################################## # # Core User configuration. # # # gen_user(username, role_set, mls_defaultlevel, mls_range, [mcs_catetories]) # # # system_u is the user identity for system processes and objects. # There should be no corresponding Unix user identity for system, # and a user process should never be assigned the system user # identity. # gen_user(system_u, system_r, s0, s0 - s15:c0.c255, c0.c255) # # user_u is a generic user identity for Linux users who have no # SELinux user identity defined. The modified daemons will use # this user identity in the security context if there is no matching # SELinux user identity for a Linux user. If you do not want to # permit any access to such users, then remove this entry. # ifdef(`targeted_policy',` gen_user(user_u, user_r sysadm_r system_r, s0, s0 - s15:c0.c255, c0.c255) ',` gen_user(user_u, user_r, s0, s0) gen_user(staff_u, staff_r secadm_r sysadm_r, s0, s0 - s15:c0.c255, c0.c255) gen_user(sysadm_u, sysadm_r, s0, s0 - s15:c0.c255, c0.c255) ') # # The following users correspond to Unix identities. # These identities are typically assigned as the user attribute # when login starts the user shell. Users with access to the sysadm_r # role should use the staff_r role instead of the user_r role when # not in the sysadm_r. # ifdef(`targeted_policy',` gen_user(root, user_r sysadm_r system_r, s0, s0 - s15:c0.c255, c0.c255) ',` ifdef(`direct_sysadm_daemon',` gen_user(root, sysadm_r staff_r secadm_r system_r, s0, s0 - s15:c0.c255, c0.c255) ',` gen_user(root, sysadm_r staff_r secadm_r , s0, s0 - s15:c0.c255, c0.c255) ') ')