This is the command sediff that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator
PROGRAM:
NAME
sediff - SELinux policy difference tool
SYNOPSIS
sediff [OPTIONS] [EXPRESSION] ORIGINAL_POLICY ; MODIFIED_POLICY
DESCRIPTION
sediff allows the user to inspect the semantic differences between two SELinux policies.
POLICY
sediff supports loading SELinux policies in one of four formats.
source A single text file containing policy source for versions 12 through 21. This file
is usually named policy.conf.
binary A single file containing a monolithic kernel binary policy for versions 15 through
21. This file is usually named by version - for example, policy.20.
modular
A list of policy packages each containing a loadable policy module. The first
module listed must be a base module.
policy list
A single text file containing all the information needed to load a policy, usually
exported by SETools graphical utilities.
Policies do not need to be the same format. If not provided sediff will print an error
message and exit.
EXPRESSIONS
The user may specify an expression listing the policy elements to differentiate. If not
provided, all supported policy elements sans neverallows are examined.
-c, --class
Find differences in permissions assigned to object classes and common permission
sets.
--level
Find differences in categories authorized for MLS levels.
--category
Find differences in category definitions.
-t, --type
Find differences in attributes associated with types.
-a, --attribute
Find differences in types assigned to attributes.
-r, --role
Find differences in types authorized for roles.
-u, --user
Find differences in roles authorized for users.
-b, --bool
Find differences in the default values of booleans.
-A, --allow
Find differences in allow rules.
--auditallow
Find differences in auditallow rules.
--dontaudit
Find differences in dontaudit rules.
--neverallow
Find differences in neverallow rules.
--type_trans
Find differences in type_transition rules.
--type_member
Find differences in type_member rules.
--type_change
Find differences in type_change rules.
--role_trans
Find differences in role_transition rules. This includes differences in the
default role.
--role_allow
Find differences in role allow rules.
--range_trans
Find differences in range_transition rules. This includes differences in the
target MLS range.
OPTIONS
-q, --quiet
If there are no differences for elements of a given kind, suppress status output
for that kind of element.
--stats
Print difference statistics only.
-h, --help
Print help information and exit.
-V, --version
Print version information and exit.
DIFFERENCES
sediff categorizes differences in policy elements into one of three forms.
added The element exists only in the modified policy.
removed
The element exists only in the original policy.
modified
The element exists in both policies but its semantic meaning has changed.
For example, a class is modified if one or more permissions are added or
removed.
For all rules with types as their source or target, two additional forms of difference are
recognized. This helps distinguish differences due to new types from differences in rules
for existing types.
added, new type
The rule exists only in the modified policy; furthermore, one or more of the
types in the rule do not exist in the original policy.
removed, missing type
The rule exists only in the original policy; furthermore, one or more of the
types in the rule do not exist in the modified policy.
NOTE
Most shells interpret the semicolon as a metacharacter, thus requiring a backslash like
so: sediff original.policy \; modified.policy
Use sediff online using onworks.net services
