LinuxCommandLibrary
GitHubF-DroidGoogle Play Store

semanage-login

Map Linux users to SELinux users

TLDR

List all login mappings
$ sudo semanage login -l
copy
Add a login mapping (Linux user to SELinux user)
$ sudo semanage login -a -s selinux_user linux_username
copy
Delete a login mapping
$ sudo semanage login -d linux_username
copy
Modify an existing mapping
$ sudo semanage login -m -s selinux_user linux_username
copy
Add with MLS/MCS range
$ sudo semanage login -a -s user_u -r s0-s0:c0.c1023 linux_username
copy
List only customized mappings
$ sudo semanage login -l -C
copy

SYNOPSIS

semanage login [options]

DESCRIPTION

semanage login manages mappings between Linux users and SELinux users. When a Linux user logs in, this mapping determines their SELinux security context.Different SELinux users have different roles and permissions, allowing fine-grained access control. Prefix the Linux user name with % to indicate a group mapping (e.g., %wheel).

PARAMETERS

-l, --list

List login mappings.
-a, --add
Add a new login mapping.
-d, --delete
Delete a login mapping.
-m, --modify
Modify an existing login mapping.
-s, --seuser user
SELinux user to map to.
-r, --range range
MLS/MCS security range (e.g., s0-s0:c0.c1023).
-C, --locallist
Show only local customizations.
-n, --noheading
Do not print heading when listing.
-N, --noreload
Do not reload policy after commit.
-S STORE, --store STORE
Select an alternate SELinux policy store to manage.
-D, --deleteall
Remove all local customizations.
-E, --extract
Extract customizable commands.

CAVEATS

Changes affect new login sessions. Existing sessions retain their original context.

HISTORY

Part of policycoreutils, providing SELinux policy management tools.

SEE ALSO

semanage(8), semanage-user(8), semanage-fcontext(8), sestatus(8)

Copied to clipboard
Kai