SELinux Tools (setools), version 1.4.1
by Tresys Technology, LLC
(selinux@tresys.com, www.tresys.com/selinux)

July 07, 2004

OVERVIEW

This file describes the SELinux tools (setools) developed by Tresys. 
See the change log for details on the changes in this version. 

The tools and libraries in this release include:

1. apol: The GUI-based policy analysis tool.

2. seuser: A GUI (seuserx) and command line (seuser) user manager tool 
   for SELinux.  This is a tool that actually manages a portion of a 
   running policy (i.e., user accounts).  

3. seuser scripts: A set of shell scripts: seuseradd, seusermod, and 
   seuserdel.  These scripts combine the functions of the associated 
   user management commands (useradd etc.) with the seuser tool, to 
   provide a single interface to effectively manage all users in an 
   SELinux system.

4. seaudit: A GUI-based audit log analysis tool for Security 
   Enhanced Linux.  This tool allows you to sort and filter the audit 
   log as well as query the policy based on audit messages.

5. secmds: Command line tools for policy manipulation and SE Linux system
   administration.

   Includes two command line tools that provide a few of 
   the features of apol without the need for a GUI.  Seinfo is a 
   command line tool for looking at a SE Linux policy, and viewing 
   various component elements and statistics.  Sesearch is a command 
   line tool to search the TE rules.
   
   Also includes two command line tools for manipulating contexts on filesystem 
   objects. Findcon allows searches for files with contexts that match a search 
   string. The search string can specify complete contexts, partial 
   contexts, and shell globbing style wildcards. Replcon provides the same 
   functionality but will then replace the context or part of the context on the 
   matched filesystem objects.

6. sepcut: A basic GUI-based policy configuration, browsing, editing, 
   and testing tool. This tool is intended to provide a complete, 
   single user interface for viewing the source files of a policy, 
   configuring policy program modules, editing policy files, and 
   making and testing the policy.

7. awish: A version of the Tcl/Tk wish interpreter that includes the 
   setools libraries.  We use this to test our GUIs (apol and seuser 
   have the interpreter compiled within them).  One could conceivably 
   write one's own GUI tools using Tcl/Tk as extended via awish.

8. libapol: The main policy analysis library, which is the core 
   library for all of our tools.

9. libseuser: The primary logic used for seuser.

10. libseaudit: The library for parsing and storing SE Linux 
    audit messages.

Apol, sepcut, seuser, seaudit, secmds, and the seuser* shell scripts 
are the primary tools in this package.  The other tool (awish) and the 
three libraries can serve as building blocks for the development of 
additional tools.  All of these tools and libraries are early 
generation, with little maturity, and should be used with care.

See the help files for apol, sepcut, seaudit, and seuser for specific 
help on using these tools.

These tools will likely have bugs (see KNOWN-BUGS for those of which 
we are aware).  Please report any new bugs or comments to 
selinux@tresys.com. Thank you.


THIS RELEASE

See the change log for a summary and history of all changes to 
setools.


COPYING

The intent is to allow free use of this source code under the GNU 
General Public License (see COPYING).  All source code is copyright 
protected and freely distributed under the GNU GPL (see COPYING). 
Absolutely no warranty is provided or implied (see COPYING).
