secolor.conf - Man Page

The SELinux color configuration file

Description

The /etc/selinux/{SELINUXTYPE}/secolor.conf configuation file controls the color to be associated to the context components associated to the raw context passed by selinux_raw_context_to_color(3), when context related information is to be displayed in color by an SELinux-aware application.

selinux_raw_context_to_color(3) obtains this color information from the active policy secolor.conf file as returned by selinux_colors_path(3).

File Format

The file format is as follows:

color color_name = #color_mask
[...]

context_component string = fg_color_name bg_color_name
[...]

Where:
color

The color keyword. Each color entry is on a new line.

color_name

A single word name for the color (e.g. red).

color_mask

A color mask starting with a hash (#) that describes the hexadecimal RGB colors with black being #000000 and white being #ffffff.

context_component

The context component name that must be one of the following:

user, role, type or range

Each context_component string ... entry is on a new line.

string

This is the context_component string that will be matched with the raw context component passed by selinux_raw_context_to_color(3).
A wildcard '*' may be used to match any undefined string for the user, role and type context_component entries only.

fg_color_name

The color_name string that will be used as the foreground color. A color_mask may also be used.

bg_color_name

The color_name string that will be used as the background color. A color_mask may also be used.

Examples

Example 1 entries are:

color black  = #000000
color green  = #008000
color yellow = #ffff00
color blue   = #0000ff
color white  = #ffffff
color red    = #ff0000
color orange = #ffa500
color tan    = #D2B48C

user * = black white
role * = white black
type * = tan orange
range s0-s0:c0.c1023 = black green
range s1-s1:c0.c1023 = white green
range s3-s3:c0.c1023 = black tan
range s5-s5:c0.c1023 = white blue
range s7-s7:c0.c1023 = black red
range s9-s9:c0.c1023 = black orange
range s15:c0.c1023   = black yellow

Example 2 entries are:

color black  = #000000
color green  = #008000
color yellow = #ffff00
color blue   = #0000ff
color white  = #ffffff
color red    = #ff0000
color orange = #ffa500
color tan    = #d2b48c

user unconfined_u = #ff0000 green
role unconfined_r = red #ffffff
type unconfined_t = red orange
user user_u       = black green
role user_r       = white black
type user_t       = tan red
user xguest_u     = black yellow
role xguest_r     = black red
type xguest_t     = black green
user sysadm_u     = white black
range s0:c0.c1023 = black white
user *            = black white
role *            = black white
type *            = black white

See Also

mcstransd(8), selinux_raw_context_to_color(3), selinux_colors_path(3)

Info

08 April 2011 SELinux API documentation