mirror of
https://github.com/SELinuxProject/setools
synced 2025-03-25 04:26:28 +00:00
Improve man pages
- Add missing parameters - Add examples - Fix typos Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
This commit is contained in:
Vit Mojzis
parent
77e64f423a
commit
f53146db6a
@ -81,7 +81,7 @@ A space-separated list of object class criteria for the query.
|
||||
A space-separated list of permissions for the query.
|
||||
|
||||
.PP
|
||||
\fBA least one of the above options must be set in this check.\fR
|
||||
\fBAt least one of the above options must be set in this check.\fR
|
||||
|
||||
.PP
|
||||
Additional Options:
|
||||
@ -123,7 +123,7 @@ The source role criteria for the query.
|
||||
The target role criteria for the query.
|
||||
|
||||
.PP
|
||||
\fBA least one of the above options must be set in this check.\fR
|
||||
\fBAt least one of the above options must be set in this check.\fR
|
||||
|
||||
.PP
|
||||
Additional Options:
|
||||
@ -205,7 +205,7 @@ executable types are read-only.\fR
|
||||
.\}
|
||||
.nf
|
||||
[ro_execs]
|
||||
check_type = empty_typeattr
|
||||
check_type = ro_execs
|
||||
desc = Verify that the all executables and libraries are read-only.
|
||||
.fi
|
||||
.if n \{\
|
||||
|
||||
12
man/sediff.1
12
man/sediff.1
@ -88,6 +88,10 @@ Find differences in validatetrans rules.
|
||||
Find differences in mlsvalidatetrans rules.
|
||||
|
||||
.SS Labeling Statement Differences
|
||||
.IP "--ibendportcon"
|
||||
Find differences in ibendportcon (InfiniBand endport context) statements.
|
||||
.IP "--ibpkeycon"
|
||||
Find differences in ibpkeycon (InfiniBand parition key context) statements.
|
||||
.IP "--initialsid"
|
||||
Find differences in initial SID statements.
|
||||
.IP "--fs_use"
|
||||
@ -140,6 +144,14 @@ For example, a class is modified if one or more permissions are added or removed
|
||||
.RE
|
||||
.PP
|
||||
|
||||
.SH EXAMPLE
|
||||
.nf
|
||||
Show differences in boolean settings
|
||||
# sediff -b /backup/policy.33 /etc/selinux/targeted/policy/policy.33
|
||||
Show statistics for allow and allowxperm rule changes (how many rules where added, removed, or modified)
|
||||
#sediff -A --stats /backup/policy.33 /etc/selinux/targeted/policy/policy.33
|
||||
|
||||
|
||||
.SH AUTHOR
|
||||
Chris PeBenito <pebenito@ieee.org>
|
||||
|
||||
|
||||
@ -49,6 +49,8 @@ Specify the maximum number of domain transitions to output. The default is unlim
|
||||
A space-separated list of types to exclude from the analysis.
|
||||
|
||||
.SS General Options
|
||||
.IP "--full"
|
||||
Print rule lists for transitions.
|
||||
.IP "--stats"
|
||||
Print domain transition graph statistics at the end of the analysis.
|
||||
.IP "-h, --help"
|
||||
@ -60,6 +62,13 @@ Print additional informational messages.
|
||||
.IP "--debug"
|
||||
Enable debugging output.
|
||||
|
||||
.SH EXAMPLE
|
||||
.nf
|
||||
Show the shortest transition paths from httpd_t to unconfined_t, while not using container_runtime_t
|
||||
# sedta -s httpd_t -t unconfined_t -S container_runtime_t
|
||||
List all domain transition paths shorter than 3 steps from init_t to smbd_t
|
||||
# sedta -s init_t -t smbd_t -A 3
|
||||
|
||||
.SH AUTHOR
|
||||
Chris PeBenito <pebenito@ieee.org>
|
||||
|
||||
|
||||
25
man/seinfo.1
25
man/seinfo.1
@ -56,6 +56,10 @@ There is no expanded information for this component.
|
||||
.IP "--genfscon [FS_TYPE]"
|
||||
Print a list of genfscon statements or, if FS_TYPE is provided, print the statement for the named filesystem type.
|
||||
There is no expanded information for this component.
|
||||
.IP "--ibpkeycon [PKEY[-PKEY]]"
|
||||
Print a list of InfiniBand parition key contexts.
|
||||
.IP "--ibendportcon [NAME]"
|
||||
Print a list of InfiniBand endport contexts.
|
||||
.IP "--initialsid [NAME]"
|
||||
Print a list of initial SIDs or, if NAME is provided, print the named initial SID.
|
||||
With \fI-x\fR, print the context assigned to each displayed SID.
|
||||
@ -86,6 +90,18 @@ There is no expanded information for this component.
|
||||
.IP "--all"
|
||||
Print all components.
|
||||
|
||||
.IP "\fB Xen Component Queries: \fR"
|
||||
.IP "--ioportcon"
|
||||
Print all ioportcon statements.
|
||||
.IP "--iomemcon"
|
||||
Print all iomemcon statements.
|
||||
.IP "--pcidevicecon"
|
||||
Print all pcidevicecon statements.
|
||||
.IP "--pirqcon"
|
||||
Print all pirqcon statements.
|
||||
.IP "--devicetreecon"
|
||||
Print all devicetreecon statements.
|
||||
|
||||
.SH OPTIONS
|
||||
.IP "-x, --expand"
|
||||
Print additional details for each component matching the expression.
|
||||
@ -101,6 +117,15 @@ Print additional informational messages.
|
||||
.IP "--debug"
|
||||
Enable debugging output.
|
||||
|
||||
.SH EXAMPLE
|
||||
.nf
|
||||
List aliases of and attributes assigned to type httpd_t
|
||||
# seinfo -t httpd_t -x
|
||||
List all executable types (all types assigned to "exec_type" attribute)
|
||||
# seinfo -a exec_type -x
|
||||
List all constrains and mlsconstrains for class "file"
|
||||
# seinfo --constrain file
|
||||
|
||||
.SH AUTHOR
|
||||
Chris PeBenito <pebenito@ieee.org>
|
||||
|
||||
|
||||
@ -54,6 +54,8 @@ A space-separated list of types to exclude from the analysis.
|
||||
Print information flow graph statistics at the end of the analysis.
|
||||
.IP "-h, --help"
|
||||
Print help information and exit.
|
||||
.IP "--full"
|
||||
Print full rule lists for information flows.
|
||||
.IP "--version"
|
||||
Print version information and exit.
|
||||
.IP "-v, --verbose"
|
||||
@ -61,6 +63,13 @@ Print additional informational messages.
|
||||
.IP "--debug"
|
||||
Enable debugging output.
|
||||
|
||||
.SH EXAMPLE
|
||||
.nf
|
||||
Show the shortest paths for process running as httpd_t to access user home files, using permission map from /var/lib/sepolgen/perm_map
|
||||
# seinfoflow -m /var/lib/sepolgen/perm_map -s httpd_t -t user_home_t -S
|
||||
List all data paths shorter than 3 steps from smbd_t to httpd_log_t, when samba_enable_home_dirs and samba_create_home_dirs booleans are enabled
|
||||
# seinfoflow -m /var/lib/sepolgen/perm_map -s smbd_t -t user_home_t -A 3 -b "samba_enable_home_dirs:true,samba_create_home_dirs:true"
|
||||
|
||||
.SH AUTHOR
|
||||
Chris PeBenito <pebenito@ieee.org>
|
||||
|
||||
|
||||
@ -48,6 +48,7 @@ Find type_change rules.
|
||||
Find role allow rules.
|
||||
.IP "--role_trans"
|
||||
Find role_transition rules.
|
||||
.IP "Note: TE/MLS rule searches cannot be mixed with RBAC rule searches"
|
||||
|
||||
.SS MLS Rule Types
|
||||
.IP "--range_trans"
|
||||
@ -80,6 +81,8 @@ A matching rule must have the specified target attribute/type/role explicitly, i
|
||||
A matching rule must have all specified Booleans, instead of matching any of the specified Boolean.
|
||||
.IP "-ep"
|
||||
A matching rule must have exactly the specified permissions, instead of matching any of the specified permission.
|
||||
.IP "-ex"
|
||||
A matching rule must have exactly the specified extended permissions, instead of matching any listed extended permission.
|
||||
.IP "-Sp"
|
||||
A matching rule must have permissions where are a superset of the specified permissions, instead of matching any of the permissions.
|
||||
.IP "-rs"
|
||||
@ -103,6 +106,15 @@ Print additional informational messages.
|
||||
.IP "--debug"
|
||||
Enable debugging output.
|
||||
|
||||
.SH EXAMPLE
|
||||
.nf
|
||||
List allow (and allowxperm) rules for accessing files labeled container_file_t from domains with attribute container_domain
|
||||
# sesearch -A -s container_domain -t container_file_t -c file
|
||||
List allow and dontaudit rules for accessing chr_files labeled container_file_t, that are controlled by boolean container_use_devices
|
||||
# sesearch -A --dontaudit -t container_file_t -c chr_file -b container_use_devices
|
||||
List dontaudit rules assigned via application_domain_type attribute (rules concerning specific types with that attribute are excluded)
|
||||
# sesearch --dontaudit -s application_domain_type -ds
|
||||
|
||||
.SH AUTHOR
|
||||
Chris PeBenito <pebenito@ieee.org>
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user