From Fedora Project Wiki

Revision as of 14:13, 24 May 2008 by fp-wiki>ImportUser (Imported from MoinMoin)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

GENHOMEDIRCON(8)                                              GENHOMEDIRCON(8)

NAME
genhomedircon  -  generate  file context configuration entries for user
home directories

SYNOPSIS
genhomedircon [ -d selinuxdir ]  [-n |  --nopasswd]   [-t  selinuxtype  ] 
[-h] 

OPTIONS
-h     Print a short usage message

-d selinuxdir (--directory)
Directory   where   selinux  files  are  installed  defaults  to
/etc/selinux

-n --nopasswd
Indicates to the utility not to read homedirectories out of  the
password database.

-t selinuxtype (--type)
Indicates  the  selinux type of this install.  Defaults to "tar-
geted".

DESCRIPTION
This utility is used to generate file context configuration entries for
user  home  directories  based  on  their default roles and is run when
building  the  policy.   It   can   also   be   run   when   ever   the
/etc/selinux/<<SELINUXTYPE>>/users/local.users file is changed Specifi-
cally,  we  replace  HOME_ROOT,  HOME_DIR,  and  ROLE  macros  in   the
/etc/selinux/<<SELINUXTYPE>>/contexts/files/homedir_template  file with
generic and user-specific values.  local.users file. If a user has more
than  one role in local.users, genhomedircon uses the first role in the
list.

If a user is not listed in local.users, genhomedircon assumes that  the
user's  home  dir will be found in one of the HOME_ROOTs.  When looking
for these users, genhomedircon only considers real users. "Real"  users
(as  opposed  to  system  users) are those whose UID is greater than or
equal  STARTING_UID  (default  500)  and  whose  login  shell  is   not
"/sbin/nologin", or "/bin/false".

Users  who  are  explicitly  defined  in local.users, are always "real"
(including root, in the default configuration).

AUTHOR
This manual page was  originally  written  by  Manoj  Srivastava  <sri-
vasta@debian.org>,  for  the Debian GNU/Linux system, based on the com-
ments and the code in the utility, and then updated by Dan Walsh of Red
Hat.  The  genhomedircon utility was originally written by Dan Walsh of
Red Hat with some modifications by Tresys Technology, LLC.

Security Enhanced Linux          January 2005                 GENHOMEDIRCON(8)