semanage-login - SELinux Policy Management linux user to SELinux User mapping
tool
semanage login [-h] [-n] [-N] [-S STORE] [ --add -s SEUSER -r RANGE LOGIN |
--delete LOGIN | --deleteall | --extract | --list [-C] | --modify -s SEUSER -r
RANGE LOGIN ]
semanage is used to configure certain elements of SELinux policy without
requiring modification to or recompilation from policy sources. semanage login
controls the mapping between a Linux User and the SELinux User. It can be used
to turn on confined users. For example you could define that a particular user
or group of users will login to a system as the user_u user. Prefix the group
name with a '%' sign to indicate a group name.
- -h, --help
- show this help message and exit
- -n, --noheading
- Do not print heading when listing the specified object
type
- -N, --noreload
- Do not reload policy after commit
- -C, --locallist
- List local customizations
- -S STORE, --store STORE
- Select an alternate SELinux Policy Store to manage
- -a, --add
- Add a record of the specified object type
- -d, --delete
- Delete a record of the specified object type
- -m, --modify
- Modify a record of the specified object type
- -l, --list
- List records of the specified object type
- -E, --extract
- Extract customizable commands, for use within a
transaction
- -D, --deleteall
- Remove all local customizations
- -s SEUSER, --seuser SEUSER
- SELinux user name
- -r RANGE, --range RANGE
- MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range
for SELinux login mapping defaults to the SELinux user record range.
SELinux Range for SELinux user defaults to s0.
Modify the default user on the system to the guest_u user
# semanage login -m -s guest_u __default__
Assign gijoe user on an MLS machine a range and to the staff_u user
# semanage login -a -s staff_u -rSystemLow-Secret gijoe
Assign all users in the engineering group to the staff_u user
# semanage login -a -s staff_u %engineering
selinux(8),
semanage(8),
semanage-user(8)
This man page was written by Daniel Walsh <
[email protected]>