From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007 Description of problem: Many/most of the man pages for apps and utilities which are impacted by SELinux do not mention SELinux. e.g. su(1) should describe the SELinux semantics associated with the utility. There are many other utils affected by SELinux and it all needs to be documented in their man pages. Also, I've submitted man page text for mount(8) several times, and it does not seem to have been incorporated. Version-Release number of selected component (if applicable): man-1.5m2-5 How reproducible: Always Steps to Reproduce: 1. man su 2. 3. Actual Results: No information on SELinux semantics. Expected Results: As described above. Additional info:
Here is the SELinux specific information for mount(8): -- SELinux Mount Options When SELinux is enabled in the kernel, the following mount options may be used: context=security_context Label the entire filesystem with the specified security context during mount and change the labeling behavior to 'mountpoint labeling'. The /proc/self/attr/fscreate attribute will be ignored for file creation on the filesystem, although policy-specified transitions will still work normally. This also sets the aggregate filesystem security context. fscontext=security_context Set the label of the aggregate filesystem to the specified security context. SELinux policy controls over the filesystem itself will use this value. Only valid for filesystems with EA labeling support, and is not valid if 'context' has been specified. defcontext=security_context Set the default security context for files created in this filesystem to the specified security context (as opposed to the current global default). Only works for filesystems with EA labeling support, and is not valid if 'context' has been specified. To set the context or fscontext options, the security policy must specify appropriate permissions for the filesystem relabelfrom and filesystem relabelto controls. For the defcontext option, the filesystem relablefrom and filesystem assoicate controls are invoked. The security mount options are parsed out and stripped from the normal mount option data so that no normal filesystems need to be aware of them. -- This needs to be upstreamed. The behavior of other utilities under SELinux needs to be documented, but I am not the person who should be managing this.
*** Bug 120310 has been marked as a duplicate of this bug. ***
This bug does not seem to cover quite the same territory as 120310. It addresses the need to add SElinux information to existing man pages, but the point of 120310 was the lack of any man pages for the majority of SElinux commands. From 120310: Description of problem: There are many selinux-related commands (e.g. change_bool, compute_av, compute_create, compute_relabel, compute_user, deftype, execcon, getcon, getconlist, getenforce, getfilecon, getpidcon, matchpathcon, mkdircon, policyvers, selinuxenabled, setenforce, setfilecon, show_bools, fixfiles, load_policy), not to mention "selinux" that are not documented in man pages. Version-Release number of selected component (if applicable): libselinux-1.9-1, policycoreutils-1.9.2-1 How reproducible: Always Steps to Reproduce: 1. man setenforce [etc.] 2. 3. Actual Results: No manual entry for setenforce [etc.] Expected Results: Display man page[s]
Hello, a lot of new man-pages (including most of that mentioned in previous comment) were add to current libselinux (libselinux-devel-1.24.2-1, libselinux-1.24.2-1) and policycoreutils (policycoreutils-1.25.4-1) packages. Could you please test this verison and attach some comment if there is any problem. Thank you.
No response from reporter, I'm closing this bug. If there is any problem, please reopen this bug.