genhomedircon



GENHOMEDIRCON(8)                                              GENHOMEDIRCON(8)




NAME

       genhomedircon  -  generate  file context configuration entries for user
       home directories


SYNOPSIS

       genhomedircon [ -d selinuxdir ] [-n |  --nopasswd]  [-t  selinuxtype  ]
       [-h]



OPTIONS

       -h     Print a short usage message

       -d selinuxdir (--directory)
              Directory   where   selinux  files  are  installed  defaults  to
              /etc/selinux

       -n --nopasswd
              Indicates to the utility not to read homedirectories out of  the
              password database.

       -t selinuxtype (--type)
              Indicates  the  selinux type of this install.  Defaults to "tar-
              geted".


DESCRIPTION

       This utility is used to generate file context configuration entries for
       user  home  directories  based  on  their default roles and is run when
       building  the  policy.   It   can   also   be   run   when   ever   the
       /etc/selinux/<<SELINUXTYPE>>/users/local.users file is changed Specifi-
       cally,  we  replace  HOME_ROOT,  HOME_DIR,  and  ROLE  macros  in   the
       /etc/selinux/<<SELINUXTYPE>>/contexts/files/homedir_template  file with
       generic and user-specific values.  local.users file. If a user has more
       than  one role in local.users, genhomedircon uses the first role in the
       list.

       If a user is not listed in local.users, genhomedircon assumes that  the
       user’s  home  dir will be found in one of the HOME_ROOTs.  When looking
       for these users, genhomedircon only considers real users. "Real"  users
       (as  opposed  to  system  users) are those whose UID is greater than or
       equal  STARTING_UID  (default  500)  and  whose  login  shell  is   not
       "/sbin/nologin", or "/bin/false".

       Users  who  are  explicitly  defined  in local.users, are always "real"
       (including root, in the default configuration).


AUTHOR

       This manual page was  originally  written  by  Manoj  Srivastava  <sri-
       vasta@debian.org>,  for  the Debian GNU/Linux system, based on the com-
       ments and the code in the utility, and then updated by Dan Walsh of Red
       Hat.  The  genhomedircon utility was originally written by Dan Walsh of
       Red Hat with some modifications by Tresys Technology, LLC.




Security Enhanced Linux          January 2005                 GENHOMEDIRCON(8)

Man(1) output converted with man2html