user_contexts man page on RedHat
[printable version]
user_contexts(5) SELinux configuration user_contexts(5)
NAME
user_contexts - The SELinux user contexts configuration files
DESCRIPTION
These optional user context configuration files contain entries that
allow SELinux-aware login applications such as PAM(8) (running in their
own process context), to determine the context that a users login ses‐
sion should run under.
SELinux-aware login applications generally use one or more of the fol‐
lowing libselinux functions that read these files from the active pol‐
icy path:
get_default_context(3)
get_ordered_context_list(3)
get_ordered_context_list_with_level(3)
get_default_context_with_level(3)
get_default_context_with_role(3)
get_default_context_with_rolelevel(3)
query_user_context(3)
manual_user_enter_context(3)
There can be one file for each SELinux user configured on the system.
The file path is formed using the path returned by
selinux_user_contexts_path(3) for the active policy, with the SELinux
user name appended, for example:
/etc/selinux/{SELINUXTYPE}/contexts/users/unconfined_u
/etc/selinux/{SELINUXTYPE}/contexts/users/xguest_u
Where {SELINUXTYPE} is the entry from the selinux configuration file
config (see selinux_config(5)).
These files contain context information as described in the FILE FORMAT
section.
FILE FORMAT
Each line in the user context configuration file consists of the fol‐
lowing:
login_process user_login_process
Where:
login_process
This consists of a role:type[:range] entry that repre‐
sents the login process context.
user_login_process
This consists of a role:type[:range] entry that repre‐
sents the user login process context.
EXAMPLE
# Example for xguest_u at /etc/selinux/targeted/contexts/users/xguest_u
system_r:crond_t:s0 xguest_r:xguest_t:s0
system_r:initrc_t:s0 xguest_r:xguest_t:s0
system_r:local_login_t:s0 xguest_r:xguest_t:s0
system_r:remote_login_t:s0 xguest_r:xguest_t:s0
system_r:sshd_t:s0 xguest_r:xguest_t:s0
system_r:xdm_t:s0 xguest_r:xguest_t:s0
xguest_r:xguest_t:s0 xguest_r:xguest_t:s0
SEE ALSO
selinux(8), selinux_user_contexts_path(3), PAM(8),
get_ordered_context_list(3), get_ordered_context_list_with_level(3),
get_default_context_with_level(3), get_default_context_with_role(3),
get_default_context_with_rolelevel(3), query_user_context(3),
manual_user_enter_context(3), selinux_config(5)
Security Enhanced Linux 28-Nov-2011 user_contexts(5)
[top]
List of man pages available for RedHat
Copyright (c) for man pages and the logo by the respective OS vendor.
For those who want to learn more, the polarhome community provides shell access and support.
[legal]
[privacy]
[GNU]
[policy]
[cookies]
[netiquette]
[sponsors]
[FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
|
Vote for polarhome
|