customizable_types(5) [debian man page]
customizable_types(5) SELinux configuration customizable_types(5) NAME
customizable_types - The SELinux customizable types configuration file. DESCRIPTION
The customizable_types file contains a list of types that can be customised in some way by SELinux-aware applications. Generally this is a file context type that is usually set on files that need to be shared among certain domains and where the administrator wants to manually manage the type. The use of customizable types is deprecated as the preferred approach is to use semanage fcontext ... (8). However, SELinux-aware appli- cations such as setfiles(8) will use this information to obtain a list of types relating to files that should not be relabeled. selinux_customizable_types_path(3) will return the active policy path to this file. The default customizable types file is: /etc/selinux/{SELINUXTYPE}/contexts/customizable_types Where {SELINUXTYPE} is the entry from the selinux configuration file config (see selinux_config(5)). is_context_customizable(3) reads this file to determine if a context is customisable or not for the active policy. FILE FORMAT
Each line in the file consists of the following: type Where: type The type defined in the policy that can be customised. EXAMPLE
# ./contexts/customizable_types mount_loopback_t public_content_rw_t public_content_t swapfile_t sysadm_untrusted_content_t SEE ALSO
selinux(8), selinux_customizable_types_path(3), is_context_customizable(3), semanage(8), setfiles(8), selinux_config(5) Security Enhanced Linux 28-Nov-2011 customizable_types(5)
Check Out this Related Man Page
user_contexts(5) SELinux configuration user_contexts(5) NAME
user_contexts - The SELinux user contexts configuration files DESCRIPTION
These optional user context configuration files contain entries that allow SELinux-aware login applications such as PAM(8) (running in their own process context), to determine the context that a users login session should run under. SELinux-aware login applications generally use one or more of the following libselinux functions that read these files from the active pol- icy path: get_default_context(3) get_ordered_context_list(3) get_ordered_context_list_with_level(3) get_default_context_with_level(3) get_default_context_with_role(3) get_default_context_with_rolelevel(3) query_user_context(3) manual_user_enter_context(3) There can be one file for each SELinux user configured on the system. The file path is formed using the path returned by selinux_user_contexts_path(3) for the active policy, with the SELinux user name appended, for example: /etc/selinux/{SELINUXTYPE}/contexts/users/unconfined_u /etc/selinux/{SELINUXTYPE}/contexts/users/xguest_u Where {SELINUXTYPE} is the entry from the selinux configuration file config (see selinux_config(5)). These files contain context information as described in the FILE FORMAT section. FILE FORMAT
Each line in the user context configuration file consists of the following: login_process user_login_process Where: login_process This consists of a role:type[:range] entry that represents the login process context. user_login_process This consists of a role:type[:range] entry that represents the user login process context. EXAMPLE
# Example for xguest_u at /etc/selinux/targeted/contexts/users/xguest_u system_r:crond_t:s0 xguest_r:xguest_t:s0 system_r:initrc_t:s0 xguest_r:xguest_t:s0 system_r:local_login_t:s0 xguest_r:xguest_t:s0 system_r:remote_login_t:s0 xguest_r:xguest_t:s0 system_r:sshd_t:s0 xguest_r:xguest_t:s0 system_r:xdm_t:s0 xguest_r:xguest_t:s0 xguest_r:xguest_t:s0 xguest_r:xguest_t:s0 SEE ALSO
selinux(8), selinux_user_contexts_path(3), PAM(8), get_ordered_context_list(3), get_ordered_context_list_with_level(3), get_default_context_with_level(3), get_default_context_with_role(3), get_default_context_with_rolelevel(3), query_user_context(3), manual_user_enter_context(3), selinux_config(5) Security Enhanced Linux 28-Nov-2011 user_contexts(5)