Update cheatsheets

tldr/kubectl-label

@@ -14,15 +14,15 @@ source: https://github.com/tldr-pages/tldr.git
 
 - Update a pod label by overwriting the existing value:
 
-`kubectl label --overwrite {{pod_name}} {{key}}={{value}}`
+`kubectl label --overwrite pod {{pod_name}} {{key}}={{value}}`
 
 - Label all pods in the namespace:
 
 `kubectl label pods --all {{key}}={{value}}`
 
-- Label pod identified by pod definition file:
+- Label a pod identified by the pod definition file:
 
-`kubectl label -f {{pod_defination_file}} {{key}}={{value}}`
+`kubectl label -f {{pod_definition_file}} {{key}}={{value}}`
 
 - Remove the label from a pod:
 

tldr/linux/dconf-reset

@@ -11,8 +11,8 @@ source: https://github.com/tldr-pages/tldr.git
 
 - Reset a specific key value:
 
-`dconf read {{/path/to/key}}`
+`dconf reset {{/path/to/key}}`
 
 - Reset a specific directory:
 
-`dconf read -d {{/path/to/directory/}}`
+`dconf reset -f {{/path/to/directory/}}`

tldr/linux/semanage

@@ -5,25 +5,29 @@ source: https://github.com/tldr-pages/tldr.git
 ---
 # semanage
 
-> SELinux Policy Management tool.
+> SELinux persistent policy management tool.
 > More information: <https://manned.org/semanage>.
 
-- Output local customizations:
+- Set or unset a SELinux boolean. Booleans allow the administrator to customize how policy rules affect confined process types (a.k.a domains):
 
-`semanage -S {{store}} -o {{path/to/output_file}}`
+`sudo semanage boolean {{-m|--modify}} {{-1|--on|-0|--off}} {{haproxy_connect_any}}`
 
-- Take a set of commands from a specified file and load them in a single transaction:
+- Add a user-defined file context labeling rule. File contexts define what files confined domains are allowed to access:
 
-`semanage -S {{store}} -i {{path/to/input_file}}`
+`sudo semanage fcontext {{-a|--add}} {{-t|--type}} {{samba_share_t}} '/mnt/share(/.*)?'`
 
-- Manage booleans. Booleans allow the administrator to modify the confinement of processes based on the current configuration:
+- Add a user-defined port labeling rule. Port labels define what ports confined domains are allowed to listen on:
 
-`semanage boolean -S {{store}} {{--delete|--modify|--list|--noheading|--deleteall}} {{-on|-off}} -F {{boolean|boolean_file}}`
+`sudo semanage port {{-a|--add}} {{-t|--type}} {{ssh_port_t}} {{-p|--proto}} {{tcp}} {{22000}}`
 
-- Manage policy modules:
+- Set or unset permissive mode for a confined domain. Per-domain permissive mode allows more granular control compared to `setenforce`:
 
-`semanage module -S {{store}} {{--add|--delete|--list|--modify}} {{--enable|--disable}} {{module_name}}`
+`sudo semenage permissive {{-a|--add|-d|--delete}} {{httpd_t}}`
 
-- Disable/Enable dontaudit rules in policy:
+- Output local customizations in the default store:
 
-`semanage dontaudit -S {{store}} {{on|off}}`
+`sudo semanage export {{-f|--output_file}} {{path/to/file}}`
+
+- Import a file generated by `semanage export` into local customizations (CAREFUL: may remove current customizations!):
+
+`sudo semanage import {{-f|--input_file}} {{path/to/file}}`