Provided by: setools-gui_3.3.8-3ubuntu1_amd64 bug

NAME

       sediffx - graphical SELinux policy difference tool

SYNOPSIS

       sediffx [-d] [ORIGINAL_POLICY ; MODIFIED_POLICY]

DESCRIPTION

       sediffx  allows  the  user  to  graphically  inspect  the semantic differences between two
       SELinux policies.  All supported policy elements are examined.

POLICY

       sediffx supports loading SELinux policies in one of four formats.

       source A single text file containing policy source for versions 12 through 21.  This  file
              is usually named policy.conf.

       binary A  single file containing a monolithic kernel binary policy for versions 15 through
              21. This file is usually named by version - for example, policy.20.

       modular
              A list of policy packages each containing  a  loadable  policy  module.  The  first
              module listed must be a base module.

       policy list
              A  single text file containing all the information needed to load a policy, usually
              exported by SETools graphical utilities.

       Policies do not need to be the same format. If not provided sediffx  will  begin  with  no
       policies loaded.

OPTIONS

       -d, --diff-now
              Load  the  policies  and  differentiate them immediately.  This option requires the
              user to specify the policies on the command line.

       -h, --help
              Print help information and exit.

       -V, --version
              Print version information and exit.

DIFFERENCES

       sediffx categorizes differences in policy elements into one of three forms.

              added  The element exists only in the modified policy.

              removed
                     The element exists only in the original policy.

              modified
                     The element exists in both policies but its semantic  meaning  has  changed.
                     For  example,  a  class  is modified if one or more permissions are added or
                     removed.

       For all rules with types as their source or target, two additional forms of difference are
       recognized.  This helps distinguish differences due to new types from differences in rules
       for existing types.

              added, new type
                     The rule exists only in the modified policy; furthermore, one or more of the
                     types in the rule do not exist in the original policy.

              removed, missing type
                     The rule exists only in the original policy; furthermore, one or more of the
                     types in the rule do not exist in the modified policy.

NOTE

       Most shells interpret the semicolon as a metacharacter, thus requiring  a  backslash  like
       so: sediffx original.policy \; modified.policy

AUTHOR

       This manual page was written by Jeremy A. Mowery <jmowery@tresys.com>.

COPYRIGHT

       Copyright(C) 2005-2007 Tresys Technology, LLC

BUGS

       Please report bugs via an email to setools-bugs@tresys.com.

SEE ALSO

       sediff(1)

                                                                                       sediffx(1)