service_seusers(5) [debian man page]

service_seusers(5)					       SELinux configuration						service_seusers(5)

NAME

       service_seusers - The SELinux GNU/Linux user and service to SELinux user mapping configuration files.

DESCRIPTION

       These  are  optional  files  that allow services to define an SELinux user when authenticating via SELinux-aware login applications such as
       PAM(8).

       There is one file for each GNU/Linux user name that will be required to run a service with a specific SELinux user name.

       The path for each configuration file is formed by the path returned by selinux_policy_root(3) with /logins/username appended  (where  user-
       name is a file representing the GNU/Linux user name). The default services directory is located at:
	      /etc/selinux/{SELINUXTYPE}/logins

       Where {SELINUXTYPE} is the entry from the selinux configuration file config (see selinux_config(5)).

       getseuser(3) reads this file to map services to an SELinux user.

FILE FORMAT

       Each line within the username file is formatted as follows with each component separated by a colon:
	      service:seuser[:range]

       Where:
	      service
		     The service name used by the application.
	      seuser
		     The SELinux user name.
	      range
		     The range for MCS/MLS policies.

EXAMPLES

       Example 1 - for the 'root' user:
	      # ./logins/root
	      ipa:user_u:s0
	      this_service:unconfined_u:s0

       Example 2 - for GNU/Linux user 'rch':
	      # ./logins/rch
	      ipa:unconfined_u:s0
	      that_service:unconfined_u:s0

SEE ALSO

       selinux(8), PAM(8), selinux_policy_root(3), getseuser(3), selinux_config(5)

Security Enhanced Linux 					    28-Nov-2011 						service_seusers(5)

local.users(5)						       SELinux configuration						    local.users(5)

NAME

       local.users - The SELinux local users configuration file.

DESCRIPTION

       The  file  contains  local user definitions in the form of policy language user statements and is only found on older SELinux systems as it
       has been deprecated and replaced by the semange(8) services.

       This file is only read by selinux_mkload_policy(3) when SETLOCALDEFS in the SELinux config file (see selinux_config(5)) is set to 1.

       selinux_users_path(3) will return the active policy path to the directory where this file is located. The default local users file is:
	      /etc/selinux/{SELINUXTYPE}/contexts/users/local.users

       Where {SELINUXTYPE} is the entry from the selinux configuration file config (see selinux_config(5)).

FILE FORMAT

       The file consists of one or more entries terminated with ';', each on a separate line as follows:
	      user seuser_id roles role_id [[level level] [range range]];

       Where:
	      user
		     The user keyword.
	      seuser_id
		     The SELinux user identifier.
	      roles
		     The roles keyword.
	      role_id
		     One or more previously declared role identifiers. Multiple role identifiers consist of a space  separated	list  enclosed	in
		     braces '{}'.
	      level
		     If MLS/MCS is configured, the level keyword.
	      level
		     The users default security level. Note that only the sensitivity component of the level (e.g. s0) is required.
	      range
		     If MLS/MCS is configured, the range keyword.
	      range
		     The current and clearance levels that the user can run. These are separated by a hyphen '-' as shown in the EXAMPLE section.

EXAMPLE

       # ./users/local.users
       user test_u roles staff_r level s0 range s0 - s15:c0.c1023;

SEE ALSO

       selinux(8), semanage(8), selinux_users_path(3), selinux_config(5), selinux_mkload_policy(3)

Security Enhanced Linux 					    28-Nov-2011 						    local.users(5)