diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.27.29/audit2allow/audit2allow

--- nsapolicycoreutils/audit2allow/audit2allow	2005-11-28 21:47:54.000000000 -0500

+++ policycoreutils-1.27.29/audit2allow/audit2allow	2005-11-29 00:04:31.000000000 -0500

@@ -24,7 +24,7 @@

 #                                        02111-1307  USA

 #

 #  

-import commands, sys, os, pwd, string, getopt, re

+import commands, sys, os, pwd, string, getopt, re, selinux

 class allow:

 	def __init__(self, source, target, seclass):

 		self.source=source

@@ -81,6 +81,11 @@

 		self.roles=[]

 		self.load(input)

+	def warning(self, error):

+		sys.stderr.write("%s: " % sys.argv[0])

+		sys.stderr.write("%s\n" % error)

+		sys.stderr.flush()

+

 	def load(self, input):

 		avc=[]

 		found=0

@@ -114,43 +119,47 @@

 			if "load_policy" in avc and self.last_reload:

 				self.allowRules={}

 			return

-		for i in range (0, len(avc)):

-			if avc[i]=="{":

-				i=i+1

-				while i

-					access.append(avc[i])

+		try:

+			for i in range (0, len(avc)):

+				if avc[i]=="{":

 					i=i+1

-				continue

+					while i

+						access.append(avc[i])

+						i=i+1

+					continue

-			t=avc[i].split('=')

-			if len(t) < 2:

-				continue

-			if t[0]=="scontext":

-				context=t[1].split(":")

-				scon=context[2]

-				srole=context[1]

-				continue

-			if t[0]=="tcontext":

-				context=t[1].split(":")

-				tcon=context[2]

-				trole=context[1]

-				continue

-			if t[0]=="tclass":

-				seclass=t[1]

-				continue

-			if t[0]=="comm":

-				comm=t[1]

-				continue

-			if t[0]=="name":

-				name=t[1]

-				continue

-			if t[0]=="msg":

-				msg=t[1]

-				continue

-

-		if scon=="" or tcon =="" or seclass=="":

+				t=avc[i].split('=')

+				if len(t) < 2:

+					continue

+				if t[0]=="scontext":

+					context=t[1].split(":")

+					scon=context[2]

+					srole=context[1]

+					continue

+				if t[0]=="tcontext":

+					context=t[1].split(":")

+					tcon=context[2]

+					trole=context[1]

+					continue

+				if t[0]=="tclass":

+					seclass=t[1]

+					continue

+				if t[0]=="comm":

+					comm=t[1]

+					continue

+				if t[0]=="name":

+					name=t[1]

+					continue

+				if t[0]=="msg":

+					msg=t[1]

+					continue

+

+			if scon=="" or tcon =="" or seclass=="":

+				return

+		except IndexError, e:

+			self.warning("Bad AVC Line: %s" % avc)

 			return

-

+			

 		self.add_seclass(seclass, access)

 		self.add_type(tcon)

 		self.add_type(scon)

@@ -220,6 +229,12 @@

 if __name__ == '__main__':

+	def get_mls_flag():

+		if selinux.is_selinux_mls_enabled():

+			return "-M"

+		else:

+			return ""

+

 	def usage():

 		print 'audit2allow [-adhilrv] [-i <inputfile> ] [[-m|-M] <modulename> ] [-o <outputfile>]\n\

 		-a, --all        read input from audit and message log, conflicts with -i\n\

@@ -313,15 +328,17 @@

 		if buildPP:

 			print ("Generating type enforcment file: %s.te" % module)

 		output.write(out.out(requires, module))

+		output.flush()

 		if buildPP:

-			print ("Compiling policy: checkmodule -M -m -o %s.mod %s.te" % (module, module))

-			rc=commands.getstatusoutput("checkmodule -M -m -o %s.mod %s.te" % (module, module))

+			cmd="checkmodule %s -m -o %s.mod %s.te" % (get_mls_flag(), module, module)

+			print "Compiling policy: %s" % cmd

+			rc=commands.getstatusoutput(cmd)

 			if rc[0]==0:

 				print ("Building package: semodule_package -o %s.pp -m %s.mod" % (module, module))

 				rc=commands.getstatusoutput("semodule_package -o %s.pp -m %s.mod" % (module, module))

 				if rc[0]==0:

-					print ("\n*************** IMPORTANT ***********************\n")

-					print ("In order to load this newly created policy package,\nyou are required to execute \n\n\"semodule -i %s.pp\"\n\nto load the policy\n" % module)

+					print ("\n******************** IMPORTANT ***********************\n")

+					print ("In order to load this newly created policy package into the kernel,\nyou are required to execute \n\nsemodule -i %s.pp\n\n" % module)

 				else:

 					errorExit(rc[1])

 			else:

diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-1.27.29/audit2allow/audit2allow.1

--- nsapolicycoreutils/audit2allow/audit2allow.1	2005-09-12 16:33:30.000000000 -0400

+++ policycoreutils-1.27.29/audit2allow/audit2allow.1	2005-11-29 00:04:31.000000000 -0500

@@ -30,26 +30,38 @@

 .RI [ options "] "

 .SH OPTIONS

 .TP

-.B "\-\-help"

+.B "\-a" | "\-\-all"

+Read input from audit and message log, conflicts with -i

+.TP

+.B "\-h" | "\-\-help"

 Print a short usage message

 .TP

-.B "\-d"

+.B "\-d" | "\-\-dmesg"

 Read input from output of 

 .I /bin/dmesg.

 Note that audit messages are not available via dmesg when

 auditd is running; use -i /var/log/audit/audit.log instead.

 .TP

-.B "\-v"

+.B "\-v" | "\-\-verbose"

 Turn on verbose output

 .TP

-.B "\-l"

+.B "\-l" | "\-\-lastreload"

 read input only after last policy reload

 .TP

-.B "\-i <inputfile>"

+.B "\-r" | "\-\-requires"

+Generate require output syntax for loadable modules.

+.TP

+.B "\-m <modulename>" | "\-\-module <modulename>"

+Generate module/require output <modulename>

+.TP

+.B "\-M <modulename>" 

+Generate loadable module package, conflicts with -o

+.TP

+.B "\-i  <inputfile>" | "\-\-input <inputfile>"

 read input from 

 .I <inputfile>

 .TP

-.B "\-o <outputfile>"

+.B "\-o <outputfile>"  | "\-\-output <outputfile>"

 append output to 

 .I <outputfile>

 .SH DESCRIPTION

@@ -76,18 +88,66 @@

 .PP

 .SH EXAMPLE

 .nf

-$ cd /etc/selinux/$(SELINUXTYPE)/src/policy

-$ /usr/bin/audit2allow -i < /var/log/audit/audit.log >> domains/misc/local.te

-<review domains/misc/local.te and customize as desired>

-$ make load

+.B Traditional Syntax

+cat /var/log/audit/audit.log.1 | audit2allow

+allow cupsd_config_t unconfined_t:fifo_file { getattr ioctl };

+

+

+.B Using audit2allow to generate module syntax

+

+$ cat /var/log/audit/audit.log | audit2allow -m local

+module local 1.0;

+

+require {

+        role system_r;

+

+

+        class fifo_file {  getattr ioctl };

+

+

+        type cupsd_config_t;

+        type unconfined_t;

+ };

+

+

+allow cupsd_config_t unconfined_t:fifo_file { getattr ioctl };

+

+.B Building a loadable module

+

+$ /usr/bin/audit2allow -m local -i /var/log/audit/audit.log >> local.te

+<review local.te and customize as desired>

+# Compile the module

+$ checkmodule -M -m -o local.mod local.te

+# Create the package 

+$ semodule_package -o local.pp -m local.mod

+# Load the module into the kernel

+$ semodule -i local.mod

+

+.B Building a loadable module automatically

+$ cat /var/log/audit/audit.log | audit2allow -M local

+Generating type enforcment file: local.te

+Compiling policy: checkmodule -M -m -o local.mod local.te

+Building package: semodule_package -o local.pp -m local.mod

+

+******************** IMPORTANT ***********************

+

+In order to load this newly created policy package into the kernel,

+you are required to execute

+

+semodule -i local.pp

+

 .fi

 .PP

 .SH AUTHOR

 This manual page was written by 

 .I Manoj Srivastava <srivasta@debian.org>,

-for the Debian GNU/Linux system. The 

+for the Debian GNU/Linux system. It was updated by Dan Walsh <dwalsh@redhat.com>

+.PP

+The 

 .B audit2allow

 utility has contributions from several people, including 

 .I Justin R. Smith 

 and 

 .I Yuichi Nakamura.

+and 

+.I Dan Walsh

diff --exclude-from=exclude -N -u -r nsapolicycoreutils/Makefile policycoreutils-1.27.29/Makefile

--- nsapolicycoreutils/Makefile	2005-11-07 09:41:21.000000000 -0500

+++ policycoreutils-1.27.29/Makefile	2005-11-29 00:04:31.000000000 -0500

@@ -1,4 +1,4 @@

-SUBDIRS=setfiles load_policy newrole run_init restorecon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand setsebool po

+SUBDIRS=setfiles semanage load_policy newrole run_init restorecon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand setsebool po

 all install relabel clean: 

 	@for subdir in $(SUBDIRS); do \

diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/Makefile policycoreutils-1.27.29/semanage/Makefile

--- nsapolicycoreutils/semanage/Makefile	1969-12-31 19:00:00.000000000 -0500

+++ policycoreutils-1.27.29/semanage/Makefile	2005-11-29 00:04:31.000000000 -0500

@@ -0,0 +1,19 @@

+# Installation directories.

+PREFIX ?= ${DESTDIR}/usr

+SBINDIR ?= $(PREFIX)/sbin

+MANDIR = $(PREFIX)/share/man

+

+TARGETS=semanage

+

+all: $(TARGETS)

+

+install: all

+	[ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8

+	-mkdir -p $(SBINDIR)

+	install -m 755 semanage $(SBINDIR)

+	install -m 644 semanage.8 $(MANDIR)/man8

+

+clean:

+	rm -f semanage

+

+relabel:

diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.27.29/semanage/semanage

--- nsapolicycoreutils/semanage/semanage	1969-12-31 19:00:00.000000000 -0500

+++ policycoreutils-1.27.29/semanage/semanage	2005-11-29 00:04:52.000000000 -0500

@@ -0,0 +1,377 @@

+#! /usr/bin/env python

+# Copyright (C) 2005 Red Hat 

+# see file 'COPYING' for use and warranty information

+#

+# semanage is a tool for managing SELinux configuration files

+#

+#    This program is free software; you can redistribute it and/or

+#    modify it under the terms of the GNU General Public License as

+#    published by the Free Software Foundation; either version 2 of

+#    the License, or (at your option) any later version.

+#

+#    This program is distributed in the hope that it will be useful,

+#    but WITHOUT ANY WARRANTY; without even the implied warranty of

+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+#    GNU General Public License for more details.

+#

+#    You should have received a copy of the GNU General Public License

+#    along with this program; if not, write to the Free Software

+#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA     

+#                                        02111-1307  USA

+#

+#  

+import commands, sys, os, pwd, string, getopt, pwd

+from semanage import *;

+class loginRecords:

+	def __init__(self):

+		self.sh=semanage_handle_create()

+		self.semanaged=semanage_is_managed(self.sh)

+		if self.semanaged:

+			semanage_connect(self.sh)

+

+	def add(self, name, sename, serange):

+		(rc,k)=semanage_seuser_key_create(self.sh, name)

+		(rc,exists)= semanage_seuser_exists(self.sh, k)

+		if exists:

+			raise ValueError("SELinux User %s mapping already defined" % name)

+		try:

+			pwd.getpwname(name)

+		except:

+			raise ValueError("Linux User %s does not exist" % name)

+			

+		(rc,u)= semanage_seuser_create(self.sh)

+		semanage_seuser_set_name(self.sh, u, name)

+		semanage_seuser_set_mlsrange(self.sh, u, serange)

+		semanage_seuser_set_sename(self.sh, u, sename)

+		semanage_begin_transaction(self.sh)

+		semanage_seuser_add(self.sh, k, u)

+		if semanage_commit(self.sh) != 0:

+			raise ValueError("Failed to add SELinux user mapping")

+

+	def modify(self, name, sename="", serange=""):

+		(rc,k)=semanage_seuser_key_create(self.sh, name)

+		(rc,u)= semanage_seuser_query(self.sh, k)

+		if rc !=0 :

+			raise ValueError("SELinux user %s mapping is not defined." % name)

+		if sename == "" and serange=="":

+			raise ValueError("Requires, seuser or serange")

+		if serange != "":

+			semanage_seuser_set_mlsrange(self.sh, u, serange)

+		if sename != "":

+			semanage_seuser_set_sename(self.sh, u, sename)

+		semanage_begin_transaction(self.sh)

+		semanage_seuser_modify(self.sh, k, u)

+		if semanage_commit(self.sh) != 0:

+			raise ValueError("Failed to modify SELinux user mapping")

+

+		

+	def delete(self, name):

+		(rc,k)=semanage_seuser_key_create(self.sh, name)

+		(rc,exists)= semanage_seuser_exists(self.sh, k)

+		if rc !=0 :

+			raise ValueError("SELinux user %s mapping is not defined." % name)

+		semanage_begin_transaction(self.sh)

+		semanage_seuser_del(self.sh, k)

+		if semanage_commit(self.sh) != 0:

+			raise ValueError("SELinux User %s mapping not defined" % name)

+		

+	def list(self):

+		print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range")

+		(status, self.ulist, self.usize) = semanage_seuser_list(self.sh)

+		for idx in range(self.usize):

+			u=semanage_seuser_by_idx(self.ulist, idx)

+			name=semanage_seuser_get_name(u)

+			

+			print "%-25s %-25s %-25s" % (name, semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))

+

+class seluserRecords:

+	def __init__(self):

+		roles=[]

+		self.sh=semanage_handle_create()

+		self.semanaged=semanage_is_managed(self.sh)

+		if self.semanaged:

+			semanage_connect(self.sh)

+

+	def add(self, name, roles, selevel, serange):

+		(rc,k)=semanage_user_key_create(self.sh, name)

+		(rc,exists)= semanage_user_exists(self.sh, k)

+		if exists:

+			raise ValueError("Seuser %s already defined" % name)

+		(rc,u)= semanage_user_create(self.sh)

+		semanage_user_set_name(self.sh, u, name)

+		for r in roles:

+			semanage_user_add_role(self.sh, u, r)

+		semanage_user_set_mlsrange(self.sh, u, serange)

+		semanage_user_set_mlslevel(self.sh, u, selevel)

+		(rc,key) = semanage_user_key_extract(self.sh,u)

+		semanage_begin_transaction(self.sh)

+		semanage_user_add_local(self.sh, k, u)

+		if semanage_commit(self.sh) != 0:

+			raise ValueError("Failed to add SELinux user")

+

+		self.dict[name]=seluser(name, roles, selevel, serange)

+		

+	def modify(self, name, roles=[], selevel="", serange=""):

+		(rc,k)=semanage_user_key_create(self.sh, name)

+		(rc,exists)= semanage_user_exists(self.sh, k)

+		if not exists:

+			raise ValueError("user %s is not defined" % name)

+		(rc,u)= semanage_user_query(self.sh, k)

+		if rc !=0 :

+			raise ValueError("User %s is not defined." % name)

+		if len(roles) == 0  and serange=="" and selevel=="":

+			raise ValueError("Requires, roles, level  or range")

+		if serange != "":

+			semanage_user_set_mlsrange(self.sh, u, serange)

+		if selevel != "":

+			semanage_user_set_mlslevel(self.sh, u, selevel)

+		if len(roles) != 0:

+			for r in roles:

+				print r

+				semanage_user_add_role(self.sh, u, r)

+		semanage_begin_transaction(self.sh)

+		semanage_user_modify_local(self.sh, k, u)

+		if semanage_commit(self.sh) != 0:

+			raise ValueError("Failed to modify SELinux user")

+

+		

+	def delete(self, name):

+		(rc,k)=semanage_user_key_create(self.sh, name)

+		(rc,exists)= semanage_user_exists(self.sh, k)

+		if not exists:

+			raise ValueError("user %s is not defined" % name)

+		semanage_begin_transaction(self.sh)

+		semanage_user_del_local(self.sh, k)

+		if semanage_commit(self.sh) != 0:

+			raise ValueError("Login User %s not defined" % name)

+		

+	def list(self):

+		print "\n%-15s %-10s %-20s" % ("", "MLS/", "MLS/")

+		print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")

+		(status, self.ulist, self.usize) = semanage_user_list(self.sh)

+		for idx in range(self.usize):

+			u=semanage_user_by_idx(self.ulist, idx)

+			name=semanage_user_get_name(u)

+			(status, rlist, rlist_size) = semanage_user_get_roles(self.sh, u)

+			roles=""

+

+			if rlist_size:

+				roles+=char_by_idx(rlist, 0)

+				for ridx in range (1,rlist_size):

+					roles+=" " + char_by_idx(rlist, ridx)

+			print "%-15s %-10s %-15s %s" % (semanage_user_get_name(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles)

+

+class portRecords:

+	def __init__(self):

+		self.dict={}

+		self.sh=semanage_handle_create()

+		self.semanaged=semanage_is_managed(self.sh)

+		if self.semanaged:

+			semanage_connect(self.sh)

+

+	def add(self, name, type):

+		(rc,k)=semanage_port_key_create(self.sh, name)

+		(rc,exists)= semanage_port_exists(self.sh, k)

+		if exists:

+			raise ValueError("User %s already defined" % name)

+		(rc,u)= semanage_port_create(self.sh)

+		semanage_port_set_name(self.sh, u, name)

+		semanage_port_set_mlsrange(self.sh, u, serange)

+		semanage_port_set_sename(self.sh, u, sename)

+		semanage_begin_transaction(self.sh)

+		semanage_port_add(self.sh, k, u)

+		if semanage_commit(self.sh) != 0:

+			raise ValueError("Failed to add port")

+

+	def modify(self, name, type):

+		(rc,k)=semanage_port_key_create(self.sh, name)

+		(rc,u)= semanage_port_query(self.sh, k)

+		if rc !=0 :

+			raise ValueError("User %s is not defined." % name)

+		if sename == "" and serange=="":

+			raise ValueError("Requires, port or serange")

+		if serange != "":

+			semanage_port_set_mlsrange(self.sh, u, serange)

+		if sename != "":

+			semanage_port_set_sename(self.sh, u, sename)

+		semanage_begin_transaction(self.sh)

+		semanage_port_modify(self.sh, k, u)

+		if semanage_commit(self.sh) != 0:

+			raise ValueError("Failed to add port")

+		

+	def delete(self, name):

+		(rc,k)=semanage_port_key_create(self.sh, name)

+		semanage_begin_transaction(self.sh)

+		semanage_port_del(self.sh, k)

+		if semanage_commit(self.sh) != 0:

+			raise ValueError("Port %s not defined" % name)

+		

+	def list(self):

+		(status, self.plist, self.psize) = semanage_port_list(self.sh)

+		print "%-25s %s\n" % ("SELinux Port Name", "Port Number")

+		for idx in range(self.psize):

+			u=semanage_port_by_idx(self.plist, idx)

+			name=semanage_port_get_name(u)

+			print "%20s %d" % ( name, semanage_port_get_number(u))

+			

+if __name__ == '__main__':

+

+	def usage(message=""):

+		print '\

+semanage user [-admsRrh] SELINUX_USER\n\

+semanage login [-admsrh] LOGIN_NAME\n\

+semanage port [-admth] SELINUX_PORT_NAME\n\

+	-a, --add        Add a OBJECT record NAME\n\

+	-d, --delete     Delete a OBJECT record NAME\n\

+	-h, --help       display this message\n\

+	-l, --list       List the OBJECTS\n\

+	-m, --modify     Modify a OBJECT record NAME\n\

+	-r, --range      MLS/MCS Security Range\n\

+	-R, --roles      SELinux Roles (Separate by spaces)\n\

+	-s, --seuser     SELinux user name\n\

+	-t, --type       SELinux Type for the object\n\

+	-v, --verbose    verbose output\n\

+'

+		print message

+		sys.exit(1)

+		

+	def errorExit(error):

+		sys.stderr.write("%s: " % sys.argv[0])

+		sys.stderr.write("%s\n" % error)

+		sys.stderr.flush()

+		sys.exit(1)

+

+	#

+	# 

+	#

+	try:

+		objectlist=("login", "user", "port")

+		input=sys.stdin

+		output=sys.stdout

+		serange="s0"

+		selevel="s0"

+		roles=""

+		seuser=""

+		type=""

+		add=0

+		modify=0

+		delete=0

+		list=0

+		if len(sys.argv) < 3:

+			usage("Requires 2 or more arguments")

+			

+		object=sys.argv[1]

+		if object not in objectlist:

+			usage("%s not defined" % object)

+			

+		args=sys.argv[2:]

+		gopts, cmds = getopt.getopt(args,

+					    'adlhms:R:r:t:v',

+					    ['add',

+					     'delete',

+					     'help',

+					     'list', 

+					     'modify',

+					     'seuser=',

+					     'range=',

+					     'roles=',

+					     'type=',

+					     'verbose'

+					     ])

+		for o,a in gopts:

+			if o == "-a" or o == "--add":

+				if modify or delete:

+					usage()

+				add=1

+				

+			if o == "-d"  or o == "--delese":

+				if modify or add:

+					usage()

+				delete=1

+			if o == "-h" or o == "--help":

+				usage()

+

+			if o == "-m"or o == "--modify":

+				if delete or add:

+					usage()

+				modify=1

+				

+			if o == "-r" or o == '--range':

+				serange=a

+

+			if o == "-R" or o == '--roles':

+				roles=a

+

+			if o == "-t" or o == "--type":

+				type=a

+

+			if o == "-l" or o == "--list":

+				list=1

+

+			if o == "-s" or o == "--seuser":

+				seuser=a

+

+			if o == "-v" or o == "--verbose":

+				verbose=1

+

+		if object == "login":

+			OBJECT=loginRecords()

+

+		if object == "user":

+			OBJECT=seluserRecords()

+

+		if object == "port":

+			OBJECT=portRecords()

+		

+		if list:

+			OBJECT.list()

+			sys.exit(0);

+			

+		if len(cmds) != 1:

+			usage()

+

+		name=cmds[0]

+

+		if add:

+			if object == "login":

+				OBJECT.add(name, seuser, serange)

+

+			if object == "user":

+				rlist=roles.split()

+				print rlist

+				OBJECT.add(name, rlist, selevel, serange)

+

+			if object == "port":

+				OBJECT.add(name, type)

+

+			OBJECT.list()

+			sys.exit(0);

+			

+		if modify:

+			if object == "login":

+				OBJECT.modify(name, seuser, serange)

+

+			if object == "user":

+				rlist=roles.split()

+				print rlist

+				OBJECT.modify(name, rlist, selevel, serange)

+

+			if object == "port":

+				OBJECT.modify(name, type)

+				sys.exit(0);

+			OBJECT.list()

+			sys.exit(0);

+

+		if delete:

+			OBJECT.delete(name)

+			sys.exit(0);

+		usage()

+			

+	except getopt.error, error:

+		errorExit("Options Error " + error.msg)

+	except ValueError, error:

+		errorExit(error.args[0])

+	except IOError, error:

+		errorExit(error.args[1])

+	except KeyboardInterrupt, error:

+		sys.exit(0)

diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.27.29/semanage/semanage.8

--- nsapolicycoreutils/semanage/semanage.8	1969-12-31 19:00:00.000000000 -0500

+++ policycoreutils-1.27.29/semanage/semanage.8	2005-11-29 00:04:31.000000000 -0500

@@ -0,0 +1,57 @@

+.TH "semanage" "8" "2005111103" "" ""

+.SH "NAME"

+semanage \- SELinux Policy Management tool

+

+.SH "SYNOPSIS"

+.B semanage OBJECTTYPE [\-admsrh] OBJECT

+.B semanage login [\-admsrh] login_name

+.br

+.B semanage seuser [\-admsrh] selinux_name

+.br

+.B semanage port [\-admth] port_number

+.P

+This tool is used to manage configuration of the SELinux policy

+

+.SH "DESCRIPTION"

+This manual page describes the

+.BR semanage

+program.

+.br

+This tool is used to manage configuration of SELinux Policy.  You can configure SELinux User Mappings, SELinux Port Mappings, SELinux Users.

+

+

+.SH "OPTIONS"

+.TP 

+                \-a, \-\-add        

+.P

+Add a OBJECT record NAME

+.B                \-d, \-\-delete     

+.P

+Delete a OBJECT record NAME

+.B                \-h, \-\-help       

+.P

+display this message

+.B                \-l, \-\-list       

+.P

+List the OBJECTS

+.B                \-m, \-\-modify     

+.P

+Modify a OBJECT record NAME