semanage-login(8) — Linux manual page


semanage-login(8)                                          semanage-login(8)

NAME         top

       semanage-login - SELinux Policy Management linux user to SELinux User
       mapping tool

SYNOPSIS         top

       semanage login [-h] [-n] [-N] [-S STORE] [ --add -s SEUSER -r RANGE
       LOGIN | --delete LOGIN | --deleteall | --extract | --list [-C] |
       --modify -s SEUSER -r RANGE LOGIN ]

DESCRIPTION         top

       semanage is used to configure certain elements of SELinux policy
       without requiring modification to or recompilation from policy
       sources.  semanage login controls the mapping between a Linux User
       and the SELinux User.  It can be used to turn  on confined users.
       For example you could define that a particular user or group of users
       will login to a system as the user_u user.  Prefix the group name
       with a '%' sign to indicate a group name.

OPTIONS         top

       -h, --help
              show this help message and exit

       -n, --noheading
              Do not print heading when listing the specified object type

       -N, --noreload
              Do not reload policy after commit

       -C, --locallist
              List local customizations

       -S STORE, --store STORE
              Select an alternate SELinux Policy Store to manage

       -a, --add
              Add a record of the specified object type

       -d, --delete
              Delete a record of the specified object type

       -m, --modify
              Modify a record of the specified object type

       -l, --list
              List records of the specified object type

       -E, --extract
              Extract customizable commands, for use within a transaction

       -D, --deleteall
              Remove all local customizations

       -s SEUSER, --seuser SEUSER
              SELinux user name

       -r RANGE, --range RANGE
              MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range
              for SELinux login mapping defaults to the SELinux user record
              range. SELinux Range for SELinux user defaults to s0.

EXAMPLE         top

       Modify the default user on the system to the guest_u user
       # semanage login -m -s guest_u __default__
       Assign gijoe user on an MLS machine  a range and to the staff_u user
       # semanage login -a -s staff_u -rSystemLow-Secret gijoe
       Assign all users in the engineering group to the staff_u user
       # semanage login -a -s staff_u %engineering

SEE ALSO         top

       selinux(8), semanage(8), semanage-user(8)

AUTHOR         top

       This man page was written by Daniel Walsh <>

COLOPHON         top

       This page is part of the selinux (Security-Enhanced Linux user-space
       libraries and tools) project.  Information about the project can be
       found at ⟨⟩.  If you
       have a bug report for this manual page, see
       ⟨⟩.  This
       page was obtained from the project's upstream Git repository
       ⟨⟩ on 2020-09-18.  (At that
       time, the date of the most recent commit that was found in the repos‐
       itory was 2020-09-17.)  If you discover any rendering problems in
       this HTML version of the page, or you believe there is a better or
       more up-to-date source for the page, or you have corrections or
       improvements to the information in this COLOPHON (which is not part
       of the original manual page), send a mail to

                                  20130617                 semanage-login(8)

Pages that refer to this page: semanage(8)semanage-user(8)