Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   14857 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

sediffx(1)							    sediffx(1)

NAME
       sediffx - graphical SELinux policy difference tool

SYNOPSIS
       sediffx [-d] [ORIGINAL_POLICY ; MODIFIED_POLICY]

DESCRIPTION
       sediffx allows the user to graphically inspect the semantic differences
       between two SELinux policies.  All supported policy elements are	 exam‐
       ined.

POLICY
       sediffx supports loading SELinux policies in one of four formats.

       source A	 single	 text  file  containing	 policy source for versions 12
	      through 21. This file is usually named policy.conf.

       binary A single file containing a monolithic kernel binary  policy  for
	      versions	15 through 21. This file is usually named by version -
	      for example, policy.20.

       modular
	      A list of policy packages each containing a loadable policy mod‐
	      ule. The first module listed must be a base module.

       policy list
	      A single text file containing all the information needed to load
	      a policy, usually exported by SETools graphical utilities.

       Policies do not need to be the same format.  If	not  provided  sediffx
       will begin with no policies loaded.

OPTIONS
       -d, --diff-now
	      Load  the	 policies  and	differentiate  them immediately.  This
	      option requires the user to specify the policies on the  command
	      line.

       -h, --help
	      Print help information and exit.

       -V, --version
	      Print version information and exit.

DIFFERENCES
       sediffx	categorizes  differences  in policy elements into one of three
       forms.

	      added  The element exists only in the modified policy.

	      removed
		     The element exists only in the original policy.

	      modified
		     The element exists in  both  policies  but	 its  semantic
		     meaning has changed.  For example, a class is modified if
		     one or more permissions are added or removed.

       For all rules with types as their  source  or  target,  two  additional
       forms of difference are recognized.  This helps distinguish differences
       due to new types from differences in rules for existing types.

	      added, new type
		     The rule exists only in the modified policy; furthermore,
		     one  or more of the types in the rule do not exist in the
		     original policy.

	      removed, missing type
		     The rule exists only in the original policy; furthermore,
		     one  or more of the types in the rule do not exist in the
		     modified policy.

NOTE
       Most shells interpret the semicolon as a metacharacter, thus  requiring
       a backslash like so: sediffx original.policy \; modified.policy

AUTHOR
       This manual page was written by Jeremy A. Mowery <jmowery@tresys.com>.

COPYRIGHT
       Copyright(C) 2005-2007 Tresys Technology, LLC

BUGS
       Please report bugs via an email to setools-bugs@tresys.com.

SEE ALSO
       sediff(1)

								    sediffx(1)

Vote for polarhome