Man page - service_seusers(5)
Packages contains this manual
- selabel_db(5)
- x_contexts(5)
- selabel_media(5)
- matchpathcon(8)
- selabel_x(5)
- getsebool(8)
- file_contexts.subs_dist(5)
- sepgsql_contexts(5)
- media(5)
- setenforce(8)
- default_contexts(5)
- failsafe_context(5)
- avcstat(8)
- file_contexts.local(5)
- seusers(5)
- file_contexts(5)
- service_seusers(5)
- customizable_types(5)
- user_contexts(5)
- getenforce(8)
- sefcontext_compile(8)
- selabel_file(5)
- selinux(8)
- togglesebool(8)
- file_contexts.homedirs(5)
- selinuxenabled(8)
- virtual_image_context(5)
- selinuxexeccon(8)
- virtual_domain_context(5)
- default_type(5)
- securetty_types(5)
- removable_context(5)
- file_contexts.subs(5)
- booleans(8)
- secolor.conf(5)
apt-get install selinux-utils
Manual
service_seusers
NAMEDESCRIPTION
FILE FORMAT
EXAMPLES
SEE ALSO
NAME
service_seusers - The SELinux GNU/Linux user and service to SELinux user mapping configuration files
DESCRIPTION
These are optional files that allow services to define an SELinux user when authenticating via SELinux-aware login applications such as PAM (8).
There is one file for each GNU/Linux user name that will be required to run a service with a specific SELinux user name.
The path for each configuration file is formed by the path returned by selinux_policy_root (3) with /logins/username appended (where username is a file representing the GNU/Linux user name). The default services directory is located at:
/etc/selinux/{SELINUXTYPE}/logins
Where {SELINUXTYPE} is the entry from the selinux configuration file config (see selinux_config (5)).
getseuser (3) reads this file to map services to an SELinux user.
FILE FORMAT
Each line within the username file is formatted as follows with each component separated by a colon:
service : seuser [ : range ]
Where:
service
The service name used by the application.
seuser
The SELinux user name.
range
The range for MCS/MLS policies.
EXAMPLES
Example 1 - for the βrootβ user:
# ./logins/root
ipa:user_u:s0
this_service:unconfined_u:s0
Example 2 - for GNU/Linux user βrchβ:
# ./logins/rch
ipa:unconfined_u:s0
that_service:unconfined_u:s0
SEE ALSO
selinux (8), PAM (8), selinux_policy_root (3), getseuser (3), selinux_config (5)