semanage-user - SELinux Policy Management SELinux User mapping tool
semanage user [-h] [-n] [-N] [-S STORE] [ --add ( -L LEVEL -R ROLES -r RANGE
SEUSER) | --delete SEUSER | --deleteall | --extract | --list [-C] | --modify (
-L LEVEL -R ROLES -r RANGE SEUSER ) ]
semanage is used to configure certain elements of SELinux policy without
requiring modification to or recompilation from policy sources. semanage user
controls the mapping between an SELinux User and the roles and MLS/MCS levels.
- -h, --help
- show this help message and exit
- -n, --noheading
- Do not print heading when listing the specified object
type
- -N, --noreload
- Do not reload policy after commit
- -S STORE, --store STORE
- Select an alternate SELinux Policy Store to manage
- -C, --locallist
- List local customizations
- -a, --add
- Add a record of the specified object type
- -d, --delete
- Delete a record of the specified object type
- -m, --modify
- Modify a record of the specified object type
- -l, --list
- List records of the specified object type
- -E, --extract
- Extract customizable commands, for use within a
transaction
- -D, --deleteall
- Remove all local customizations
- -L LEVEL, --level LEVEL
- Default SELinux Level for SELinux user, s0 Default.
(MLS/MCS Systems only)
- -r RANGE, --range RANGE
- MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range
for SELinux login mapping defaults to the SELinux user record range.
SELinux Range for SELinux user defaults to s0.
- -R [ROLES], --roles [ROLES]
- SELinux Roles. You must enclose multiple roles within
quotes, separate by spaces. Or specify -R multiple times.
List SELinux users
# semanage user -l
Modify groups for staff_u user
# semanage user -m -R "system_r unconfined_r staff_r" staff_u
Add level for TopSecret Users
# semanage user -a -R "staff_r" -rs0-TopSecret topsecret_u
selinux(8),
semanage(8),
semanage-login(8)
This man page was written by Daniel Walsh <
[email protected]>