1service_seusers(5)           SELinux configuration          service_seusers(5)
2
3
4

NAME

6       service_seusers  -  The  SELinux  GNU/Linux user and service to SELinux
7       user mapping configuration files
8

DESCRIPTION

10       These are optional files that allow services to define an SELinux  user
11       when  authenticating  via  SELinux-aware  login  applications  such  as
12       PAM(8).
13
14       There is one file for each GNU/Linux user name that will be required to
15       run a service with a specific SELinux user name.
16
17       The  path for each configuration file is formed by the path returned by
18       selinux_policy_root(3) with /logins/username appended  (where  username
19       is  a  file representing the GNU/Linux user name). The default services
20       directory is located at:
21              /etc/selinux/{SELINUXTYPE}/logins
22
23       Where {SELINUXTYPE} is the entry from the  selinux  configuration  file
24       config (see selinux_config(5)).
25
26       getseuser(3) reads this file to map services to an SELinux user.
27

FILE FORMAT

29       Each  line  within  the username file is formatted as follows with each
30       component separated by a colon:
31              service:seuser[:range]
32
33       Where:
34              service
35                     The service name used by the application.
36              seuser
37                     The SELinux user name.
38              range
39                     The range for MCS/MLS policies.
40

EXAMPLES

42       Example 1 - for the 'root' user:
43              # ./logins/root
44              ipa:user_u:s0
45              this_service:unconfined_u:s0
46
47       Example 2 - for GNU/Linux user 'rch':
48              # ./logins/rch
49              ipa:unconfined_u:s0
50              that_service:unconfined_u:s0
51

SEE ALSO

53       selinux(8), PAM(8), selinux_policy_root(3), getseuser(3),
54       selinux_config(5)
55
56
57
58Security Enhanced Linux           28-Nov-2011               service_seusers(5)