1local.users(5) SELinux configuration local.users(5)
2
6 local.users - The SELinux local users configuration file
7
9 The file contains local user definitions in the form of policy language
10 user statements and is only found on older SELinux systems as it has
11 been deprecated and replaced by the semange(8) services.
12 This file is only read by selinux_mkload_policy(3) when SETLOCALDEFS in
14 the SELinux config file (see selinux_config(5)) is set to 1.
15 selinux_users_path(3) will return the active policy path to the direc‐
17 tory where this file is located. The default local users file is:
18 /etc/selinux/{SELINUXTYPE}/contexts/users/local.users
19 Where {SELINUXTYPE} is the entry from the selinux configuration file
21 config (see selinux_config(5)).
22
24 The file consists of one or more entries terminated with ';', each on a
25 separate line as follows:
26 user seuser_id roles role_id [[level level] [range range]];
27 Where:
29 user
30 The user keyword.
31 seuser_id
32 The SELinux user identifier.
33 roles
34 The roles keyword.
35 role_id
36 One or more previously declared role identifiers. Multi‐
37 ple role identifiers consist of a space separated list
38 enclosed in braces '{}'.
39 level
40 If MLS/MCS is configured, the level keyword.
41 level
42 The users default security level. Note that only the sen‐
43 sitivity component of the level (e.g. s0) is required.
44 range
45 If MLS/MCS is configured, the range keyword.
46 range
47 The current and clearance levels that the user can run.
48 These are separated by a hyphen '-' as shown in the EXAM‐
49 PLE section.
50
52 # ./users/local.users
53 user test_u roles staff_r level s0 range s0 - s15:c0.c1023;
54
56 selinux(8), semanage(8), selinux_users_path(3), selinux_config(5),
57 selinux_mkload_policy(3)
58Security Enhanced Linux 28-Nov-2011 local.users(5)