seunshare(8) [centos man page]

SEUNSHARE(8)							   User Commands						      SEUNSHARE(8)

NAME

       seunshare - Run cmd with alternate homedir, tmpdir and/or SELinux context

SYNOPSIS

       seunshare [ -v ] [ -c ] [ -C ] [ -k ] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args]

DESCRIPTION

       Run  the  executable  within  the specified context, using the alternate home directory and /tmp directory.  The seunshare command unshares
       from the default namespace, then mounts the specified homedir and tmpdir over the default homedir and /tmp. Finally it tells the kernel	to
       execute the application under the specified SELinux context.

       -h homedir
	      Alternate homedir to be used by the application.	Homedir must be owned by the user.

       -t tmpdir
	      Use alternate tempory directory to mount on /tmp.  tmpdir must be owned by the user.

       -c --cgroups
	      Use cgroups to control this copy of seunshare.  Specify parameters in /etc/sysconfig/sandbox.  Max memory usage and cpu usage are to
	      be specified in percent.	You can specify which CPUs to use by numbering them 0,1,2... etc.

       -C --capabilities
	      Allow apps executed within the namespace to use capabilities.  Default is no capabilities.

       -k --kill
	      Kill all processes with matching MCS level.

       -Z context
	      Use alternate SELinux context while runing the executable.

       -v     Verbose output

SEE ALSO

       runcon(1), sandbox(8), selinux(8)

AUTHOR

       This manual page was written by Dan Walsh <dwalsh@redhat.com> and Thomas Liu <tliu@fedoraproject.org>

seunshare							     May 2010							      SEUNSHARE(8)

sestatus(8)						SELinux command line documentation					       sestatus(8)

NAME

       sestatus - SELinux status tool

SYNOPSIS

       sestatus [-v] [-b]

       This tool is used to get the status of a system running SELinux.

DESCRIPTION

       This manual page describes the sestatus program.

       This tool is used to get the status of a system running SELinux. It displays data about whether SELinux is enabled or disabled, location of
       key directories, and the loaded policy with its status as shown in the example:
	      > sestatus
	      SELinux status:		   enabled
	      SELinuxfs mount:		   /selinux
	      SELinux root directory:	   /etc/selinux
	      Loaded policy name:	   targeted
	      Current mode:		   permissive
	      Mode from config file:	   enforcing
	      Policy MLS status:	   enabled
	      Policy deny_unknown status:  allow
	      Max kernel policy version:   26

       sestatus can also be used to display:

	      -   The security context of files and processes listed in the /etc/sestatus.conf file. The format of this file is described in  ses-
		  tatus.conf(5).

	      -   The status of booleans.

OPTIONS

       -v
	      Displays	the  contexts  of files and processes listed in the /etc/sestatus.conf file. It also checks whether the file is a symbolic
	      link, if so then the context of the target file is also shown.

	      The following contexts will always be displayed:
		     The current process context
		     The init process context
		     The controlling terminal file context

       -b
	      Display the current state of booleans.

FILES

       /etc/sestatus.conf

AUTHOR

       This man page was written by Daniel Walsh <dwalsh@redhat.com>.
       The program was written by Chris PeBenito <pebenito@gentoo.org>

SEE ALSO

       selinux(8), sestatus.conf(5)

Security Enhanced Linux 					    26 Nov 2011 						       sestatus(8)