GENHOMEDIRCON(8) GENHOMEDIRCON(8)
NAME
genhomedircon - generate file context configuration entries for user
home directories
SYNOPSIS
genhomedircon [ -d selinuxdir ] [-n | --nopasswd] [-t selinuxtype ]
[-h]
OPTIONS
-h Print a short usage message
-d selinuxdir (--directory)
Directory where selinux files are installed defaults to
/etc/selinux
-n --nopasswd
Indicates to the utility not to read homedirectories out of the
password database.
-t selinuxtype (--type)
Indicates the selinux type of this install. Defaults to "tar
geted".
DESCRIPTION
This utility is used to generate file context configuration entries for
user home directories based on their default roles and is run when
building the policy. It can also be run when ever the
/etc/selinux/<>/users/local.users file is changed Specifi
cally, we replace HOME_ROOT, HOME_DIR, and ROLE macros in the
/etc/selinux/<>/contexts/files/homedir_template file with
generic and user-specific values. local.users file. If a user has more
than one role in local.users, genhomedircon uses the first role in the
list.
If a user is not listed in local.users, genhomedircon assumes that the
users home dir will be found in one of the HOME_ROOTs. When looking
for these users, genhomedircon only considers real users. "Real" users
(as opposed to system users) are those whose UID is greater than or
equal STARTING_UID (default 500) and whose login shell is not
"/sbin/nologin", or "/bin/false".
Users who are explicitly defined in local.users, are always "real"
(including root, in the default configuration).
AUTHOR
This manual page was originally written by Manoj Srivastava , for the Debian GNU/Linux system, based on the com
ments and the code in the utility, and then updated by Dan Walsh of Red
Hat. The genhomedircon utility was originally written by Dan Walsh of
Red Hat with some modifications by Tresys Technology, LLC.
Security Enhanced Linux January 2005 GENHOMEDIRCON(8)
|
