1semanage-login(8)                                            semanage-login(8)
2
3
4

NAME

6       semanage-login  -  SELinux Policy Management linux user to SELinux User
7       mapping tool
8

SYNOPSIS

10       semanage login [-h] [-n] [-N] [-S STORE] [ --add  -s  SEUSER  -r  RANGE
11       LOGIN | --delete LOGIN | --deleteall | --extract | --list [-C] | --mod‐
12       ify -s SEUSER -r RANGE LOGIN ]
13
14

DESCRIPTION

16       semanage is used to configure certain elements of SELinux policy  with‐
17       out  requiring  modification  to  or recompilation from policy sources.
18       semanage login controls the  mapping  between  a  Linux  User  and  the
19       SELinux  User.  It can be used to turn  on confined users.  For example
20       you could define that a particular user or group of users will login to
21       a  system as the user_u user.  Prefix the group name with a '%' sign to
22       indicate a group name.
23
24

OPTIONS

26       -h, --help
27              show this help message and exit
28
29       -n, --noheading
30              Do not print heading when listing the specified object type
31
32       -N, --noreload
33              Do not reload policy after commit
34
35       -C, --locallist
36              List local customizations
37
38       -S STORE, --store STORE
39              Select an alternate SELinux Policy Store to manage
40
41       -a, --add
42              Add a record of the specified object type
43
44       -d, --delete
45              Delete a record of the specified object type
46
47       -m, --modify
48              Modify a record of the specified object type
49
50       -l, --list
51              List records of the specified object type
52
53       -E, --extract
54              Extract customizable commands, for use within a transaction
55
56       -D, --deleteall
57              Remove all local customizations
58
59       -s SEUSER, --seuser SEUSER
60              SELinux user name
61
62       -r RANGE, --range RANGE
63              MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range  for
64              SELinux login mapping defaults to the SELinux user record range.
65              SELinux Range for SELinux user defaults to s0.
66
67

EXAMPLE

69       Modify the default user on the system to the guest_u user
70       # semanage login -m -s guest_u __default__
71       Assign gijoe user on an MLS machine  a range and to the staff_u user
72       # semanage login -a -s staff_u -rSystemLow-Secret gijoe
73       Assign all users in the engineering group to the staff_u user
74       # semanage login -a -s staff_u %engineering
75
76

SEE ALSO

78       selinux(8), semanage(8), semanage-user(8)
79
80

AUTHOR

82       This man page was written by Daniel Walsh <dwalsh@redhat.com>
83
84
85
86                                   20130617                  semanage-login(8)