mirror of
https://github.com/SELinuxProject/refpolicy
synced 2025-01-26 17:13:14 +00:00
39 lines
1.5 KiB
Plaintext
39 lines
1.5 KiB
Plaintext
##################################
|
|
#
|
|
# User configuration.
|
|
#
|
|
# This file defines each user recognized by the system security policy.
|
|
# Only the user identities defined in this file may be used as the
|
|
# user attribute in a security context.
|
|
#
|
|
# Each user has a set of roles that may be entered by processes
|
|
# with the users identity. The syntax of a user declaration is:
|
|
#
|
|
# user username roles role_set [ ranges MLS_range_set ] level s0 range s0;
|
|
#
|
|
# The MLS range set should only be specified if MLS was enabled
|
|
# for the module and checkpolicy.
|
|
|
|
#
|
|
# system_u is the user identity for system processes and objects.
|
|
# There should be no corresponding Unix user identity for system_u,
|
|
# and a user process should never be assigned the system_u user
|
|
# identity.
|
|
#
|
|
user system_u roles system_r level s0 range s0 - s0:c0.c255;
|
|
|
|
#
|
|
# user_u is a generic user identity for Linux users who have no
|
|
# SELinux user identity defined. Authorized for all roles in the
|
|
# relaxed policy. sysadm_r is retained for compatibility, but could
|
|
# be dropped as long as userspace has no hardcoded dependency on it.
|
|
# user_u must be retained due to present userspace hardcoded dependency.
|
|
#
|
|
user user_u roles { user_r sysadm_r system_r } level s0 range s0 - s0:c0.c255;
|
|
|
|
# root is retained as a separate user identity simply as a compatibility
|
|
# measure with the "strict" policy. It could be dropped and mapped to user_u
|
|
# but this allows existing file contexts that have "root" as the user identity
|
|
# to remain valid.
|
|
user root roles { user_r sysadm_r system_r } level s0 range s0 - s0:c0.c255;
|