Provided by: setools-gui_3.3.8-3ubuntu1_amd64 bug

NAME
       sediffx - graphical SELinux policy difference tool


SYNOPSIS
       sediffx [-d] [ORIGINAL_POLICY ; MODIFIED_POLICY]


DESCRIPTION
       sediffx  allows  the  user  to graphically inspect the semantic differences between two SELinux policies.
       All supported policy elements are examined.


POLICY
       sediffx supports loading SELinux policies in one of four formats.

       source A single text file containing policy source for versions 12 through 21. This file is usually named
              policy.conf.

       binary A single file containing a monolithic kernel binary policy for versions 15 through 21.  This  file
              is usually named by version - for example, policy.20.

       modular
              A  list  of policy packages each containing a loadable policy module. The first module listed must
              be a base module.

       policy list
              A single text file containing all the information needed to load a  policy,  usually  exported  by
              SETools graphical utilities.

       Policies do not need to be the same format. If not provided sediffx will begin with no policies loaded.


OPTIONS
       -d, --diff-now
              Load  the  policies  and differentiate them immediately.  This option requires the user to specify
              the policies on the command line.

       -h, --help
              Print help information and exit.

       -V, --version
              Print version information and exit.


DIFFERENCES
       sediffx categorizes differences in policy elements into one of three forms.

              added  The element exists only in the modified policy.

              removed
                     The element exists only in the original policy.

              modified
                     The element exists in both policies but its semantic meaning has changed.  For  example,  a
                     class is modified if one or more permissions are added or removed.

       For  all  rules  with types as their source or target, two additional forms of difference are recognized.
       This helps distinguish differences due to new types from differences in rules for existing types.

              added, new type
                     The rule exists only in the modified policy; furthermore, one or more of the types  in  the
                     rule do not exist in the original policy.

              removed, missing type
                     The  rule  exists only in the original policy; furthermore, one or more of the types in the
                     rule do not exist in the modified policy.


NOTE
       Most shells interpret the semicolon as a metacharacter, thus  requiring  a  backslash  like  so:  sediffx
       original.policy \; modified.policy


AUTHOR
       This manual page was written by Jeremy A. Mowery <jmowery@tresys.com>.


COPYRIGHT
       Copyright(C) 2005-2007 Tresys Technology, LLC


BUGS
       Please report bugs via an email to setools-bugs@tresys.com.


SEE ALSO
       sediff(1)

                                                                                                      sediffx(1)