selinux-refpolicy/targeted/users

39 lines
1.5 KiB
Plaintext

##################################
#
# User configuration.
#
# This file defines each user recognized by the system security policy.
# Only the user identities defined in this file may be used as the
# user attribute in a security context.
#
# Each user has a set of roles that may be entered by processes
# with the users identity. The syntax of a user declaration is:
#
# user username roles role_set [ ranges MLS_range_set ] level s0 range s0;
#
# The MLS range set should only be specified if MLS was enabled
# for the module and checkpolicy.
#
# system_u is the user identity for system processes and objects.
# There should be no corresponding Unix user identity for system_u,
# and a user process should never be assigned the system_u user
# identity.
#
user system_u roles system_r level s0 range s0 - s0:c0.c255;
#
# user_u is a generic user identity for Linux users who have no
# SELinux user identity defined. Authorized for all roles in the
# relaxed policy. sysadm_r is retained for compatibility, but could
# be dropped as long as userspace has no hardcoded dependency on it.
# user_u must be retained due to present userspace hardcoded dependency.
#
user user_u roles { user_r sysadm_r system_r } level s0 range s0 - s0:c0.c255;
# root is retained as a separate user identity simply as a compatibility
# measure with the "strict" policy. It could be dropped and mapped to user_u
# but this allows existing file contexts that have "root" as the user identity
# to remain valid.
user root roles { user_r sysadm_r system_r } level s0 range s0 - s0:c0.c255;