policycoreutils: semanage: update man page with new examples

semanage rocks, so make the man page rock!

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>

policycoreutils/semanage/semanage.8

@@ -1,4 +1,4 @@
-.TH "semanage" "8" "2005111103" "" ""
+.TH "semanage" "8" "20100223" "" ""
 .SH "NAME"
 semanage \- SELinux Policy Management tool
 
@@ -11,35 +11,59 @@ Input local customizations
 .br
 .B semanage [ -S store ] -i [ input_file | - ]
 
-.B semanage {boolean|login|user|port|interface|node|fcontext} \-{l|D} [\-n] [\-S store]
+Manage booleans.  Booleans allow the administrator to modify the confinement of
+processes based on his configuration.
 .br
-.B semanage boolean \-{d|m|D} [\-\-on|\-\-off|\-1|\-0] -F boolean | boolean_file
+.B semanage boolean [\-S store] \-{d|m|l|D} [\-n] [\-\-on|\-\-off|\-\1|\-0] -F boolean | boolean_file
+
+Manage SELinux confined users (Roles and levels for an SELinux user)
 .br
-.B semanage login \-{a|d|m|D} [\-sr] login_name | %groupname
+.B semanage user [\-S store] \-{a|d|m|l|D} [\-LnPrR] selinux_name
+
+Manage login mappings between linux users and SELinux confined users.
+.br
+.B semanage login [\-S store] \-{a|d|m|l|D} [\-nrs] login_name | %groupname
 
 Manage policy modules.
 .br
 .B semanage module [\-S store] \-{a|d|l} [-m [--enable | --disable] ] module_name
+
+Manage network port type definitions
 .br
-.B semanage user \-{a|d|m|D} [\-LrRP] selinux_name
+.B semanage port [\-S store] \-{a|d|m|l|D} [\-nrt] [\-p proto] port | port_range
 .br
-.B semanage port \-{a|d|m|D} [\-tr] [\-p proto] port | port_range
+
+Manage network interface type definitions
 .br
-.B semanage interface \-{a|d|m|D} [\-tr] interface_spec
+.B semanage interface [\-S store] \-{a|d|m|l|D} [\-nrt] interface_spec
+
+Manage network node type definitions
+.br
+.B semanage node [\-S store] -{a|d|m|l|D} [-nrt] [ -p protocol ] [-M netmask] address
 .br
-.B semanage node -{a|d|m|D} [-tr] [ -p protocol ] [-M netmask] address
 
 Manage file context mapping definitions
 .br
-.B semanage fcontext [\-S store] \-{a|d|m|l|n|D} [\-frst] file_spec
+.B semanage fcontext [\-S store] \-{a|d|m|l|D} [\-fnrst] file_spec
 .br
-.B semanage fcontext [\-S store] \-{a|d|m|l|n|D} \-e replacement target
+.B semanage fcontext [\-S store] \-{a|d|m|l|D} [\-n] \-e replacement target
 .br
-.B semanage permissive \-{a|d} type
+
+Manage processes type enforcement mode
 .br
-.B semanage dontaudit [ on | off ]
+.B semanage permissive [\-S store] \-{a|d|l|D} [\-n] type
+.br
+
+Disable/Enable dontaudit rules in policy
+.br
+.B semanage dontaudit [\-S store] [ on | off ]
 .P
 
+Execute multiple commands within a single transaction.
+.br
+.B semanage [\-S store] \-i command-file
+.br
+
 .SH "DESCRIPTION"
 semanage is used to configure certain elements of
 SELinux policy without requiring modification to or recompilation
@@ -83,6 +107,7 @@ Substitute target path with sourcepath when generating default label.  This is u
 fcontext. Requires source and target path arguments.  The context
 labeling for the target subtree is made equivalent to that
 defined for the source.
+.TP
 .I                \-f, \-\-ftype
 File Type.   This is used with fcontext.
 Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
@@ -91,6 +116,7 @@ Requires a file type as shown in the mode field by ls, e.g. use -d to match only
 Set multiple records from the input file.  When used with the \-l \-\-list, it will output the current settings to stdout in the proper format.
 
 Currently booleans only.
+
 .TP
 .I                \-h, \-\-help       
 display this message
@@ -107,6 +133,9 @@ Default SELinux Level for SELinux use, s0 Default. (MLS/MCS Systems only)
 .I                \-m, \-\-modify     
 Modify a OBJECT record NAME
 .TP
+.I                \-M, \-\-mask
+Network Mask
+.TP
 .I                \-n, \-\-noheading  
 Do not print heading when listing OBJECTS.
 .TP
@@ -131,18 +160,22 @@ Select and alternate SELinux store to manage
 .I                \-t, \-\-type       
 SELinux Type for the object
 .TP
-.I                \-i
+.I                \-i, \-\-input
 Take a set of commands from a specified file and load them in a single
 transaction.
 
 .SH EXAMPLE
 .nf
-# View SELinux user mappings
-$ semanage user -l
-# Allow joe to login as staff_u
-$ semanage login -a -s staff_u joe
-# Allow the group clerks to login as user_u
-$ semanage login -a -s user_u %clerks
+.B SELinux user
+List SELinux users
+# semanage user -l
+
+.B SELinux login
+Change joe to login as staff_u
+# semanage login -a -s staff_u joe
+Change the group clerks to login as user_u
+# semanage login -a -s user_u %clerks
+
 .B File contexts
 .i remember to run restorecon after you set the file context
 Add file-context for everything under /web
@@ -159,13 +192,15 @@ execute the following commands.
 # semanage fcontext -a -e /home /disk6/home
 # restorecon -R -v /disk6
 
+.B Port contexts
+Allow Apache to listen on tcp port 81
+# semanage port -a -t http_port_t -p tcp 81
 
-# Allow Apache to listen on port 81
-$ semanage port -a -t http_port_t -p tcp 81
-# Change apache to a permissive domain
-$ semanage permissive -a httpd_t
-# Turn off dontaudit rules
-$ semanage dontaudit off
+.B Change apache to a permissive domain
+# semanage permissive -a httpd_t
+
+.B Turn off dontaudit rules
+# semanage dontaudit off
 
 .B Managing multiple machines
 Multiple machines that need the same customizations.
@@ -179,9 +214,12 @@ to second and import them.
 
 If these customizations include file context, you need to apply the
 context using restorecon.
+
 .fi
 
 .SH "AUTHOR"
-This man page was written by Daniel Walsh <dwalsh@redhat.com> and
-Russell Coker <rcoker@redhat.com>.
+This man page was written by Daniel Walsh <dwalsh@redhat.com>
+.br
+and Russell Coker <rcoker@redhat.com>.
+.br
 Examples by Thomas Bleher <ThomasBleher@gmx.de>.