Index: libsemanage-3.9/man/man5/semanage.conf.5
===================================================================
--- libsemanage-3.9.orig/man/man5/semanage.conf.5
+++ libsemanage-3.9/man/man5/semanage.conf.5
@@ -1,142 +1,205 @@
-.TH semanage.conf "5" "September 2011" "semanage.conf" "Linux System Administration"
+.TH SEMANAGE.CONF 5 "September 2011" "semanage.conf"
+"Linux System Administration"
 .SH NAME
 semanage.conf \- global configuration file for the SELinux Management library
 .SH DESCRIPTION
-.PP
 The
-.BR semanage.conf
-file is usually located under the directory /etc/selinux and it is used for run-time configuration of the
+.B semanage.conf
+file is usually located under the directory /etc/selinux
+and it is used for run-time configuration of the
 behavior of the SELinux Management library.
-
+.
 .PP
-Each line should contain a configuration parameter followed by the equal sign ("=") and then followed by the configuration value for that
-parameter. Anything after the "#" symbol is ignored similarly to empty lines.
-
+Each line should contain a configuration parameter
+followed by the equal sign ("=")
+and then followed by the configuration value for that parameter.
+Anything after the "#" symbol is ignored similarly to empty lines.
+.
 .PP
 The following parameters are allowed:
-
-.RS
+.
 .TP
 .B module-store
-Specify how the SELinux Management library should interact with the SELinux policy store. When set to "direct", the SELinux
-Management library writes to the SELinux policy module store directly (this is the default setting).
+Specify how the SELinux Management library should interact with the
+SELinux policy store.
+When set to "direct",
+the SELinux Management library writes to the SELinux policy module store
+directly
+(this is the default setting).
 Otherwise a socket path or a server name can be used for the argument.
-If the argument begins with "/" (as in "/foo/bar"), it represents the path to a named socket that should be used to connect the policy management
-server.
-If the argument does not begin with a "/" (as in "example.com:4242"), it should be interpreted as the name of a remote policy management server
-to be used through a TCP connection (default port is 4242 unless a different one is specified after the server name using the colon to separate
-the two fields).
-
+If the argument begins with "/"
+(as in "/foo/bar"),
+it represents the path to a named socket
+that should be used to connect the policy management server.
+If the argument does not begin with a "/"
+(as in "example.com:4242"),
+it should be interpreted as the name of a remote policy management server
+to be used through a TCP connection
+(default port is 4242
+unless a different one is specified after the server name using the colon
+to separate the two fields).
+.
 .TP
 .B root
-Specify an alternative root path to use for the store. The default is "/"
-
+Specify an alternative root path to use for the store.
+The default is "/"
+.
 .TP
 .B store-root
-Specify an alternative store_root path to use. The default is "/var/lib/selinux"
-
+Specify an alternative store_root path to use.
+The default is "/var/lib/selinux"
+.
 .TP
 .B compiler-directory
-Specify an alternative directory that contains HLL to CIL compilers. The default value is "/usr/libexec/selinux/hll".
-
+Specify an alternative directory that contains HLL to CIL compilers.
+The default value is "/usr/libexec/selinux/hll".
+.
 .TP
 .B ignore-module-cache
-Whether or not to ignore the cache of CIL modules compiled from HLL. It can be set to either "true" or "false" and is set to "false" by default.
-If the cache is ignored, then all CIL modules are recompiled from their HLL modules.
-
+Whether or not to ignore the cache of CIL modules compiled from HLL.
+It can be set to either "true" or "false"
+and is set to "false" by default.
+If the cache is ignored,
+then all CIL modules are recompiled from their HLL modules.
+.
 .TP
 .B policy-version
-When generating the policy, by default
-.BR semanage
-will set the policy version to POLICYDB_VERSION_MAX, as defined in <sepol/policydb/policydb.h>. Change this setting if a different
-version needs to be set for the policy.
-
+When generating the policy,
+by default
+.B semanage
+will set the policy version to POLICYDB_VERSION_MAX,
+as defined in <sepol/policydb/policydb.h>.
+Change this setting
+if a different version needs to be set for the policy.
+.
 .TP
 .B target-platform
-The target platform to generate policies for. Valid values are "selinux" and "xen", and is set to "selinux" by default.
-
+The target platform to generate policies for.
+Valid values are "selinux" and "xen",
+and is set to "selinux" by default.
+.
 .TP
 .B expand-check
 Whether or not to check "neverallow" rules when executing all
-.BR semanage
-command. It can be set to either "0" (disabled) or "1" (enabled) and by default it is enabled. There might be a large
-penalty in execution time if this option is enabled.
-
+.B semanage
+command. It can be set to either "0"
+(disabled)
+or "1"
+(enabled)
+and by default it is enabled.
+There might be a large penalty in execution time
+if this option is enabled.
+.
 .TP
 .B file-mode
-By default the permission mode for the run-time policy files is set to 0644.
-
+By default the permission mode for the run-time policy files is set to
+0644.
+.
 .TP
 .B save-previous
-It controls whether the previous module directory is saved after a successful commit to the policy store and it can be set to
-either "true" or "false". By default it is set to "false" (the previous version is deleted).
-
+It controls
+whether the previous module directory is saved after a successful commit
+to the policy store
+and it can be set to either "true" or "false".
+By default it is set to "false"
+(the previous version is deleted).
+.
 .TP
 .B save-linked
-It controls whether the previously linked module is saved (with name "base.linked") after a successful commit to the policy store.
-It can be set to either "true" or "false" and by default it is set to "false" (the previous module is deleted).
-
+It controls
+whether the previously linked module is saved
+(with name "base.linked")
+after a successful commit to the policy store.
+It can be set to either "true" or "false"
+and by default
+it is set to "false"
+(the previous module is deleted).
+.
 .TP
 .B ignoredirs
-List, separated by ";",  of directories to ignore when setting up users homedirs.
+List,
+separated by ";",
+of directories to ignore
+when setting up users homedirs.
 Some distributions use this to stop labeling /root as a homedir.
-
+.
 .TP
 .B usepasswd
-Whether or not to enable the use getpwent() to obtain a list of home directories to label. It can be set to either "true" or "false".
+Whether or not to enable the use
+.BR getpwent()
+to obtain a list of home directories to label.
+It can be set to either "true" or "false".
 By default it is set to "true".
-
+.
 .TP
 .B disable-genhomedircon
 It controls whether or not the genhomedircon function is executed when using the
-.BR semanage
-command and it can be set to either "false" or "true". By default the genhomedircon functionality is enabled (equivalent
-to this option set to "false").
-
+.B semanage
+command
+and it can be set to either "false" or "true".
+By default the genhomedircon functionality is enabled
+(equivalent to this option set to "false").
+.
 .TP
 .B handle-unknown
-This option overrides the kernel behavior for handling permissions defined in the kernel but missing from the actual policy.
-It can be set to "deny", "reject" or "allow". By default the setting from the policy is taken.
-
+This option overrides the kernel behavior for handling permissions
+defined in the kernel
+but missing from the actual policy.
+It can be set to "deny",
+"reject" or "allow".
+By default the setting from the policy is taken.
+.
 .TP
 .B bzip-blocksize
-It should be in the range 0-9. A value of 0 means no compression. By default the bzip block size is set to 9 (actual block
-size value is obtained after multiplication by 100000).
-
+It should be in the range 0\(en9.
+A value of 0 means no compression.
+By default the bzip block size is set to 9
+(actual block size value is obtained after multiplication by 100,000).
+.
 .TP
 .B bzip-small
-When set to "true", the bzip algorithm shall try to reduce its system memory usage. It can be set to either "true" or "false" and
+When set to "true",
+the bzip algorithm shall try to reduce its system memory usage.
+It can be set to either "true" or "false" and
 by default it is set to "false".
-
+.
 .TP
 .B remove-hll
-When set to "true", HLL files will be removed after compilation into CIL. In order to delete HLL files already compiled into CIL,
+When set to "true",
+HLL files will be removed after compilation into CIL.
+In order to delete HLL files already compiled into CIL,
 modules will need to be recompiled with the
-.BR ignore-module-cache
+.B ignore-module-cache
 option set to 'true' or using the
-.BR ignore-module-cache
-option with semodule. The remove-hll option can be set to either "true" or "false"
+.B ignore-module-cache
+option with semodule.
+The remove-hll option can be set to either "true" or "false"
 and by default it is set to "false".
-
-Please note that since this option deletes all HLL files, an updated HLL compiler will not be able to recompile the original HLL file into CIL.
-In order to compile the original HLL file into CIL, the same HLL file will need to be reinstalled.
-
+.
+Please note
+that since this option deletes all HLL files,
+an updated HLL compiler will not be able to recompile the original HLL
+file into CIL.
+In order to compile the original HLL file into CIL,
+the same HLL file will need to be reinstalled.
+.
 .TP
 .B optimize-policy
-When set to "true", the kernel policy will be optimized upon rebuilds.
+When set to "true",
+the kernel policy will be optimized upon rebuilds.
 It can be set to either "true" or "false" and by default it is set to "true".
-
+.
 .TP
 .B multiple-decls
-When set to "true", duplicate type, type attribute, and role declarations will be allowed.
+When set to "true", duplicate type, type attribute, and role declarations
+will be allowed.
 It can be set to either "true" or "false" and by default it is set to "true".
-
-.RE
+.
 .PP
 For certain tasks the SELinux Management library resorts to running
 external commands.  For the following commands their path and arguments can
 be overridden:
-
+.
 .RS
 .RS
 .TP
@@ -146,7 +209,7 @@ Requires no argument.
 Defaults to
 .IR /sbin/load_policy
 with no arguments.
-
+.
 .TP
 .B setfiles
 Command to verify file context definitions.
@@ -155,7 +218,7 @@ file context definition file.
 Defaults to
 .IR /sbin/setfiles
 with the arguments '\-q \-c $@ $<'.
-
+.
 .TP
 .B sefcontext_compile
 Command to compile a file context definition file.
@@ -164,7 +227,7 @@ definition file.
 Defaults to
 .IR /sbin/sefcontext_compile
 with the argument '$@'.
-
+.
 .RE
 .PP
 Either
@@ -175,9 +238,9 @@ can be omitted.
 The argument string must contain '$@' for the first required argument,
 and '$<' for the second one.
 The syntax for overriding an external command property is:
-
+.
 .RS
-
+.
 [\fIname\fR]
 .sp 0
 path = /path/to/command
@@ -185,14 +248,14 @@ path = /path/to/command
 args = --flag
 .sp 0
 [end]
-
+.
 .RE
-
+.
 .TP
 Example
-
+.
 .RS
-
+.
 [sefcontext_compile]
 .sp 0
 path = /usr/sbin/sefcontext_compile
@@ -200,7 +263,7 @@ path = /usr/sbin/sefcontext_compile
 args = -r $@
 .sp 0
 [end]
-
+.
 .RE
 .PP
 Optionally the SELinux Management library can invoke external commands to
@@ -209,13 +272,13 @@ verify source modules (\fBverify module\
 The syntax is identical to the above command overrides.
 The program should exit with a value of 0 on success, and non zero on
 failure.
-
-.SH "SEE ALSO"
+.
+.SH SEE ALSO
 .TP
-semanage(8)
-.PP
-
+.BR semanage(8)
+.
 .SH AUTHOR
 This manual page was written by Guido Trentalancia <guido@trentalancia.com>.
-
-The SELinux management library was written by Tresys Technology LLC and Red Hat Inc.
+.
+The SELinux management library was written by Tresys Technology LLC
+and Red Hat Inc.