service_seusers(5) — Linux manual page

NAME | DESCRIPTION | FILE FORMAT | EXAMPLES | SEE ALSO | COLOPHON

service_seusers(5)        SELinux configuration       service_seusers(5)

NAME         top

       service_seusers - The SELinux GNU/Linux user and service to
       SELinux user mapping configuration files

DESCRIPTION         top

       These are optional files that allow services to define an SELinux
       user when authenticating via SELinux-aware login applications
       such as PAM(8).

       There is one file for each GNU/Linux user name that will be
       required to run a service with a specific SELinux user name.

       The path for each configuration file is formed by the path
       returned by selinux_policy_root(3) with /logins/username appended
       (where username is a file representing the GNU/Linux user name).
       The default services directory is located at:
              /etc/selinux/{SELINUXTYPE}/logins

       Where {SELINUXTYPE} is the entry from the selinux configuration
       file config (see selinux_config(5)).

       getseuser(3) reads this file to map services to an SELinux user.

FILE FORMAT         top

       Each line within the username file is formatted as follows with
       each component separated by a colon:
              service:seuser[:range]

       Where:
              service
                     The service name used by the application.
              seuser
                     The SELinux user name.
              range
                     The range for MCS/MLS policies.

EXAMPLES         top

       Example 1 - for the 'root' user:
              # ./logins/root
              ipa:user_u:s0
              this_service:unconfined_u:s0

       Example 2 - for GNU/Linux user 'rch':
              # ./logins/rch
              ipa:unconfined_u:s0
              that_service:unconfined_u:s0

SEE ALSO         top

       selinux(8), PAM(8), selinux_policy_root(3), getseuser(3),
       selinux_config(5)

COLOPHON         top

       This page is part of the selinux (Security-Enhanced Linux user-
       space libraries and tools) project.  Information about the
       project can be found at 
       ⟨https://github.com/SELinuxProject/selinux/wiki⟩.  If you have a
       bug report for this manual page, see
       ⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩.
       This page was obtained from the project's upstream Git repository
       ⟨https://github.com/SELinuxProject/selinux⟩ on 2023-12-22.  (At
       that time, the date of the most recent commit that was found in
       the repository was 2023-05-11.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       man-pages@man7.org

Security Enhanced Linux        28-Nov-2011            service_seusers(5)