SEUNSHARE(8) User Commands SEUNSHARE(8)NAME
seunshare - Run cmd with alternate homedir, tmpdir and/or SELinux context
SYNOPSIS
seunshare [ -v ] [ -c ] [ -C ] [ -k ] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args]
DESCRIPTION
Run the executable within the specified context, using the alternate home directory and /tmp directory. The seunshare command unshares
from the default namespace, then mounts the specified homedir and tmpdir over the default homedir and /tmp. Finally it tells the kernel to
execute the application under the specified SELinux context.
-h homedir
Alternate homedir to be used by the application. Homedir must be owned by the user.
-t tmpdir
Use alternate tempory directory to mount on /tmp. tmpdir must be owned by the user.
-c --cgroups
Use cgroups to control this copy of seunshare. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to
be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc.
-C --capabilities
Allow apps executed within the namespace to use capabilities. Default is no capabilities.
-k --kill
Kill all processes with matching MCS level.
-Z context
Use alternate SELinux context while runing the executable.
-v Verbose output
SEE ALSO runcon(1), sandbox(8), selinux(8)AUTHOR
This manual page was written by Dan Walsh <dwalsh@redhat.com> and Thomas Liu <tliu@fedoraproject.org>
seunshare May 2010 SEUNSHARE(8)
Check Out this Related Man Page
sestatus(8) SELinux command line documentation sestatus(8)NAME
sestatus - SELinux status tool
SYNOPSIS
sestatus [-v] [-b]
This tool is used to get the status of a system running SELinux.
DESCRIPTION
This manual page describes the sestatus program.
This tool is used to get the status of a system running SELinux. It displays data about whether SELinux is enabled or disabled, location of
key directories, and the loaded policy with its status as shown in the example:
> sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allow
Max kernel policy version: 26
sestatus can also be used to display:
- The security context of files and processes listed in the /etc/sestatus.conf file. The format of this file is described in ses-
tatus.conf(5).
- The status of booleans.
OPTIONS -v
Displays the contexts of files and processes listed in the /etc/sestatus.conf file. It also checks whether the file is a symbolic
link, if so then the context of the target file is also shown.
The following contexts will always be displayed:
The current process context
The init process context
The controlling terminal file context
-b
Display the current state of booleans.
FILES
/etc/sestatus.conf
AUTHOR
This man page was written by Daniel Walsh <dwalsh@redhat.com>.
The program was written by Chris PeBenito <pebenito@gentoo.org>
SEE ALSO selinux(8), sestatus.conf(5)Security Enhanced Linux 26 Nov 2011 sestatus(8)
Hi,
We're stuck after the Unix admin left without prior notice.
We have a web application running on mySQL.
it seems that the \tmpdir for mySQL is mount to
var\tmp directory which has only 60 MB of available disk space
running any big query fails due to the size limitation
I don't have... (13 Replies)
Hi,
I have an issue that i have never come across before. I have 1 user on a server who cannot login. When they connect using Putty and put in the login id and password the session is terminated. It is as if they had /usr/bin/false in /etc/passwd but they dont. This is the password entry;
... (9 Replies)
I need to capture the homedir using the ssh command and then saving it to a variable.
The results from the following command is what I need to capture to a variable:
NOTE: the value I'm getting back is also incorrect. as it seems to be getting the home dir from the local server and not the... (2 Replies)
Hi guys,
I have a problem in unix shell script for abinitio.
if i'm using air sandbox parameters command to set the parameter
ABC_FILE_MASK to this value ^abc_rules_.csv$ , it is throwing error.
Some one please help me find a solution. (1 Reply)
Trying to execute commands for different Unix user with that user's environment variable context without fully switching as that user using sudo && su capabilities.
Hoping this would help with security and not having to waste time switching between 10 different app users on same server.
I do... (6 Replies)
what’s going on these commands
(/tmpdir %) ls
Foo
(tmpdir % )cat foo
Cat:foo! No such file or directory
any help me out
i checked with permission...even though it is not working (1 Reply)