1 files changed, 26 insertions, 13 deletions

diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml
index 1f00f082..3acd1322 100644
--- a/modules/pam_selinux/pam_selinux.8.xml
+++ b/modules/pam_selinux/pam_selinux.8.xml
@@ -25,9 +25,6 @@
 	debug
       </arg>
       <arg choice="opt">
-	multiple
-      </arg>
-      <arg choice="opt">
 	open
       </arg>
       <arg choice="opt">
@@ -36,6 +33,12 @@
       <arg choice="opt">
 	verbose
       </arg>
+      <arg choice="opt">
+	select_context
+      </arg>
+      <arg choice="opt">
+	use_current_range
+      </arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 
@@ -93,43 +96,53 @@
       </varlistentry>
       <varlistentry>
         <term>
-          <option>multiple</option>
+          <option>open</option>
         </term>
         <listitem>
           <para>
-            Tells pam_selinux.so to allow the user to  select  the
-            security context  they  will  login  with, if the user has
-            more than one role.
+            Only execute the open_session portion of the module.
           </para>
         </listitem>
       </varlistentry>
       <varlistentry>
         <term>
-          <option>open</option>
+          <option>nottys</option>
         </term>
         <listitem>
           <para>
-            Only execute the open_session portion of the module.
+            Do not try to setup the ttys security context.
           </para>
         </listitem>
       </varlistentry>
       <varlistentry>
         <term>
-          <option>nottys</option>
+          <option>verbose</option>
         </term>
         <listitem>
           <para>
-            Do not try to setup the ttys security context.
+            attempt to inform the user when security context is set.
           </para>
         </listitem>
       </varlistentry>
       <varlistentry>
         <term>
-          <option>verbose</option>
+          <option>select_context</option>
         </term>
         <listitem>
           <para>
-            attempt to inform the user when security context is set.
+            Attempt to ask the user for a custom security context role.
+            If MLS is on ask also for sensitivity level.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>
+          <option>use_current_range</option>
+        </term>
+        <listitem>
+          <para>
+            Use the sensitivity range of the process for the user context.
+            This option and the select_context option are mutually exclusive.
           </para>
         </listitem>
       </varlistentry>