other versions
- jessie 3.3.8-3.1
sediffx(1) | General Commands Manual | sediffx(1) |
NAME¶
sediffx - graphical SELinux policy difference toolSYNOPSIS¶
sediffx [-d] [ORIGINAL_POLICY ; MODIFIED_POLICY]DESCRIPTION¶
sediffx allows the user to graphically inspect the semantic differences between two SELinux policies. All supported policy elements are examined.POLICY¶
sediffx supports loading SELinux policies in one of four formats.- source
- A single text file containing policy source for versions 12 through 21. This file is usually named policy.conf.
- binary
- A single file containing a monolithic kernel binary policy for versions 15 through 21. This file is usually named by version - for example, policy.20.
- modular
- A list of policy packages each containing a loadable policy module. The first module listed must be a base module.
- policy list
- A single text file containing all the information needed to load a policy, usually exported by SETools graphical utilities.
OPTIONS¶
- -d, --diff-now
- Load the policies and differentiate them immediately. This option requires the user to specify the policies on the command line.
- -h, --help
- Print help information and exit.
- -V, --version
- Print version information and exit.
DIFFERENCES¶
sediffx categorizes differences in policy elements into one of three forms.- added
- The element exists only in the modified policy.
- removed
- The element exists only in the original policy.
- modified
- The element exists in both policies but its semantic meaning has changed. For example, a class is modified if one or more permissions are added or removed.
- added, new type
- The rule exists only in the modified policy; furthermore, one or more of the types in the rule do not exist in the original policy.
- removed, missing type
- The rule exists only in the original policy; furthermore, one or more of the types in the rule do not exist in the modified policy.