genhomedircon - generate file context configuration entries for user home directories

genhomedircon [ -d selinuxdir ] [-n | --nopasswd] [-t selinuxtype ] [-h]

-h

Print a short usage message

-d selinuxdir (--directory)

Directory where selinux files are installed defaults to /etc/selinux

-n --nopasswd Indicates to the utility not to read homedirectories out of the password database.

-t selinuxtype (--type)

Indicates the selinux type of this install. Defaults to "targeted".

This utility is used to generate file context configuration entries for user home directories based on their default roles and is run when building the policy. It can also be run when ever the /etc/selinux/<<SELINUXTYPE>>/users/local.users file is changed Specifically, we replace HOME_ROOT, HOME_DIR, and ROLE macros in the /etc/selinux/<<SELINUXTYPE>>/contexts/files/homedir_template file with generic and user-specific values. local.users file. If a user has more than one role in local.users, genhomedircon uses the first role in the list.

If a user is not listed in local.users, genhomedircon assumes that the user's home dir will be found in one of the HOME_ROOTs. When looking for these users, genhomedircon only considers real users. "Real" users (as opposed to system users) are those whose UID is greater than or equal STARTING_UID (default 500) and whose login shell is not "/sbin/nologin", or "/bin/false".

Users who are explicitly defined in local.users, are always "real" (including root, in the default configuration).

This manual page was originally written by Manoj Srivastava <srivasta@debian.org>, for the Debian GNU/Linux system, based on the comments and the code in the utility, and then updated by Dan Walsh of Red Hat. The genhomedircon utility was originally written by Dan Walsh of Red Hat with some modifications by Tresys Technology, LLC.