-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This patch looks good to me. acked. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5D7ZQACgkQrlYvE4MpobOn8wCbBbcxULLRJfVzSi6qL9d93U5O jpsAnjETtVSAoJoEwIkvtl1br7eQCqqq =C9pP -----END PGP SIGNATURE-----
>From 85c96d07fb0928101e808512e999c043bcf9c9fc Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@xxxxxxxxxx>
Date: Tue, 19 Jul 2011 16:05:23 -0400
Subject: [PATCH 54/96] policycoreutils: semanage: update man page with new
examples
semanage rocks, so make the man page rock!
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
policycoreutils/semanage/semanage.8 | 92 ++++++++++++++++++++++++----------
1 files changed, 65 insertions(+), 27 deletions(-)
diff --git a/policycoreutils/semanage/semanage.8 b/policycoreutils/semanage/semanage.8
index fd0d0d0..adcb416 100644
--- a/policycoreutils/semanage/semanage.8
+++ b/policycoreutils/semanage/semanage.8
@@ -1,4 +1,4 @@
-.TH "semanage" "8" "2005111103" "" ""
+.TH "semanage" "8" "20100223" "" ""
.SH "NAME"
semanage \- SELinux Policy Management tool
@@ -11,35 +11,59 @@ Input local customizations
.br
.B semanage [ -S store ] -i [ input_file | - ]
-.B semanage {boolean|login|user|port|interface|node|fcontext} \-{l|D} [\-n] [\-S store]
+Manage booleans. Booleans allow the administrator to modify the confinement of
+processes based on his configuration.
.br
-.B semanage boolean \-{d|m|D} [\-\-on|\-\-off|\-1|\-0] -F boolean | boolean_file
+.B semanage boolean [\-S store] \-{d|m|l|D} [\-n] [\-\-on|\-\-off|\-\1|\-0] -F boolean | boolean_file
+
+Manage SELinux confined users (Roles and levels for an SELinux user)
+.br
+.B semanage user [\-S store] \-{a|d|m|l|D} [\-LnPrR] selinux_name
+
+Manage login mappings between linux users and SELinux confined users.
.br
-.B semanage login \-{a|d|m|D} [\-sr] login_name | %groupname
+.B semanage login [\-S store] \-{a|d|m|l|D} [\-nrs] login_name | %groupname
Manage policy modules.
.br
.B semanage module [\-S store] \-{a|d|l} [-m [--enable | --disable] ] module_name
+
+Manage network port type definitions
+.br
+.B semanage port [\-S store] \-{a|d|m|l|D} [\-nrt] [\-p proto] port | port_range
.br
-.B semanage user \-{a|d|m|D} [\-LrRP] selinux_name
+
+Manage network interface type definitions
.br
-.B semanage port \-{a|d|m|D} [\-tr] [\-p proto] port | port_range
+.B semanage interface [\-S store] \-{a|d|m|l|D} [\-nrt] interface_spec
+
+Manage network node type definitions
.br
-.B semanage interface \-{a|d|m|D} [\-tr] interface_spec
+.B semanage node [\-S store] -{a|d|m|l|D} [-nrt] [ -p protocol ] [-M netmask] address
.br
-.B semanage node -{a|d|m|D} [-tr] [ -p protocol ] [-M netmask] address
Manage file context mapping definitions
.br
-.B semanage fcontext [\-S store] \-{a|d|m|l|n|D} [\-frst] file_spec
+.B semanage fcontext [\-S store] \-{a|d|m|l|D} [\-fnrst] file_spec
+.br
+.B semanage fcontext [\-S store] \-{a|d|m|l|D} [\-n] \-e replacement target
+.br
+
+Manage processes type enforcement mode
.br
-.B semanage fcontext [\-S store] \-{a|d|m|l|n|D} \-e replacement target
+.B semanage permissive [\-S store] \-{a|d|l|D} [\-n] type
.br
-.B semanage permissive \-{a|d} type
+
+Disable/Enable dontaudit rules in policy
.br
-.B semanage dontaudit [ on | off ]
+.B semanage dontaudit [\-S store] [ on | off ]
.P
+Execute multiple commands within a single transaction.
+.br
+.B semanage [\-S store] \-i command-file
+.br
+
.SH "DESCRIPTION"
semanage is used to configure certain elements of
SELinux policy without requiring modification to or recompilation
@@ -83,6 +107,7 @@ Substitute target path with sourcepath when generating default label. This is u
fcontext. Requires source and target path arguments. The context
labeling for the target subtree is made equivalent to that
defined for the source.
+.TP
.I \-f, \-\-ftype
File Type. This is used with fcontext.
Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
@@ -91,6 +116,7 @@ Requires a file type as shown in the mode field by ls, e.g. use -d to match only
Set multiple records from the input file. When used with the \-l \-\-list, it will output the current settings to stdout in the proper format.
Currently booleans only.
+
.TP
.I \-h, \-\-help
display this message
@@ -107,6 +133,9 @@ Default SELinux Level for SELinux use, s0 Default. (MLS/MCS Systems only)
.I \-m, \-\-modify
Modify a OBJECT record NAME
.TP
+.I \-M, \-\-mask
+Network Mask
+.TP
.I \-n, \-\-noheading
Do not print heading when listing OBJECTS.
.TP
@@ -131,18 +160,22 @@ Select and alternate SELinux store to manage
.I \-t, \-\-type
SELinux Type for the object
.TP
-.I \-i
+.I \-i, \-\-input
Take a set of commands from a specified file and load them in a single
transaction.
.SH EXAMPLE
.nf
-# View SELinux user mappings
-$ semanage user -l
-# Allow joe to login as staff_u
-$ semanage login -a -s staff_u joe
-# Allow the group clerks to login as user_u
-$ semanage login -a -s user_u %clerks
+.B SELinux user
+List SELinux users
+# semanage user -l
+
+.B SELinux login
+Change joe to login as staff_u
+# semanage login -a -s staff_u joe
+Change the group clerks to login as user_u
+# semanage login -a -s user_u %clerks
+
.B File contexts
.i remember to run restorecon after you set the file context
Add file-context for everything under /web
@@ -159,13 +192,15 @@ execute the following commands.
# semanage fcontext -a -e /home /disk6/home
# restorecon -R -v /disk6
+.B Port contexts
+Allow Apache to listen on tcp port 81
+# semanage port -a -t http_port_t -p tcp 81
+
+.B Change apache to a permissive domain
+# semanage permissive -a httpd_t
-# Allow Apache to listen on port 81
-$ semanage port -a -t http_port_t -p tcp 81
-# Change apache to a permissive domain
-$ semanage permissive -a httpd_t
-# Turn off dontaudit rules
-$ semanage dontaudit off
+.B Turn off dontaudit rules
+# semanage dontaudit off
.B Managing multiple machines
Multiple machines that need the same customizations.
@@ -179,9 +214,12 @@ to second and import them.
If these customizations include file context, you need to apply the
context using restorecon.
+
.fi
.SH "AUTHOR"
-This man page was written by Daniel Walsh <dwalsh@xxxxxxxxxx> and
-Russell Coker <rcoker@xxxxxxxxxx>.
+This man page was written by Daniel Walsh <dwalsh@xxxxxxxxxx>
+.br
+and Russell Coker <rcoker@xxxxxxxxxx>.
+.br
Examples by Thomas Bleher <ThomasBleher@xxxxxx>.
--
1.7.6
Attachment:
0054-policycoreutils-semanage-update-man-page-with-new-ex.patch.sig
Description: PGP signature
