secolor.conf(5) File Formats Manual secolor.conf(5)NAME
secolor.conf - The SELinux color configuration file.
DESCRIPTION
This optional file controls the color to be associated to the context components associated to the raw context passed by selinux_raw_con-
text_to_color(3), when context related information is to be displayed in color by an SELinux-aware application.
selinux_raw_context_to_color(3) obtains this color information from the active policy secolor.conf file as returned by selinux_col-
ors_path(3).
FILE FORMAT
The file format is as follows:
color color_name = #color_mask
[...]
context_component string = fg_color_name bg_color_name
[...]
Where:
color
The color keyword. Each color entry is on a new line.
color_name
A single word name for the color (e.g. red).
color_mask
A color mask starting with a hash (#) that describes the hexadecimal RGB colors with black being #000000 and white being #ffffff.
context_component
The context component name that must be one of the following:
user, role, type or range
Each context_component string ... entry is on a new line.
string
This is the context_component string that will be matched with the raw context component passed by selinux_raw_context_to_color(3).
A wildcard '*' may be used to match any undefined string for the user, role and type context_component entries only.
fg_color_name
The color_name string that will be used as the foreground color. A color_mask may also be used.
bg_color_name
The color_name string that will be used as the background color. A color_mask may also be used.
EXAMPLES
Example 1 entries are:
color black = #000000
color green = #008000
color yellow = #ffff00
color blue = #0000ff
color white = #ffffff
color red = #ff0000
color orange = #ffa500
color tan = #D2B48C
user * = black white
role * = white black
type * = tan orange
range s0-s0:c0.c1023 = black green
range s1-s1:c0.c1023 = white green
range s3-s3:c0.c1023 = black tan
range s5-s5:c0.c1023 = white blue
range s7-s7:c0.c1023 = black red
range s9-s9:c0.c1023 = black orange
range s15:c0.c1023 = black yellow
Example 2 entries are:
color black = #000000
color green = #008000
color yellow = #ffff00
color blue = #0000ff
color white = #ffffff
color red = #ff0000
color orange = #ffa500
color tan = #d2b48c
user unconfined_u = #ff0000 green
role unconfined_r = red #ffffff
type unconfined_t = red orange
user user_u = black green
role user_r = white black
type user_t = tan red
user xguest_u = black yellow
role xguest_r = black red
type xguest_t = black green
user sysadm_u = white black
range s0:c0.c1023 = black white
user * = black white
role * = black white
type * = black white
SEE ALSO selinux(8), selinux_raw_context_to_color(3), selinux_colors_path(3)SELinux API documentation 08 April 2011 secolor.conf(5)
Check Out this Related Man Page
selinux_raw_context_to_color(3) Library Functions Manual selinux_raw_context_to_color(3)NAME
selinux_raw_context_to_color - Return RGB color string for an SELinux security context.
SYNOPSIS
#include <selinux/selinux.h>
int selinux_raw_context_to_color(security_context_t raw,
char **color_str);
DESCRIPTION
selinux_raw_context_to_color returns a color_str associated to the raw context raw provided that the mcstransd(8) daemon is running, the
policy is an MLS type policy (MCS or MLS) and there is a color configuration file secolor.conf(5) (see the FILES section).
The color_str string is a space separated list of eight hexadecimal RGB triples, each prefixed by a hash character (#). These represent the
user:role:type:range components of the foreground and background colors. An example string is shown in the EXAMPLE section.
The returned color_str string must be freed with free(3).
If a color has not been configured for a specific user, role, type and/or range component of context raw, then selinux_raw_context_to_color
will select the color returned in color_str in order of precedence as follows:
role, type, range
user, type, range
user, role, range
user, role, type
If there are no entries in the secolor.conf file for any of the components of context raw (or the file is not present), then the default
string returned in color_str is:
----- user ---- ---- role -------- type -------- range ----
#000000 #ffffff #000000 #ffffff #000000 #ffffff #000000 #ffffff
RETURN VALUE
On success, zero is returned.
On failure, -1 is returned with errno set appropriately.
ERRORS
ENOENT If the mcstransd(8) daemon is not running.
FILES
selinux_raw_context_to_color obtains the translated entry from the active policy secolor.conf(5) file as returned by selinux_col-
ors_path(3). The file format is described in secolor.conf(5).
NOTES
1. The primary use of selinux_raw_context_to_color is to return a color that corresponds to a range, that can then be used to highlight
information at different MLS levels.
2. The mcstransd(8) daemon process security level must dominate the raw security level passed to it by the selinux_raw_context_to_color
function. If not, the range color selected will be as defined by the order of precedence.
EXAMPLE
selinux_raw_context_to_color returns the foreground and background colors of the context string components (user:role:type:range) as RGB
triples as follows:
user : role : type : range
fg bg : fg bg : fg bg : fg bg
#000000 #ffffff #ffffff #000000 #d2b48c #ffa500 #000000 #008000
black white : white black : tan orange : black green
SEE ALSO selinux(8), selinux_colors_path(3), mcstransd(8), secolor.conf(5), selinux_raw_to_trans_context(3), selinux_trans_to_raw_context(3),
free(3)SELinux API documentation 08 April 2011 selinux_raw_context_to_color(3)