genhomedircon - generate file context configuration entries for user
genhomedircon [ -d selinuxdir ] [-n | --nopasswd] [-t selinuxtype ]
-h Print a short usage message
-d selinuxdir (--directory)
Directory where selinux files are installed defaults to
Indicates to the utility not to read homedirectories out of the
-t selinuxtype (--type)
Indicates the selinux type of this install. Defaults to "tar-
This utility is used to generate file context configuration entries for
user home directories based on their default roles and is run when
building the policy. It can also be run when ever the
/etc/selinux/<<SELINUXTYPE>>/users/local.users file is changed Specifi-
cally, we replace HOME_ROOT, HOME_DIR, and ROLE macros in the
/etc/selinux/<<SELINUXTYPE>>/contexts/files/homedir_template file with
generic and user-specific values. local.users file. If a user has more
than one role in local.users, genhomedircon uses the first role in the
If a user is not listed in local.users, genhomedircon assumes that the
user’s home dir will be found in one of the HOME_ROOTs. When looking
for these users, genhomedircon only considers real users. "Real" users
(as opposed to system users) are those whose UID is greater than or
equal STARTING_UID (default 500) and whose login shell is not
"/sbin/nologin", or "/bin/false".
Users who are explicitly defined in local.users, are always "real"
(including root, in the default configuration).
This manual page was originally written by Manoj Srivastava <sri-
firstname.lastname@example.org>, for the Debian GNU/Linux system, based on the com-
ments and the code in the utility, and then updated by Dan Walsh of Red
Hat. The genhomedircon utility was originally written by Dan Walsh of
Red Hat with some modifications by Tresys Technology, LLC.
Security Enhanced Linux January 2005 GENHOMEDIRCON(8)
Man(1) output converted with