Linux command
semanage-login 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
List
sudo semanage login -l
Add
sudo semanage login -a -s selinux_user linux_username
Delete
sudo semanage login -d linux_username
Modify
sudo semanage login -m -s selinux_user linux_username
Example
sudo semanage login -a -s user_u -r s0-s0:c0.c1023 linux_username
Example
sudo semanage login -l -C
说明
semanage login manages mappings between Linux users and SELinux users. When a Linux user logs in, this mapping determines their SELinux security context. Different SELinux users have different roles and permissions, allowing fine-grained access control. Prefix the Linux user name with % to indicate a group mapping (e.g., %wheel).
参数
- -l, --list
- List login mappings.
- -a, --add
- Add a new login mapping.
- -d, --delete
- Delete a login mapping.
- -m, --modify
- Modify an existing login mapping.
- -s, --seuser _user_
- SELinux user to map to.
- -r, --range _range_
- MLS/MCS security range (e.g., s0-s0:c0.c1023).
- -C, --locallist
- Show only local customizations.
- -n, --noheading
- Do not print heading when listing.
- -N, --noreload
- Do not reload policy after commit.
- -S _STORE_, --store _STORE_
- Select an alternate SELinux policy store to manage.
- -D, --deleteall
- Remove all local customizations.
- -E, --extract
- Extract customizable commands.
FAQ
What is the semanage-login command used for?
semanage login manages mappings between Linux users and SELinux users. When a Linux user logs in, this mapping determines their SELinux security context. Different SELinux users have different roles and permissions, allowing fine-grained access control. Prefix the Linux user name with % to indicate a group mapping (e.g., %wheel).
How do I run a basic semanage-login example?
Run `sudo semanage login -l` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -l, --list do in semanage-login?
List login mappings.