{"id":4624,"date":"2022-12-20T18:09:20","date_gmt":"2022-12-20T21:09:20","guid":{"rendered":"http:\/\/lode.uno\/linux-man\/index.php\/2022\/12\/20\/user_contexts-man5\/"},"modified":"2022-12-20T18:09:20","modified_gmt":"2022-12-20T21:09:20","slug":"user_contexts-man5","status":"publish","type":"post","link":"https:\/\/lode.uno\/linux-man\/2022\/12\/20\/user_contexts-man5\/","title":{"rendered":"user_contexts (man5)"},"content":{"rendered":"<h1 align=\"center\">user_contexts<\/h1>\n<p> <a href=\"#NAME\">NAME<\/a><br \/> <a href=\"#DESCRIPTION\">DESCRIPTION<\/a><br \/> <a href=\"#FILE FORMAT\">FILE FORMAT<\/a><br \/> <a href=\"#EXAMPLE\">EXAMPLE<\/a><br \/> <a href=\"#SEE ALSO\">SEE ALSO<\/a> <\/p>\n<hr>\n<h2>NAME <a name=\"NAME\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\">user_contexts \u2212 The SELinux user contexts configuration files<\/p>\n<h2>DESCRIPTION <a name=\"DESCRIPTION\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\">These optional user context configuration files contain entries that allow SELinux-aware login applications such as <b>PAM<\/b>(8) (running in their own process context), to determine the context that a users login session should run under.<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">SELinux-aware login applications generally use one or more of the following libselinux functions that read these files from the active policy path:<\/p>\n<p style=\"margin-left:22%;\"><b>get_default_context<\/b>(3) <b><br \/> get_ordered_context_list<\/b>(3) <b><br \/> get_ordered_context_list_with_level<\/b>(3) <b><br \/> get_default_context_with_level<\/b>(3) <b><br \/> get_default_context_with_role<\/b>(3) <b><br \/> get_default_context_with_rolelevel<\/b>(3) <b><br \/> query_user_context<\/b>(3) <b><br \/> manual_user_enter_context<\/b>(3)<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">There can be one file for each SELinux user configured on the system. The file path is formed using the path returned by <b>selinux_user_contexts_path<\/b>(3) for the active policy, with the SELinux user name appended, for example:<\/p>\n<p style=\"margin-left:22%;\"><i>\/etc\/selinux\/{SELINUXTYPE}\/contexts\/users\/unconfined_u <br \/> \/etc\/selinux\/{SELINUXTYPE}\/contexts\/users\/xguest_u<\/i><\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">Where <i>{SELINUXTYPE}<\/i> is the entry from the selinux configuration file <i>config<\/i> (see <b>selinux_config<\/b>(5)).<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">These files contain context information as described in the <b>FILE FORMAT<\/b> section.<\/p>\n<h2>FILE FORMAT <a name=\"FILE FORMAT\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\">Each line in the user context configuration file consists of the following:<\/p>\n<p style=\"margin-left:22%;\"><i>login_process user_login_process<\/i><\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">Where:<\/p>\n<p style=\"margin-left:22%;\"><i>login_process<\/i><\/p>\n<p style=\"margin-left:32%;\">This consists of a <i>role<\/i><b>:<\/b><i>type<\/i>[<b>:<\/b><i>range<\/i>] entry that represents the login process context.<\/p>\n<p style=\"margin-left:22%;\"><i>user_login_process<\/i><\/p>\n<p style=\"margin-left:32%;\">This consists of a <i>role<\/i><b>:<\/b><i>type<\/i>[<b>:<\/b><i>range<\/i>] entry that represents the user login process context.<\/p>\n<h2>EXAMPLE <a name=\"EXAMPLE\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\"># Example for xguest_u at \/etc\/selinux\/targeted\/contexts\/users\/xguest_u<\/p>\n<table width=\"100%\" border=\"0\" rules=\"none\" frame=\"void\" cellspacing=\"0\" cellpadding=\"0\">\n<tr valign=\"top\" align=\"left\">\n<td width=\"11%\"><\/td>\n<td width=\"-3%\">\n<p>system_r:crond_t:s0<\/p>\n<\/td>\n<td width=\"23%\"><\/td>\n<td width=\"7%\"><\/td>\n<td width=\"8%\"> <\/td>\n<td width=\"8%\"> <\/td>\n<td width=\"46%\">\n<p>xguest_r:xguest_t:s0<\/p>\n<\/td>\n<\/tr>\n<tr valign=\"top\" align=\"left\">\n<td width=\"11%\"><\/td>\n<td width=\"-3%\">\n<p>system_r:initrc_t:s0<\/p>\n<\/td>\n<td width=\"23%\"><\/td>\n<td width=\"7%\"><\/td>\n<td width=\"8%\"><\/td>\n<td width=\"8%\"> <\/td>\n<td width=\"46%\">\n<p>xguest_r:xguest_t:s0<\/p>\n<\/td>\n<\/tr>\n<tr valign=\"top\" align=\"left\">\n<td width=\"11%\"><\/td>\n<td width=\"-3%\">\n<p>system_r:local_login_t:s0<\/p>\n<\/td>\n<td width=\"23%\"><\/td>\n<td width=\"7%\"><\/td>\n<td width=\"8%\"><\/td>\n<td width=\"8%\"><\/td>\n<td width=\"46%\">\n<p>xguest_r:xguest_t:s0<\/p>\n<\/td>\n<\/tr>\n<tr valign=\"top\" align=\"left\">\n<td width=\"11%\"><\/td>\n<td width=\"-3%\">\n<p>system_r:remote_login_t:s0<\/p>\n<\/td>\n<td width=\"23%\"><\/td>\n<td width=\"7%\"><\/td>\n<td width=\"8%\"><\/td>\n<td width=\"8%\"><\/td>\n<td width=\"46%\">\n<p>xguest_r:xguest_t:s0<\/p>\n<\/td>\n<\/tr>\n<tr valign=\"top\" align=\"left\">\n<td width=\"11%\"><\/td>\n<td width=\"-3%\">\n<p>system_r:sshd_t:s0<\/p>\n<\/td>\n<td width=\"23%\"><\/td>\n<td width=\"7%\"><\/td>\n<td width=\"8%\"> <\/td>\n<td width=\"8%\"> <\/td>\n<td width=\"46%\">\n<p>xguest_r:xguest_t:s0<\/p>\n<\/td>\n<\/tr>\n<tr valign=\"top\" align=\"left\">\n<td width=\"11%\"><\/td>\n<td width=\"-3%\">\n<p>system_r:xdm_t:s0<\/p>\n<\/td>\n<td width=\"23%\"><\/td>\n<td width=\"7%\"><\/td>\n<td width=\"8%\"> <\/td>\n<td width=\"8%\"> <\/td>\n<td width=\"46%\">\n<p>xguest_r:xguest_t:s0<\/p>\n<\/td>\n<\/tr>\n<tr valign=\"top\" align=\"left\">\n<td width=\"11%\"><\/td>\n<td width=\"-3%\">\n<p>xguest_r:xguest_t:s0<\/p>\n<\/td>\n<td width=\"23%\"><\/td>\n<td width=\"7%\"><\/td>\n<td width=\"8%\"><\/td>\n<td width=\"8%\"> <\/td>\n<td width=\"46%\">\n<p>xguest_r:xguest_t:s0<\/p>\n<\/td>\n<\/tr>\n<\/table>\n<h2>SEE ALSO <a name=\"SEE ALSO\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\"><b>selinux<\/b>(8), <b>selinux_user_contexts_path<\/b>(3), <b>PAM<\/b>(8), <b>get_ordered_context_list<\/b>(3), <b>get_ordered_context_list_with_level<\/b>(3), <b>get_default_context_with_level<\/b>(3), <b>get_default_context_with_role<\/b>(3), <b>get_default_context_with_rolelevel<\/b>(3), <b>query_user_context<\/b>(3), <b>manual_user_enter_context<\/b>(3), <b>selinux_config<\/b>(5)<\/p>\n<hr>\n","protected":false},"excerpt":{"rendered":"<p>  user_contexts \u2212 The SELinux user contexts configuration files <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[959],"tags":[961,1291,1565],"class_list":["post-4624","post","type-post","status-publish","format-standard","hentry","category-5-formatos-de-ficheros","tag-961","tag-man5","tag-user_contexts"],"gutentor_comment":0,"_links":{"self":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/4624","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/comments?post=4624"}],"version-history":[{"count":0,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/4624\/revisions"}],"wp:attachment":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/media?parent=4624"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/categories?post=4624"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/tags?post=4624"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}