Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   31170 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

git_shell_selinux(8)git_shell SELinux Policy documentationgit_shell_selinux(8)

NAME
       git_shell_u - git_shell user role - Security Enhanced Linux Policy

DESCRIPTION
       git_shell_u  is	an SELinux User defined in the SELinux policy. SELinux
       users have default roles, git_shell_r.  The default role has a  default
       type, git_shell_t, associated with it.

       The  SELinux  user  will	 usually login to a system with a context that
       looks like:

       git_shell_u:git_shell_r:git_shell_u:s0-s0:c0.c1023

       Linux users are automatically  assigned	an  SELinux  users  at	login.
       Login  programs	use  the SELinux User to assign initial context to the
       user's shell.

       SELinux policy uses the context to control the user's access.

       By default  all	users  are  assigned  to  the  SELinux	user  via  the
       __default__ flag

       On  Targeted  policy  systems  the  __default__ user is assigned to the
       unconfined_u SELinux user.

       You can list all Linux User to SELinux user mapping using:

       semanage login -l

       If you wanted to change the default user mapping to use the git_shell_u
       user, you would execute:

       semanage login -m -s git_shell_u __default__

USER DESCRIPTION
       The  SELinux  user  git_shell_u	is defined in policy as a unprivileged
       user. SELinux prevents unprivileged  users  from	 doing	administration
       tasks without transitioning to a different role.

SUDO
       The SELinux type git_shell_t is not allowed to execute sudo.

X WINDOWS LOGIN
       The SELinux user git_shell_u is not able to X Windows login.

TERMINAL LOGIN
       The SELinux user git_shell_u is not able to terminal login.

NETWORK
       The  SELinux  user  git_shell_u is able to connect to the following tcp
       ports.

	      dns_port_t: 53

	      ocsp_port_t: 9080

	      kerberos_port_t: 88,750,4444

BOOLEANS
       SELinux	policy	is  customizable  based	 on  least  access   required.
       git_shell_t  policy is extremely flexible and has several booleans that
       allow you to manipulate the policy and run git_shell_t with the	tight‐
       est access possible.

       If  you	want  to allow users to connect to the local mysql server, you
       must turn on the allow_user_mysql_connect boolean.

       setsebool -P allow_user_mysql_connect 1

       If you want to control users use of ping and traceroute, you must  turn
       on the user_ping boolean.

       setsebool -P user_ping 1

       If  you	want  to  allow	 w  to	display everyone, you must turn on the
       user_ttyfile_stat boolean.

       setsebool -P user_ttyfile_stat 1

       If you want  to	allow  user  music  sharing,  you  must	 turn  on  the
       user_share_music boolean.

       setsebool -P user_share_music 1

       If  you	want to allow regular users direct dri device access, you must
       turn on the user_direct_dri boolean.

       setsebool -P user_direct_dri 1

       If you want to allow user to r/w files on filesystems that do not  have
       extended	 attributes  (FAT,  CDROM,  FLOPPY),  you  must	 turn  on  the
       user_rw_noexattrfile boolean.

       setsebool -P user_rw_noexattrfile 1

       If you want to allow users to run TCP servers (bind to ports and accept
       connection  from	 the  same  domain  and outside users)	disabling this
       forces FTP passive mode and may change other protocols, you  must  turn
       on the user_tcp_server boolean.

       setsebool -P user_tcp_server 1

       If  you	want to allow regular users direct mouse access, you must turn
       on the user_direct_mouse boolean.

       setsebool -P user_direct_mouse 1

       If you want to allow user processes to change their priority, you  must
       turn on the user_setrlimit boolean.

       setsebool -P user_setrlimit 1

       If  you	want to allow users to connect to PostgreSQL, you must turn on
       the allow_user_postgresql_connect boolean.

       setsebool -P allow_user_postgresql_connect 1

       If you want to allow users to read system messages, you	must  turn  on
       the user_dmesg boolean.

       setsebool -P user_dmesg 1

HOME_EXEC
       The SELinux user git_shell_u is able execute home content files.

TRANSITIONS
       Three things can happen when git_shell_t attempts to execute a program.

       1. SELinux Policy can deny git_shell_t from executing the program.

       2.  SELinux  Policy can allow git_shell_t to execute the program in the
       current user type.

	      Execute the following to see the types  that  the	 SELinux  user
	      git_shell_t can execute without transitioning:

	      sesearch -A -s git_shell_t -c file -p execute_no_trans

       3.  SELinux can allow git_shell_t to execute the program and transition
       to a new type.

	      Execute the following to see the types  that  the	 SELinux  user
	      git_shell_t can execute and transition:

	      $ sesearch -A -s git_shell_t -c process -p transition

COMMANDS
       semanage login can also be used to manipulate the Linux User to SELinux
       User mappings

       semanage user can also be used to manipulate SELinux user definitions.

       system-config-selinux is a GUI tool available to customize SELinux pol‐
       icy settings.

AUTHOR
       This manual page was autogenerated by genuserman.py.

SEE ALSO
       selinux(8), semanage(8).

mgrepl@redhat.com		   git_shell		  git_shell_selinux(8)

Vote for polarhome