semanage-login — SELinux Policy Management linux user to SELinux User mapping tool
Synopsis
semanage login [-h] [-n] [-N] [-S STORE] [ --add -s SEUSER -r RANGE LOGIN | --delete LOGIN | --deleteall | --extract | --list [-C] | --modify -s SEUSER -r RANGE LOGIN ]
Description
semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. semanage login controls the mapping between a Linux User and the SELinux User. It can be used to turn on confined users. For example you could define that a particular user or group of users will login to a system as the user_u user. Prefix the group name with a '%' sign to indicate a group name.
Options
- -h, --help
show this help message and exit
- -n, --noheading
Do not print heading when listing the specified object type
- -N, --noreload
Do not reload policy after commit
- -C, --locallist
List local customizations
- -S STORE, --store STORE
Select an alternate SELinux Policy Store to manage
- -a, --add
Add a record of the specified object type
- -d, --delete
Delete a record of the specified object type
- -m, --modify
Modify a record of the specified object type
- -l, --list
List records of the specified object type
- -E, --extract
Extract customizable commands, for use within a transaction
- -D, --deleteall
Remove all local customizations
- -s SEUSER, --seuser SEUSER
SELinux user name
- -r RANGE, --range RANGE
MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range. SELinux Range for SELinux user defaults to s0.
Example
Modify the default user on the system to the guest_u user # semanage login -m -s guest_u __default__ Assign gijoe user on an MLS machine a range and to the staff_u user # semanage login -a -s staff_u -rSystemLow-Secret gijoe Assign all users in the engineering group to the staff_u user # semanage login -a -s staff_u %engineering
See Also
Referenced By
semanage(8), semanage-user(8).