1semanage-user(8)                                              semanage-user(8)
2
3
4

NAME

6       semanage-user - SELinux Policy Management SELinux User mapping tool
7

SYNOPSIS

9       semanage  user [-h] [-n] [-N] [-S STORE] [ --add ( -L LEVEL -R ROLES -r
10       RANGE SEUSER) | --delete SEUSER | --deleteall | --extract | --list [-C]
11       | --modify ( -L LEVEL -R ROLES -r RANGE SEUSER ) ]
12
13

DESCRIPTION

15       semanage  is used to configure certain elements of SELinux policy with‐
16       out requiring modification to or  recompilation  from  policy  sources.
17       semanage  user  controls  the  mapping  between an SELinux User and the
18       roles and MLS/MCS levels.
19
20

OPTIONS

22       -h, --help
23              show this help message and exit
24
25       -n, --noheading
26              Do not print heading when listing the specified object type
27
28       -N, --noreload
29              Do not reload policy after commit
30
31       -S STORE, --store STORE
32              Select an alternate SELinux Policy Store to manage
33
34       -C, --locallist
35              List local customizations
36
37       -a, --add
38              Add a record of the specified object type
39
40       -d, --delete
41              Delete a record of the specified object type
42
43       -m, --modify
44              Modify a record of the specified object type
45
46       -l, --list
47              List records of the specified object type
48
49       -E, --extract
50              Extract customizable commands, for use within a transaction
51
52       -D, --deleteall
53              Remove all local customizations
54
55       -L LEVEL, --level LEVEL
56              Default SELinux Level for SELinux  user,  s0  Default.  (MLS/MCS
57              Systems only)
58
59       -r RANGE, --range RANGE
60              MLS/MCS  Security Range (MLS/MCS Systems only) SELinux Range for
61              SELinux login mapping defaults to the SELinux user record range.
62              SELinux Range for SELinux user defaults to s0.
63
64       -R [ROLES], --roles [ROLES]
65              SELinux  Roles.  You  must enclose multiple roles within quotes,
66              separate by spaces. Or specify -R multiple times.
67
68

EXAMPLE

70       List SELinux users
71       # semanage user -l
72       Modify groups for staff_u user
73       # semanage user -m -R "system_r unconfined_r staff_r" staff_u
74       Add level for TopSecret Users
75       # semanage user -a -R "staff_r" -rs0-TopSecret topsecret_u
76
77

SEE ALSO

79       selinux(8), semanage(8), semanage-login(8)
80
81

AUTHOR

83       This man page was written by Daniel Walsh <dwalsh@redhat.com>
84
85
86
87                                   20130617                   semanage-user(8)