Break setfmac.8 into two actual man pages, and reword bits of the

setfsmac(8) documentation.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories

3 files changed, 120 insertions, 66 deletions

diff --git a/usr.sbin/setfmac/Makefile b/usr.sbin/setfmac/Makefile
index e7171f7a20f8..c262fb67c4fd 100644
--- a/usr.sbin/setfmac/Makefile
+++ b/usr.sbin/setfmac/Makefile
@@ -1,13 +1,11 @@
 # $FreeBSD$
 
 PROG=   setfmac
-MAN=	setfmac.8
+MAN=	setfmac.8 setfsmac.8
 SRCS=   setfmac.c
 
 LINKS+=	${BINDIR}/setfmac ${BINDIR}/setfsmac
 
-MLINKS+=	setfmac.8 setfsmac.8
-
 WARNS?=	2
 
 .include <bsd.prog.mk>
diff --git a/usr.sbin/setfmac/setfmac.8 b/usr.sbin/setfmac/setfmac.8
index 559948f6d40f..98e5f441ff4c 100644
--- a/usr.sbin/setfmac/setfmac.8
+++ b/usr.sbin/setfmac/setfmac.8
@@ -29,23 +29,17 @@
 .\" SUCH DAMAGE.
 .\"
 .\" $FreeBSD$
-.Dd June 27, 2002
+.Dd March 13, 2003
 .Dt SETFMAC 8
 .Os
 .Sh NAME
-.Nm setfmac ,
-.Nm setfsmac
+.Nm setfmac
 .Nd set MAC label for a file system object
 .Sh SYNOPSIS
 .Nm setfmac
 .Op Fl hR
 .Ar label
 .Ar
-.Nm setfsmac
-.Op Fl ehvx
-.Op Fl f Ar specfile
-.Op Fl s Ar specfile
-.Ar
 .Sh DESCRIPTION
 The
 .Nm setfmac
@@ -59,61 +53,6 @@ just the files themselves.
 If the file is a symbolic link, change the label of the link rather
 than the file that the link points to.
 .El
-.Pp
-The
-.Nm setfsmac
-utility accepts a list of specification files as input and sets the MAC
-labels on the specified file system hierarchies.
-Path names specified will be visited in order as given on the command line,
-and each tree will be traversed in pre-order.
-(Generally, it will not be very useful to use relative, instead of absolute,
-paths.)
-The labels that match a file will be combined and set in a single
-transaction.
-.Pp
-The following options are available:
-.Bl -tag -width indent
-.It Fl e
-Treat any file systems encountered which do not support MAC labelling as
-errors, instead of warning and skipping past them.
-.It Fl f Ar specfile
-Add the specifications in
-.Ar specfile
-as a set of which at most one will be applied to each file traversed per
-.Fl f Ar specfile
-given.
-.It Fl h
-If the file is a symbolic link, change the label of the link rather
-than the file that the link points to.
-.It Fl s Ar specfile
-Add the specification in
-.Ar specfile ,
-but assume that the specification format is that used in the port
-of
-.Tn SELinux
-to
-.Fx ,
-.Tn SEBSD .
-At most one of the specifications will be applied to each file traversed per
-.Fl f Ar specfile
-given.
-The prefix
-.Dq Li sebsd/
-will automatically be prepended to the labels in this file, and labels
-matching
-.Dq Li <<none>>
-will be explicitly not relabeled.
-This permits SEBSD to re-use existing
-.Tn SELinux
-policy specification files
-unmodified.
-.It Fl v
-Increase the degree of verbosity.
-When given, information detailing the labelling operation is printed while
-in progress.
-.It Fl x
-Do not cross recurse into new file systems when traversing them.
-.El
 .Sh SEE ALSO
 .Xr mac 3 ,
 .Xr mac_set_file 3 ,
@@ -121,4 +60,5 @@ Do not cross recurse into new file systems when traversing them.
 .Xr mac 4 ,
 .Xr re_format 7 ,
 .Xr getfmac 8 ,
+.Xr setfsmac 8 ,
 .Xr mac 9
diff --git a/usr.sbin/setfmac/setfsmac.8 b/usr.sbin/setfmac/setfsmac.8
new file mode 100644
index 000000000000..cff9bec2e7ac
--- /dev/null
+++ b/usr.sbin/setfmac/setfsmac.8
@@ -0,0 +1,116 @@
+.\" Copyright (c) 2003 Networks Associates Technology, Inc.
+.\" All rights reserved.
+.\" 
+.\" This software was developed for the FreeBSD Project by Chris Costello
+.\" at Safeport Network Services and Network Associates Labs, the
+.\" Security Research Division of Network Associates, Inc. under
+.\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+.\" DARPA CHATS research program.
+.\" 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\" 
+.\" $FreeBSD$
+.Dd March 13, 2003
+.Os
+.Dt SETFSMAC 8
+.Sh NAME
+.Nm setfsmac
+.Nd set MAC label for a file hierarchy
+.Sh SYNOPSIS
+.Nm
+.Op Fl ehvx
+.Op Fl f Ar specfile
+.Op Fl s Ar specfile
+.Ar path ...
+.Sh DESCRIPTION
+The
+.Nm
+utility accepts a list of specification files as input and sets the MAC
+labels on the specified file system hierarchies.
+Path names specified will be visited in order as given in the command
+line, and each tree will be traversed in pre-order.
+(Generally, it will not be very useful to use relative paths instead of
+absolute paths.)
+Multiple entries matching a single file will be combined and applied in
+a single transaction.
+.Pp
+The following options are available:
+.Bl -tag -width indent
+.It Fl e
+Treat any file systems encountered which do not support MAC labelling as
+errors, instead of warning and skipping them.
+.It Fl f Ar specfile
+Apply the specifications in
+.Ar specfile
+to the specified paths.
+.\" XXX
+.Bf -emphasis
+NOTE: Only the first entry for each file is applied;
+all others are disregarded and silently dropped.
+.Ef
+Multiple
+.Fl f
+arguments may be specified to include multiple
+specification files.
+.It Fl h
+When a symbolic link is encountered, change the label of the link rather
+than the file the link points to.
+.It Fl s Ar specfile
+Apply the specifications in
+.Ar specfile ,
+but assume the specification format is compatible with the SELinux
+.Ar specfile
+format.
+.\" XXX
+.Bf -emphasis
+NOTE: Only the first entry for each file is applied;
+all others are disregarded and silently dropped.
+.Ef
+The prefix
+.Dq sebsd/
+will be automatically prepended to the labels in
+.Ar specfile .
+Labels matching
+.Dq <<none>>
+will be explicitly not relabeled.
+This permits SEBSD to reuse existing SELinux policy specification files.
+.It Fl v
+Increase the degree of verbosity.
+.It Fl x
+Do not recurse into new file systems when traversing them.
+.El
+.Sh AUTHORS
+This software was contributed to the
+.Fx
+Project by Network Associates Labs,
+the Security Research Division of Network Associates
+Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
+as part of the DARPA CHATS research program.
+.Sh SEE ALSO
+.Xr mac 3 ,
+.Xr mac_set_file 3 ,
+.Xr mac_set_link 3 ,
+.Xr mac 4 ,
+.Xr re_format 7 ,
+.Xr getfmac 8 ,
+.Xr setfmac 8 ,
+.Xr mac 9