1user_contexts(5)             SELinux configuration            user_contexts(5)
2
3
4

NAME

6       user_contexts - The SELinux user contexts configuration files
7

DESCRIPTION

9       These  optional  user  context configuration files contain entries that
10       allow SELinux-aware login applications such as PAM(8) (running in their
11       own  process context), to determine the context that a users login ses‐
12       sion should run under.
13
14       SELinux-aware login applications generally use one or more of the  fol‐
15       lowing  libselinux functions that read these files from the active pol‐
16       icy path:
17              get_default_context(3)
18              get_ordered_context_list(3)
19              get_ordered_context_list_with_level(3)
20              get_default_context_with_level(3)
21              get_default_context_with_role(3)
22              get_default_context_with_rolelevel(3)
23              query_user_context(3)
24              manual_user_enter_context(3)
25
26       There can be one file for each SELinux user configured on  the  system.
27       The    file     path   is   formed   using   the   path   returned   by
28       selinux_user_contexts_path(3) for the active policy, with  the  SELinux
29       user name appended, for example:
30              /etc/selinux/{SELINUXTYPE}/contexts/users/unconfined_u
31              /etc/selinux/{SELINUXTYPE}/contexts/users/xguest_u
32
33       Where  {SELINUXTYPE}  is  the entry from the selinux configuration file
34       config (see selinux_config(5)).
35
36       These files contain context information as described in the FILE FORMAT
37       section.
38

FILE FORMAT

40       Each  line  in the user context configuration file consists of the fol‐
41       lowing:
42              login_process user_login_process
43
44       Where:
45              login_process
46                     This consists of a role:type[:range]  entry  that  repre‐
47                     sents the login process context.
48              user_login_process
49                     This  consists  of  a role:type[:range] entry that repre‐
50                     sents the user login process context.
51

EXAMPLE

53       # Example for xguest_u at /etc/selinux/targeted/contexts/users/xguest_u
54       system_r:crond_t:s0           xguest_r:xguest_t:s0
55       system_r:initrc_t:s0          xguest_r:xguest_t:s0
56       system_r:local_login_t:s0     xguest_r:xguest_t:s0
57       system_r:remote_login_t:s0    xguest_r:xguest_t:s0
58       system_r:sshd_t:s0            xguest_r:xguest_t:s0
59       system_r:xdm_t:s0             xguest_r:xguest_t:s0
60       xguest_r:xguest_t:s0          xguest_r:xguest_t:s0
61

SEE ALSO

63       selinux(8), selinux_user_contexts_path(3), PAM(8),
64       get_ordered_context_list(3), get_ordered_context_list_with_level(3),
65       get_default_context_with_level(3), get_default_context_with_role(3),
66       get_default_context_with_rolelevel(3), query_user_context(3),
67       manual_user_enter_context(3), selinux_config(5)
68
69
70
71Security Enhanced Linux           28-Nov-2011                 user_contexts(5)
Impressum