+.B setsebool -P xserver_clients_write_xshm 1
+.EE
+
++.PP
++If you want to allows XServer to execute writable memory, you must turn on the xserver_execmem boolean.
++
++.EX
++.B setsebool -P xserver_execmem 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -103908,10 +105663,6 @@ index 0000000..42bf792
+
+- Set files with the xserver_exec_t type, if you want to transition an executable to the xserver_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/Xair, /usr/X11R6/bin/XFree86, /etc/init\.d/xfree86-common, /usr/X11R6/bin/Xorg, /usr/X11R6/bin/Xipaq, /usr/bin/Xephyr, /usr/bin/Xorg, /usr/X11R6/bin/Xwrapper, /usr/X11R6/bin/X
+
+.EX
+.PP
@@ -103920,10 +105671,6 @@ index 0000000..42bf792
+
+- Set files with the xserver_log_t type, if you want to treat the data as xserver log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/lightdm(/.*)?, /usr/var/[xgkw]dm(/.*)?, /var/log/nvidia-installer\.log.*, /var/[xgkw]dm(/.*)?, /var/log/XFree86.*, /var/log/Xorg.*
+
+.EX
+.PP
@@ -103948,10 +105695,6 @@ index 0000000..42bf792
+
+- Set files with the xserver_var_run_t type, if you want to store the xserver files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/xorg(/.*)?, /var/run/video.rom
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -104214,19 +105957,21 @@ index 0000000..42bf792
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), xserver(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), xserver(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/ypbind_selinux.8 b/man/man8/ypbind_selinux.8
-index 5061a5f..82509d2 100644
+index 5061a5f..a1971d9 100644
--- a/man/man8/ypbind_selinux.8
+++ b/man/man8/ypbind_selinux.8
-@@ -1,19 +1,140 @@
+@@ -1,19 +1,138 @@
-.TH "ypbind_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "ypbind Selinux Policy documentation"
-+.TH "ypbind_selinux" "8" "ypbind" "dwalsh at redhat.com" "ypbind SELinux Policy documentation"
++.TH "ypbind_selinux" "8" "12-10-19" "ypbind" "SELinux Policy documentation for ypbind"
.SH "NAME"
-ypbind_selinux \- Security Enhanced Linux Policy for NIS.
+ypbind_selinux \- Security Enhanced Linux Policy for the ypbind processes
@@ -104254,7 +105999,7 @@ index 5061a5f..82509d2 100644
+
+The ypbind_t SELinux type can be entered via the "ypbind_exec_t" file type. The default entrypoint paths for the ypbind_t domain are the following:"
+
-+/usr/sbin/ypbind, /sbin/ypbind
++/sbin/ypbind, /usr/sbin/ypbind
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -104291,10 +106036,6 @@ index 5061a5f..82509d2 100644
+
+- Set files with the ypbind_exec_t type, if you want to transition an executable to the ypbind_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/ypbind, /sbin/ypbind
+
+.EX
+.PP
@@ -104373,18 +106114,20 @@ index 5061a5f..82509d2 100644
+
.SH AUTHOR
-This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
.SH "SEE ALSO"
-selinux(8), ypbind(8), chcon(1), setsebool(8)
-+selinux(8), ypbind(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ypbind(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/yppasswdd_selinux.8 b/man/man8/yppasswdd_selinux.8
new file mode 100644
-index 0000000..b81a4bb
+index 0000000..3399145
--- /dev/null
+++ b/man/man8/yppasswdd_selinux.8
-@@ -0,0 +1,134 @@
-+.TH "yppasswdd_selinux" "8" "yppasswdd" "dwalsh at redhat.com" "yppasswdd SELinux Policy documentation"
+@@ -0,0 +1,132 @@
++.TH "yppasswdd_selinux" "8" "12-10-19" "yppasswdd" "SELinux Policy documentation for yppasswdd"
+.SH "NAME"
+yppasswdd_selinux \- Security Enhanced Linux Policy for the yppasswdd processes
+.SH "DESCRIPTION"
@@ -104402,7 +106145,7 @@ index 0000000..b81a4bb
+
+The yppasswdd_t SELinux type can be entered via the "yppasswdd_exec_t" file type. The default entrypoint paths for the yppasswdd_t domain are the following:"
+
-+/usr/sbin/rpc\.yppasswdd\.env, /usr/sbin/rpc\.yppasswdd
++/usr/sbin/rpc\.yppasswdd, /usr/sbin/rpc\.yppasswdd\.env
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -104439,10 +106182,6 @@ index 0000000..b81a4bb
+
+- Set files with the yppasswdd_exec_t type, if you want to transition an executable to the yppasswdd_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/rpc\.yppasswdd\.env, /usr/sbin/rpc\.yppasswdd
+
+.EX
+.PP
@@ -104514,17 +106253,19 @@ index 0000000..b81a4bb
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), yppasswdd(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), yppasswdd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ypserv_selinux.8 b/man/man8/ypserv_selinux.8
new file mode 100644
-index 0000000..11f9cb1
+index 0000000..2681d73
--- /dev/null
+++ b/man/man8/ypserv_selinux.8
-@@ -0,0 +1,128 @@
-+.TH "ypserv_selinux" "8" "ypserv" "dwalsh at redhat.com" "ypserv SELinux Policy documentation"
+@@ -0,0 +1,130 @@
++.TH "ypserv_selinux" "8" "12-10-19" "ypserv" "SELinux Policy documentation for ypserv"
+.SH "NAME"
+ypserv_selinux \- Security Enhanced Linux Policy for the ypserv processes
+.SH "DESCRIPTION"
@@ -104648,17 +106389,19 @@ index 0000000..11f9cb1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ypserv(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ypserv(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/ypxfr_selinux.8 b/man/man8/ypxfr_selinux.8
new file mode 100644
-index 0000000..978de9d
+index 0000000..fd6b484
--- /dev/null
+++ b/man/man8/ypxfr_selinux.8
-@@ -0,0 +1,112 @@
-+.TH "ypxfr_selinux" "8" "ypxfr" "dwalsh at redhat.com" "ypxfr SELinux Policy documentation"
+@@ -0,0 +1,110 @@
++.TH "ypxfr_selinux" "8" "12-10-19" "ypxfr" "SELinux Policy documentation for ypxfr"
+.SH "NAME"
+ypxfr_selinux \- Security Enhanced Linux Policy for the ypxfr processes
+.SH "DESCRIPTION"
@@ -104713,10 +106456,6 @@ index 0000000..978de9d
+
+- Set files with the ypxfr_exec_t type, if you want to transition an executable to the ypxfr_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/lib/yp/ypxfr, /usr/sbin/rpc\.ypxfrd
+
+.EX
+.PP
@@ -104766,17 +106505,19 @@ index 0000000..978de9d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), ypxfr(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), ypxfr(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/zabbix_agent_selinux.8 b/man/man8/zabbix_agent_selinux.8
new file mode 100644
-index 0000000..2bf4770
+index 0000000..84c0027
--- /dev/null
+++ b/man/man8/zabbix_agent_selinux.8
-@@ -0,0 +1,139 @@
-+.TH "zabbix_agent_selinux" "8" "zabbix_agent" "dwalsh at redhat.com" "zabbix_agent SELinux Policy documentation"
+@@ -0,0 +1,141 @@
++.TH "zabbix_agent_selinux" "8" "12-10-19" "zabbix_agent" "SELinux Policy documentation for zabbix_agent"
+.SH "NAME"
+zabbix_agent_selinux \- Security Enhanced Linux Policy for the zabbix_agent processes
+.SH "DESCRIPTION"
@@ -104910,19 +106651,21 @@ index 0000000..2bf4770
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), zabbix_agent(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), zabbix_agent(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, zabbix_selinux(8), zabbix_selinux(8)
\ No newline at end of file
diff --git a/man/man8/zabbix_selinux.8 b/man/man8/zabbix_selinux.8
new file mode 100644
-index 0000000..fe28380
+index 0000000..e29a734
--- /dev/null
+++ b/man/man8/zabbix_selinux.8
-@@ -0,0 +1,245 @@
-+.TH "zabbix_selinux" "8" "zabbix" "dwalsh at redhat.com" "zabbix SELinux Policy documentation"
+@@ -0,0 +1,253 @@
++.TH "zabbix_selinux" "8" "12-10-19" "zabbix" "SELinux Policy documentation for zabbix"
+.SH "NAME"
+zabbix_selinux \- Security Enhanced Linux Policy for the zabbix processes
+.SH "DESCRIPTION"
@@ -104940,7 +106683,7 @@ index 0000000..fe28380
+
+The zabbix_t SELinux type can be entered via the "zabbix_exec_t" file type. The default entrypoint paths for the zabbix_t domain are the following:"
+
-+/usr/sbin/zabbix_server_pgsql, /usr/sbin/zabbix_server_sqlite3, /usr/sbin/zabbix_server_mysql, /usr/(s)?bin/zabbix_server
++/usr/(s)?bin/zabbix_server, /usr/sbin/zabbix_server_mysql, /usr/sbin/zabbix_server_pgsql, /usr/sbin/zabbix_server_sqlite3
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -104977,6 +106720,20 @@ index 0000000..fe28380
+.B setsebool -P httpd_can_connect_zabbix 1
+.EE
+
++.PP
++If you want to allow zabbix to connect to unreserved ports, you must turn on the zabbix_can_network boolean.
++
++.EX
++.B setsebool -P zabbix_can_network 1
++.EE
++
++.PP
++If you want to allow http daemon to connect to zabbix, you must turn on the httpd_can_connect_zabbix boolean.
++
++.EX
++.B setsebool -P httpd_can_connect_zabbix 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -105011,10 +106768,6 @@ index 0000000..fe28380
+
+- Set files with the zabbix_exec_t type, if you want to transition an executable to the zabbix_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/zabbix_server_pgsql, /usr/sbin/zabbix_server_sqlite3, /usr/sbin/zabbix_server_mysql, /usr/(s)?bin/zabbix_server
+
+.EX
+.PP
@@ -105023,10 +106776,6 @@ index 0000000..fe28380
+
+- Set files with the zabbix_initrc_exec_t type, if you want to transition an executable to the zabbix_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/zabbix-server, /etc/rc\.d/init\.d/zabbix
+
+.EX
+.PP
@@ -105162,19 +106911,21 @@ index 0000000..fe28380
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), zabbix(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), zabbix(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8), zabbix_agent_selinux(8)
\ No newline at end of file
diff --git a/man/man8/zarafa_deliver_selinux.8 b/man/man8/zarafa_deliver_selinux.8
new file mode 100644
-index 0000000..02984bb
+index 0000000..999019a
--- /dev/null
+++ b/man/man8/zarafa_deliver_selinux.8
-@@ -0,0 +1,143 @@
-+.TH "zarafa_deliver_selinux" "8" "zarafa_deliver" "dwalsh at redhat.com" "zarafa_deliver SELinux Policy documentation"
+@@ -0,0 +1,145 @@
++.TH "zarafa_deliver_selinux" "8" "12-10-19" "zarafa_deliver" "SELinux Policy documentation for zarafa_deliver"
+.SH "NAME"
+zarafa_deliver_selinux \- Security Enhanced Linux Policy for the zarafa_deliver processes
+.SH "DESCRIPTION"
@@ -105312,19 +107063,21 @@ index 0000000..02984bb
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), zarafa_deliver(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), zarafa_deliver(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, zarafa_gateway_selinux(8), zarafa_ical_selinux(8), zarafa_indexer_selinux(8), zarafa_monitor_selinux(8), zarafa_server_selinux(8), zarafa_spooler_selinux(8)
\ No newline at end of file
diff --git a/man/man8/zarafa_gateway_selinux.8 b/man/man8/zarafa_gateway_selinux.8
new file mode 100644
-index 0000000..9f02f0d
+index 0000000..16db6c2
--- /dev/null
+++ b/man/man8/zarafa_gateway_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "zarafa_gateway_selinux" "8" "zarafa_gateway" "dwalsh at redhat.com" "zarafa_gateway SELinux Policy documentation"
+@@ -0,0 +1,133 @@
++.TH "zarafa_gateway_selinux" "8" "12-10-19" "zarafa_gateway" "SELinux Policy documentation for zarafa_gateway"
+.SH "NAME"
+zarafa_gateway_selinux \- Security Enhanced Linux Policy for the zarafa_gateway processes
+.SH "DESCRIPTION"
@@ -105450,19 +107203,21 @@ index 0000000..9f02f0d
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), zarafa_gateway(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), zarafa_gateway(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, zarafa_deliver_selinux(8), zarafa_ical_selinux(8), zarafa_indexer_selinux(8), zarafa_monitor_selinux(8), zarafa_server_selinux(8), zarafa_spooler_selinux(8)
\ No newline at end of file
diff --git a/man/man8/zarafa_ical_selinux.8 b/man/man8/zarafa_ical_selinux.8
new file mode 100644
-index 0000000..dfaee0b
+index 0000000..13e9318
--- /dev/null
+++ b/man/man8/zarafa_ical_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "zarafa_ical_selinux" "8" "zarafa_ical" "dwalsh at redhat.com" "zarafa_ical SELinux Policy documentation"
+@@ -0,0 +1,133 @@
++.TH "zarafa_ical_selinux" "8" "12-10-19" "zarafa_ical" "SELinux Policy documentation for zarafa_ical"
+.SH "NAME"
+zarafa_ical_selinux \- Security Enhanced Linux Policy for the zarafa_ical processes
+.SH "DESCRIPTION"
@@ -105588,19 +107343,21 @@ index 0000000..dfaee0b
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), zarafa_ical(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), zarafa_ical(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, zarafa_deliver_selinux(8), zarafa_gateway_selinux(8), zarafa_indexer_selinux(8), zarafa_monitor_selinux(8), zarafa_server_selinux(8), zarafa_spooler_selinux(8)
\ No newline at end of file
diff --git a/man/man8/zarafa_indexer_selinux.8 b/man/man8/zarafa_indexer_selinux.8
new file mode 100644
-index 0000000..f8b62a7
+index 0000000..134742c
--- /dev/null
+++ b/man/man8/zarafa_indexer_selinux.8
-@@ -0,0 +1,157 @@
-+.TH "zarafa_indexer_selinux" "8" "zarafa_indexer" "dwalsh at redhat.com" "zarafa_indexer SELinux Policy documentation"
+@@ -0,0 +1,155 @@
++.TH "zarafa_indexer_selinux" "8" "12-10-19" "zarafa_indexer" "SELinux Policy documentation for zarafa_indexer"
+.SH "NAME"
+zarafa_indexer_selinux \- Security Enhanced Linux Policy for the zarafa_indexer processes
+.SH "DESCRIPTION"
@@ -105679,10 +107436,6 @@ index 0000000..f8b62a7
+
+- Set files with the zarafa_indexer_var_run_t type, if you want to store the zarafa indexer files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/zarafa-indexer\.pid, /var/run/zarafa-indexer
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -105752,19 +107505,21 @@ index 0000000..f8b62a7
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), zarafa_indexer(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), zarafa_indexer(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, zarafa_deliver_selinux(8), zarafa_gateway_selinux(8), zarafa_ical_selinux(8), zarafa_monitor_selinux(8), zarafa_server_selinux(8), zarafa_spooler_selinux(8)
\ No newline at end of file
diff --git a/man/man8/zarafa_monitor_selinux.8 b/man/man8/zarafa_monitor_selinux.8
new file mode 100644
-index 0000000..1cf00e8
+index 0000000..5af4d2c
--- /dev/null
+++ b/man/man8/zarafa_monitor_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "zarafa_monitor_selinux" "8" "zarafa_monitor" "dwalsh at redhat.com" "zarafa_monitor SELinux Policy documentation"
+@@ -0,0 +1,133 @@
++.TH "zarafa_monitor_selinux" "8" "12-10-19" "zarafa_monitor" "SELinux Policy documentation for zarafa_monitor"
+.SH "NAME"
+zarafa_monitor_selinux \- Security Enhanced Linux Policy for the zarafa_monitor processes
+.SH "DESCRIPTION"
@@ -105890,10 +107645,12 @@ index 0000000..1cf00e8
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), zarafa_monitor(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), zarafa_monitor(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, zarafa_deliver_selinux(8), zarafa_gateway_selinux(8), zarafa_ical_selinux(8), zarafa_indexer_selinux(8), zarafa_server_selinux(8), zarafa_spooler_selinux(8)
\ No newline at end of file
diff --git a/man/man8/zarafa_selinux.8 b/man/man8/zarafa_selinux.8
@@ -106070,11 +107827,11 @@ index 0000000..23c13e3
\ No newline at end of file
diff --git a/man/man8/zarafa_server_selinux.8 b/man/man8/zarafa_server_selinux.8
new file mode 100644
-index 0000000..56362e1
+index 0000000..a24c2a3
--- /dev/null
+++ b/man/man8/zarafa_server_selinux.8
-@@ -0,0 +1,157 @@
-+.TH "zarafa_server_selinux" "8" "zarafa_server" "dwalsh at redhat.com" "zarafa_server SELinux Policy documentation"
+@@ -0,0 +1,155 @@
++.TH "zarafa_server_selinux" "8" "12-10-19" "zarafa_server" "SELinux Policy documentation for zarafa_server"
+.SH "NAME"
+zarafa_server_selinux \- Security Enhanced Linux Policy for the zarafa_server processes
+.SH "DESCRIPTION"
@@ -106153,10 +107910,6 @@ index 0000000..56362e1
+
+- Set files with the zarafa_server_var_run_t type, if you want to store the zarafa server files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/zarafa, /var/run/zarafa-server\.pid
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -106226,19 +107979,21 @@ index 0000000..56362e1
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), zarafa_server(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), zarafa_server(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, zarafa_deliver_selinux(8), zarafa_gateway_selinux(8), zarafa_ical_selinux(8), zarafa_indexer_selinux(8), zarafa_monitor_selinux(8), zarafa_spooler_selinux(8)
\ No newline at end of file
diff --git a/man/man8/zarafa_spooler_selinux.8 b/man/man8/zarafa_spooler_selinux.8
new file mode 100644
-index 0000000..ca48227
+index 0000000..528d5b5
--- /dev/null
+++ b/man/man8/zarafa_spooler_selinux.8
-@@ -0,0 +1,131 @@
-+.TH "zarafa_spooler_selinux" "8" "zarafa_spooler" "dwalsh at redhat.com" "zarafa_spooler SELinux Policy documentation"
+@@ -0,0 +1,133 @@
++.TH "zarafa_spooler_selinux" "8" "12-10-19" "zarafa_spooler" "SELinux Policy documentation for zarafa_spooler"
+.SH "NAME"
+zarafa_spooler_selinux \- Security Enhanced Linux Policy for the zarafa_spooler processes
+.SH "DESCRIPTION"
@@ -106364,19 +108119,21 @@ index 0000000..ca48227
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), zarafa_spooler(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), zarafa_spooler(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, zarafa_deliver_selinux(8), zarafa_gateway_selinux(8), zarafa_ical_selinux(8), zarafa_indexer_selinux(8), zarafa_monitor_selinux(8), zarafa_server_selinux(8)
\ No newline at end of file
diff --git a/man/man8/zebra_selinux.8 b/man/man8/zebra_selinux.8
new file mode 100644
-index 0000000..83bafcb
+index 0000000..0a1e3d2
--- /dev/null
+++ b/man/man8/zebra_selinux.8
-@@ -0,0 +1,209 @@
-+.TH "zebra_selinux" "8" "zebra" "dwalsh at redhat.com" "zebra SELinux Policy documentation"
+@@ -0,0 +1,198 @@
++.TH "zebra_selinux" "8" "12-10-19" "zebra" "SELinux Policy documentation for zebra"
+.SH "NAME"
+zebra_selinux \- Security Enhanced Linux Policy for the zebra processes
+.SH "DESCRIPTION"
@@ -106394,7 +108151,7 @@ index 0000000..83bafcb
+
+The zebra_t SELinux type can be entered via the "zebra_exec_t" file type. The default entrypoint paths for the zebra_t domain are the following:"
+
-+/usr/sbin/zebra, /usr/sbin/rip.*, /usr/sbin/bgpd, /usr/sbin/ospf.*
++/usr/sbin/rip.*, /usr/sbin/ospf.*, /usr/sbin/bgpd, /usr/sbin/zebra
+.SH PROCESS TYPES
+SELinux defines process types (domains) for each process running on the system
+.PP
@@ -106424,6 +108181,13 @@ index 0000000..83bafcb
+.B setsebool -P zebra_write_config 1
+.EE
+
++.PP
++If you want to allow zebra daemon to write it configuration files, you must turn on the zebra_write_config boolean.
++
++.EX
++.B setsebool -P zebra_write_config 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -106442,10 +108206,6 @@ index 0000000..83bafcb
+
+- Set files with the zebra_conf_t type, if you want to treat the files as zebra configuration data, usually stored under the /etc directory.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/zebra(/.*)?, /etc/quagga(/.*)?
+
+.EX
+.PP
@@ -106454,10 +108214,6 @@ index 0000000..83bafcb
+
+- Set files with the zebra_exec_t type, if you want to transition an executable to the zebra_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/sbin/zebra, /usr/sbin/rip.*, /usr/sbin/bgpd, /usr/sbin/ospf.*
+
+.EX
+.PP
@@ -106466,10 +108222,6 @@ index 0000000..83bafcb
+
+- Set files with the zebra_initrc_exec_t type, if you want to transition an executable to the zebra_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/ripd, /etc/rc\.d/init\.d/ripngd, /etc/rc\.d/init\.d/zebra, /etc/rc\.d/init\.d/bgpd, /etc/rc\.d/init\.d/ospf6d, /etc/rc\.d/init\.d/ospfd
+
+.EX
+.PP
@@ -106478,10 +108230,6 @@ index 0000000..83bafcb
+
+- Set files with the zebra_log_t type, if you want to treat the data as zebra log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/quagga(/.*)?, /var/log/zebra(/.*)?
+
+.EX
+.PP
@@ -106498,10 +108246,6 @@ index 0000000..83bafcb
+
+- Set files with the zebra_var_run_t type, if you want to store the zebra files under the /run directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/run/\.zserv, /var/run/\.zebra, /var/run/quagga(/.*)?
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -106580,19 +108324,21 @@ index 0000000..83bafcb
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), zebra(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), zebra(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+, setsebool(8)
\ No newline at end of file
diff --git a/man/man8/zoneminder_selinux.8 b/man/man8/zoneminder_selinux.8
new file mode 100644
-index 0000000..ad7bea0
+index 0000000..f428c2c
--- /dev/null
+++ b/man/man8/zoneminder_selinux.8
-@@ -0,0 +1,224 @@
-+.TH "zoneminder_selinux" "8" "zoneminder" "dwalsh at redhat.com" "zoneminder SELinux Policy documentation"
+@@ -0,0 +1,217 @@
++.TH "zoneminder_selinux" "8" "12-10-19" "zoneminder" "SELinux Policy documentation for zoneminder"
+.SH "NAME"
+zoneminder_selinux \- Security Enhanced Linux Policy for the zoneminder processes
+.SH "DESCRIPTION"
@@ -106655,6 +108401,13 @@ index 0000000..ad7bea0
+.B setsebool -P zoneminder_anon_write 1
+.EE
+
++.PP
++If you want to allow ZoneMinder to modify public files used for public file transfer services., you must turn on the zoneminder_anon_write boolean.
++
++.EX
++.B setsebool -P zoneminder_anon_write 1
++.EE
++
+.SH FILE CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+.PP
@@ -106673,10 +108426,6 @@ index 0000000..ad7bea0
+
+- Set files with the zoneminder_exec_t type, if you want to transition an executable to the zoneminder_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/usr/bin/zmpkg.pl, /usr/bin/motion
+
+.EX
+.PP
@@ -106685,10 +108434,6 @@ index 0000000..ad7bea0
+
+- Set files with the zoneminder_initrc_exec_t type, if you want to transition an executable to the zoneminder_initrc_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/etc/rc\.d/init\.d/motion, /etc/rc\.d/init\.d/zoneminder
+
+.EX
+.PP
@@ -106697,10 +108442,6 @@ index 0000000..ad7bea0
+
+- Set files with the zoneminder_log_t type, if you want to treat the data as zoneminder log data, usually stored under the /var/log directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/log/zoneminder(/.*)?, /var/log/motion\.log.*
+
+.EX
+.PP
@@ -106725,10 +108466,6 @@ index 0000000..ad7bea0
+
+- Set files with the zoneminder_var_lib_t type, if you want to store the zoneminder files under the /var/lib directory.
+
-+.br
-+.TP 5
-+Paths:
-+/var/lib/zoneminder(/.*)?, /var/motion(/.*)?
+
+.EX
+.PP
@@ -106812,17 +108549,19 @@ index 0000000..ad7bea0
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), zoneminder(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), zoneminder(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/man/man8/zos_remote_selinux.8 b/man/man8/zos_remote_selinux.8
new file mode 100644
-index 0000000..c23c4a6
+index 0000000..7022c9b
--- /dev/null
+++ b/man/man8/zos_remote_selinux.8
-@@ -0,0 +1,106 @@
-+.TH "zos_remote_selinux" "8" "zos_remote" "dwalsh at redhat.com" "zos_remote SELinux Policy documentation"
+@@ -0,0 +1,100 @@
++.TH "zos_remote_selinux" "8" "12-10-19" "zos_remote" "SELinux Policy documentation for zos_remote"
+.SH "NAME"
+zos_remote_selinux \- Security Enhanced Linux Policy for the zos_remote processes
+.SH "DESCRIPTION"
@@ -106877,10 +108616,6 @@ index 0000000..c23c4a6
+
+- Set files with the zos_remote_exec_t type, if you want to transition an executable to the zos_remote_t domain.
+
-+.br
-+.TP 5
-+Paths:
-+/sbin/audispd-zos-remote, /usr/sbin/audispd-zos-remote
+
+.PP
+Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the
@@ -106889,10 +108624,6 @@ index 0000000..c23c4a6
+.B restorecon
+to apply the labels.
+
-+.SH "MANAGED FILES"
-+
-+The SELinux process type zos_remote_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions.
-+
+.SH NSSWITCH DOMAIN
+
+.PP
@@ -106924,10 +108655,12 @@ index 0000000..c23c4a6
+is a GUI tool available to customize SELinux policy settings.
+
+.SH AUTHOR
-+This manual page was auto-generated by genman.py.
++This manual page was auto-generated using
++.B "sepolicy manpage"
++by Daniel J Walsh.
+
+.SH "SEE ALSO"
-+selinux(8), zos_remote(8), semanage(8), restorecon(8), chcon(1)
++selinux(8), zos_remote(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
diff --git a/policy/constraints b/policy/constraints
index 3a45f23..f4754f0 100644
--- a/policy/constraints
@@ -107782,7 +109515,7 @@ index c6ca761..0c86bfd 100644
')
diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
-index e0791b9..94024ca 100644
+index e0791b9..dc115e8 100644
--- a/policy/modules/admin/netutils.te
+++ b/policy/modules/admin/netutils.te
@@ -7,10 +7,10 @@ policy_module(netutils, 1.11.0)
@@ -107798,7 +109531,13 @@ index e0791b9..94024ca 100644
type netutils_t;
type netutils_exec_t;
-@@ -41,6 +41,7 @@ allow netutils_t self:packet_socket create_socket_perms;
+@@ -36,11 +36,13 @@ init_system_domain(traceroute_t, traceroute_exec_t)
+ allow netutils_t self:capability { net_admin net_raw setuid setgid };
+ dontaudit netutils_t self:capability sys_tty_config;
+ allow netutils_t self:process signal_perms;
++allow netutils_t self:process setcap;
+ allow netutils_t self:netlink_route_socket create_netlink_socket_perms;
+ allow netutils_t self:packet_socket create_socket_perms;
allow netutils_t self:udp_socket create_socket_perms;
allow netutils_t self:tcp_socket create_stream_socket_perms;
allow netutils_t self:socket create_socket_perms;
@@ -107806,7 +109545,7 @@ index e0791b9..94024ca 100644
manage_dirs_pattern(netutils_t, netutils_tmp_t, netutils_tmp_t)
manage_files_pattern(netutils_t, netutils_tmp_t, netutils_tmp_t)
-@@ -48,8 +49,9 @@ files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
+@@ -48,8 +50,9 @@ files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
kernel_search_proc(netutils_t)
kernel_read_all_sysctls(netutils_t)
@@ -107817,7 +109556,7 @@ index e0791b9..94024ca 100644
corenet_all_recvfrom_netlabel(netutils_t)
corenet_tcp_sendrecv_generic_if(netutils_t)
corenet_raw_sendrecv_generic_if(netutils_t)
-@@ -64,6 +66,9 @@ corenet_sendrecv_all_client_packets(netutils_t)
+@@ -64,6 +67,9 @@ corenet_sendrecv_all_client_packets(netutils_t)
corenet_udp_bind_generic_node(netutils_t)
dev_read_sysfs(netutils_t)
@@ -107827,7 +109566,7 @@ index e0791b9..94024ca 100644
fs_getattr_xattr_fs(netutils_t)
-@@ -80,10 +85,9 @@ auth_use_nsswitch(netutils_t)
+@@ -80,10 +86,9 @@ auth_use_nsswitch(netutils_t)
logging_send_syslog_msg(netutils_t)
@@ -107839,7 +109578,7 @@ index e0791b9..94024ca 100644
userdom_use_all_users_fds(netutils_t)
optional_policy(`
-@@ -104,13 +108,14 @@ optional_policy(`
+@@ -104,13 +109,14 @@ optional_policy(`
#
allow ping_t self:capability { setuid net_raw };
@@ -107855,7 +109594,7 @@ index e0791b9..94024ca 100644
corenet_all_recvfrom_netlabel(ping_t)
corenet_tcp_sendrecv_generic_if(ping_t)
corenet_raw_sendrecv_generic_if(ping_t)
-@@ -130,11 +135,9 @@ kernel_read_system_state(ping_t)
+@@ -130,11 +136,9 @@ kernel_read_system_state(ping_t)
auth_use_nsswitch(ping_t)
@@ -107869,7 +109608,7 @@ index e0791b9..94024ca 100644
ifdef(`hide_broken_symptoms',`
init_dontaudit_use_fds(ping_t)
-@@ -145,11 +148,25 @@ ifdef(`hide_broken_symptoms',`
+@@ -145,11 +149,25 @@ ifdef(`hide_broken_symptoms',`
')
')
@@ -107895,7 +109634,7 @@ index e0791b9..94024ca 100644
pcmcia_use_cardmgr_fds(ping_t)
')
-@@ -157,6 +174,14 @@ optional_policy(`
+@@ -157,6 +175,14 @@ optional_policy(`
hotplug_use_fds(ping_t)
')
@@ -107910,7 +109649,7 @@ index e0791b9..94024ca 100644
########################################
#
# Traceroute local policy
-@@ -170,7 +195,6 @@ allow traceroute_t self:udp_socket create_socket_perms;
+@@ -170,7 +196,6 @@ allow traceroute_t self:udp_socket create_socket_perms;
kernel_read_system_state(traceroute_t)
kernel_read_network_state(traceroute_t)
@@ -107918,7 +109657,7 @@ index e0791b9..94024ca 100644
corenet_all_recvfrom_netlabel(traceroute_t)
corenet_tcp_sendrecv_generic_if(traceroute_t)
corenet_udp_sendrecv_generic_if(traceroute_t)
-@@ -194,6 +218,7 @@ fs_dontaudit_getattr_xattr_fs(traceroute_t)
+@@ -194,6 +219,7 @@ fs_dontaudit_getattr_xattr_fs(traceroute_t)
domain_use_interactive_fds(traceroute_t)
files_read_etc_files(traceroute_t)
@@ -107926,7 +109665,7 @@ index e0791b9..94024ca 100644
files_dontaudit_search_var(traceroute_t)
init_use_fds(traceroute_t)
-@@ -202,11 +227,17 @@ auth_use_nsswitch(traceroute_t)
+@@ -202,11 +228,17 @@ auth_use_nsswitch(traceroute_t)
logging_send_syslog_msg(traceroute_t)
@@ -135157,7 +136896,7 @@ index 3822072..702e0e0 100644
+ logging_send_syslog_msg($1)
+')
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
-index ec01d0b..fd0967d 100644
+index ec01d0b..9785bbb 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -11,14 +11,17 @@ gen_require(`
@@ -135295,13 +137034,13 @@ index ec01d0b..fd0967d 100644
userdom_use_all_users_fds(checkpolicy_t)
ifdef(`distro_ubuntu',`
-@@ -188,13 +215,14 @@ term_list_ptys(load_policy_t)
+@@ -188,13 +215,13 @@ term_list_ptys(load_policy_t)
init_use_script_fds(load_policy_t)
init_use_script_ptys(load_policy_t)
-+init_write_script_pipes(load_policy_t)
-
+-
-miscfiles_read_localization(load_policy_t)
++init_write_script_pipes(load_policy_t)
seutil_libselinux_linked(load_policy_t)
@@ -135312,7 +137051,7 @@ index ec01d0b..fd0967d 100644
ifdef(`distro_ubuntu',`
optional_policy(`
-@@ -205,6 +233,7 @@ ifdef(`distro_ubuntu',`
+@@ -205,6 +232,7 @@ ifdef(`distro_ubuntu',`
ifdef(`hide_broken_symptoms',`
# cjp: cover up stray file descriptors.
dontaudit load_policy_t selinux_config_t:file write;
@@ -135320,7 +137059,17 @@ index ec01d0b..fd0967d 100644
optional_policy(`
unconfined_dontaudit_read_pipes(load_policy_t)
-@@ -220,7 +249,7 @@ optional_policy(`
+@@ -215,12 +243,17 @@ optional_policy(`
+ portage_dontaudit_use_fds(load_policy_t)
+ ')
+
++optional_policy(`
++ # pki is leaking
++ pki_dontaudit_write_log(load_policy_t)
++')
++
+ ########################################
+ #
# Newrole local policy
#
@@ -135329,7 +137078,7 @@ index ec01d0b..fd0967d 100644
allow newrole_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
allow newrole_t self:process setexec;
allow newrole_t self:fd use;
-@@ -232,7 +261,7 @@ allow newrole_t self:msgq create_msgq_perms;
+@@ -232,7 +265,7 @@ allow newrole_t self:msgq create_msgq_perms;
allow newrole_t self:msg { send receive };
allow newrole_t self:unix_dgram_socket sendto;
allow newrole_t self:unix_stream_socket { create_stream_socket_perms connectto };
@@ -135338,7 +137087,7 @@ index ec01d0b..fd0967d 100644
read_files_pattern(newrole_t, default_context_t, default_context_t)
read_lnk_files_pattern(newrole_t, default_context_t, default_context_t)
-@@ -249,6 +278,7 @@ domain_use_interactive_fds(newrole_t)
+@@ -249,6 +282,7 @@ domain_use_interactive_fds(newrole_t)
# for when the user types "exec newrole" at the command line:
domain_sigchld_interactive_fds(newrole_t)
@@ -135346,7 +137095,7 @@ index ec01d0b..fd0967d 100644
files_read_etc_files(newrole_t)
files_read_var_files(newrole_t)
files_read_var_symlinks(newrole_t)
-@@ -276,25 +306,38 @@ term_relabel_all_ptys(newrole_t)
+@@ -276,25 +310,38 @@ term_relabel_all_ptys(newrole_t)
term_getattr_unallocated_ttys(newrole_t)
term_dontaudit_use_unallocated_ttys(newrole_t)
@@ -135392,7 +137141,7 @@ index ec01d0b..fd0967d 100644
ifdef(`distro_ubuntu',`
optional_policy(`
unconfined_domain(newrole_t)
-@@ -309,7 +352,7 @@ if(secure_mode) {
+@@ -309,7 +356,7 @@ if(secure_mode) {
userdom_spec_domtrans_all_users(newrole_t)
}
@@ -135401,7 +137150,7 @@ index ec01d0b..fd0967d 100644
files_polyinstantiate_all(newrole_t)
')
-@@ -328,9 +371,13 @@ kernel_use_fds(restorecond_t)
+@@ -328,9 +375,13 @@ kernel_use_fds(restorecond_t)
kernel_rw_pipes(restorecond_t)
kernel_read_system_state(restorecond_t)
@@ -135416,7 +137165,7 @@ index ec01d0b..fd0967d 100644
fs_list_inotifyfs(restorecond_t)
selinux_validate_context(restorecond_t)
-@@ -341,16 +388,17 @@ selinux_compute_user_contexts(restorecond_t)
+@@ -341,16 +392,17 @@ selinux_compute_user_contexts(restorecond_t)
files_relabel_non_auth_files(restorecond_t )
files_read_non_auth_files(restorecond_t)
@@ -135436,7 +137185,7 @@ index ec01d0b..fd0967d 100644
ifdef(`distro_ubuntu',`
optional_policy(`
unconfined_domain(restorecond_t)
-@@ -366,21 +414,24 @@ optional_policy(`
+@@ -366,21 +418,24 @@ optional_policy(`
# Run_init local policy
#
@@ -135463,7 +137212,7 @@ index ec01d0b..fd0967d 100644
dev_dontaudit_list_all_dev_nodes(run_init_t)
domain_use_interactive_fds(run_init_t)
-@@ -398,23 +449,30 @@ selinux_compute_create_context(run_init_t)
+@@ -398,23 +453,30 @@ selinux_compute_create_context(run_init_t)
selinux_compute_relabel_context(run_init_t)
selinux_compute_user_contexts(run_init_t)
@@ -135499,7 +137248,7 @@ index ec01d0b..fd0967d 100644
ifndef(`direct_sysadm_daemon',`
ifdef(`distro_gentoo',`
-@@ -425,6 +483,19 @@ ifndef(`direct_sysadm_daemon',`
+@@ -425,6 +487,19 @@ ifndef(`direct_sysadm_daemon',`
')
')
@@ -135519,7 +137268,7 @@ index ec01d0b..fd0967d 100644
ifdef(`distro_ubuntu',`
optional_policy(`
unconfined_domain(run_init_t)
-@@ -440,81 +511,87 @@ optional_policy(`
+@@ -440,81 +515,87 @@ optional_policy(`
# semodule local policy
#
@@ -135563,16 +137312,16 @@ index ec01d0b..fd0967d 100644
+can_exec(semanage_t, semanage_exec_t)
-term_use_all_terms(semanage_t)
-+# Admins are creating pp files in random locations
-+files_read_non_security_files(semanage_t)
-
+-
-# Running genhomedircon requires this for finding all users
-auth_use_nsswitch(semanage_t)
-
-locallogin_use_fds(semanage_t)
-
-logging_send_syslog_msg(semanage_t)
--
++# Admins are creating pp files in random locations
++files_read_non_security_files(semanage_t)
+
-miscfiles_read_localization(semanage_t)
-
-seutil_libselinux_linked(semanage_t)
@@ -135660,7 +137409,7 @@ index ec01d0b..fd0967d 100644
')
########################################
-@@ -522,108 +599,173 @@ ifdef(`distro_ubuntu',`
+@@ -522,108 +603,178 @@ ifdef(`distro_ubuntu',`
# Setfiles local policy
#
@@ -135739,12 +137488,17 @@ index ec01d0b..fd0967d 100644
+')
+
+optional_policy(`
-+ xserver_append_xdm_tmp_files(setfiles_t)
++ # pki is leaking
++ pki_dontaudit_write_log(setfiles_t)
+')
+
-+ifdef(`hide_broken_symptoms',`
++optional_policy(`
++ xserver_append_xdm_tmp_files(setfiles_t)
++')
-seutil_libselinux_linked(setfiles_t)
++ifdef(`hide_broken_symptoms',`
++
+ optional_policy(`
+ setroubleshoot_fixit_dontaudit_leaks(setfiles_t)
+ setroubleshoot_fixit_dontaudit_leaks(setsebool_t)
diff --git a/policy_contrib-rawhide.patch b/policy_contrib-rawhide.patch
index 2d8c4b6..4f753b3 100644
--- a/policy_contrib-rawhide.patch
+++ b/policy_contrib-rawhide.patch
@@ -40808,10 +40808,10 @@ index 0000000..a437f80
+files_read_config_files(openshift_domain)
diff --git a/openshift.fc b/openshift.fc
new file mode 100644
-index 0000000..817a3a9
+index 0000000..fbadaba
--- /dev/null
+++ b/openshift.fc
-@@ -0,0 +1,23 @@
+@@ -0,0 +1,24 @@
+/etc/rc\.d/init\.d/libra gen_context(system_u:object_r:openshift_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/mcollective gen_context(system_u:object_r:openshift_initrc_exec_t,s0)
+
@@ -40832,6 +40832,7 @@ index 0000000..817a3a9
+/usr/bin/(oo|rhc)-restorer -- gen_context(system_u:object_r:openshift_initrc_exec_t,s0)
+/usr/bin/(oo|rhc)-restorer-wrapper.sh -- gen_context(unconfined_u:object_r:httpd_openshift_script_exec_t,s0)
+/usr/bin/oo-admin-ctl-gears -- gen_context(system_u:object_r:openshift_initrc_exec_t,s0)
++/usr/sbin/mcollectived -- gen_context(system_u:object_r:openshift_initrc_exec_t,s0)
+
+/var/run/stickshift(/.*)? gen_context(system_u:object_r:openshift_var_run_t,s0)
+/var/run/openshift(/.*)? gen_context(system_u:object_r:openshift_var_run_t,s0)
@@ -43843,10 +43844,10 @@ index 0000000..9ab2c4d
+logging_send_syslog_msg(pkcsslotd_t)
diff --git a/pki.fc b/pki.fc
new file mode 100644
-index 0000000..de2d337
+index 0000000..24087ed
--- /dev/null
+++ b/pki.fc
-@@ -0,0 +1,54 @@
+@@ -0,0 +1,55 @@
+/etc/pki/pki-tomcat(/.*)? gen_context(system_u:object_r:pki_tomcat_etc_rw_t,s0)
+/var/lib/pki/pki-tomcat(/.*)? gen_context(system_u:object_r:pki_tomcat_var_lib_t,s0)
+/var/run/pki/tomcat(/.*)? gen_context(system_u:object_r:pki_tomcat_var_run_t,s0)
@@ -43900,13 +43901,14 @@ index 0000000..de2d337
+
+/var/lock/subsys/pkidaemon -- gen_context(system_u:object_r:pki_tomcat_lock_t,s0)
+
-+/usr/lib/systemd/system/pki-tomcatd at .service -- gen_context(system_u:object_r:pki_tomcat_unit_file_t,s0)
++/etc/systemd/system/pki-tomcatd\.target\.wants/pki-tomcat.* -l gen_context(system_u:object_r:pki_tomcat_unit_file_t,s0)
++/usr/lib/systemd/system/pki-tomcat.* -- gen_context(system_u:object_r:pki_tomcat_unit_file_t,s0)
diff --git a/pki.if b/pki.if
new file mode 100644
-index 0000000..2e2927f
+index 0000000..7104911
--- /dev/null
+++ b/pki.if
-@@ -0,0 +1,228 @@
+@@ -0,0 +1,246 @@
+
+## <summary>policy for pki</summary>
+########################################
@@ -44097,6 +44099,24 @@ index 0000000..2e2927f
+ manage_lnk_files_pattern($1, pki_apache_var_lib, pki_apache_var_lib)
+')
+
++##################################
++## <summary>
++## Dontaudit domain to write pki log files
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`pki_dontaudit_write_log',`
++ gen_require(`
++ type pki_log_t;
++ ')
++
++ dontaudit $1 pki_log_t:file write;
++')
++
+###################################
+## <summary>
+## Allow domain to manage pki apache subsystem log files
@@ -44137,10 +44157,10 @@ index 0000000..2e2927f
+
diff --git a/pki.te b/pki.te
new file mode 100644
-index 0000000..9e5fd0b
+index 0000000..e15f399
--- /dev/null
+++ b/pki.te
-@@ -0,0 +1,287 @@
+@@ -0,0 +1,288 @@
+policy_module(pki,10.0.11)
+
+########################################
@@ -44238,6 +44258,7 @@ index 0000000..9e5fd0b
+read_files_pattern(pki_tomcat_t, pki_tomcat_unit_file_t,pki_tomcat_unit_file_t)
+read_lnk_files_pattern(pki_tomcat_t, pki_tomcat_unit_file_t, pki_tomcat_unit_file_t)
+allow pki_tomcat_t pki_tomcat_unit_file_t:file setattr;
++allow pki_tomcat_t pki_tomcat_unit_file_t:lnk_file setattr;
+
+# allow java subsystems to talk to the ncipher hsm
+allow pki_tomcat_t pki_common_dev_t:sock_file write;
@@ -60705,7 +60726,7 @@ index 8265278..017b923 100644
smokeping_initrc_domtrans($1)
domain_system_change_exemption($1)
diff --git a/smokeping.te b/smokeping.te
-index 740994a..205cec5 100644
+index 740994a..4bfc780 100644
--- a/smokeping.te
+++ b/smokeping.te
@@ -36,11 +36,10 @@ manage_dirs_pattern(smokeping_t, smokeping_var_lib_t, smokeping_var_lib_t)
@@ -60730,13 +60751,15 @@ index 740994a..205cec5 100644
mta_send_mail(smokeping_t)
netutils_domtrans_ping(smokeping_t)
-@@ -73,5 +70,7 @@ optional_policy(`
+@@ -73,5 +70,9 @@ optional_policy(`
files_search_tmp(httpd_smokeping_cgi_script_t)
files_search_var_lib(httpd_smokeping_cgi_script_t)
+ auth_read_passwd(httpd_smokeping_cgi_script_t)
+
sysnet_dns_name_resolve(httpd_smokeping_cgi_script_t)
++
++ netutils_domtrans_ping(httpd_smokeping_cgi_script_t)
')
diff --git a/smoltclient.te b/smoltclient.te
index bc00875..7dd4e53 100644
diff --git a/selinux-policy.spec b/selinux-policy.spec
index d4547f8..69f84f4 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.11.1
-Release: 41%{?dist}
+Release: 42%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -521,6 +521,14 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Mon Oct 22 2012 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-42
+- pki is leaking which we dontaudit until a pki code fix
+- Allow setcap for arping
+- Update man pages
+- Add labeling for /usr/sbin/mcollectived
+- pki fixes
+- Allow smokeping to execute fping in the netutils_t domain
+
* Fri Oct 19 2012 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-41
- Allow mount to relabelfrom unlabeled file systems
- systemd_logind wants to send and receive messages from devicekit disk over dbus to make connected mouse working
More information about the scm-commits
mailing list