Declares an SELinux user identifier in the current namespace. Statement definition: Where: user The user keyword. user_id The SELinux user identifier. Example: This will declare an SELinux user as unconfined.user: Associates a previously declared user identifier with a previously declared role identifier. Statement definition: Where: userrole The userrole keyword. user_id A previously declared SELinux user identifier. role_id A previously declared role or roleattribute identifier. Example: This example will associate unconfined.user to unconfined.role: Associates a previously declared user identifier with a previously declared level identifier. The level may be named or anonymous. Statement definition: Where: userlevel The userlevel keyword. user_id A previously declared SELinux user identifier. level_id A previously declared level identifier. This may consist of a single sensitivity with zero or more mixed named and anonymous category's as discussed in the level statement. Example: This example will associate unconfined.user with a named level of systemlow: Associates a previously declared user identifer with a previously declared levelrange identifier. The levelrange may be named or anonymous. Statement definition: Where: userrange The userrange keyword. user_id A previously declared SELinux user identifier. levelrange_id A previously declared levelrange identifier. This may be formed by named or anonymous components as discussed in the levelrange statement and shown in the examples. Example: This example will associate unconfined.user with a named levelrange of low_high, other anonymous examples are also shown: Defines a hierarchical relationship between users where the child user cannot have more priviledges than the parent. Notes: It is not possible to bind the parent to more than one child. While this is added to the binary policy, it is not enforced by the SELinux kernel services. Statement definition: Where: userbounds The userbounds keyword. parent_user_id A previously declared SELinux user identifier. child_user_id A previously declared SELinux user identifier. Example: The user test cannot have greater priviledges than unconfined.user: Declare a user prefix that will be replaced by the file labeling utilities described at http://selinuxproject.org/page/PolicyStoreConfigurationFiles that details the file_contexts entries. Statement definition: Where: userprefix The userprefix keyword. user_id A previously declared SELinux user identifier. prefix The string to be used by the file labeling utilities. Example: This example will associate unconfined.admin user with a prefix of "user": Associates a GNU/Linux user to a previously declared user identifier with a previously declared MLS userrange. Note that the userrange is required even if the policy is non-MCS/MLS. Statement definition: Where: selinuxuser The selinuxuser keyword. user_name A string representing the GNU/Linux user name user_id A previously declared SELinux user identifier. userrange_id A previously declared userrange identifier that has been associated to the user identifier. This may be formed by named or anonymous components as discussed in the userrange statement and shown in the examples. Example: This example will associate unconfined.admin user with a GNU / Linux user "admin_1": Declares the default SELinux user. Only one selinuxuserdefault statement is allowed in the policy. Note that the userrange identifier is required even if the policy is non-MCS/MLS. Statement definition: Where: selinuxuserdefault The selinuxuserdefault keyword. user_id A previously declared SELinux user identifier. userrange_id A previously declared userrange identifier that has been associated to the user identifier. This may be formed by named or anonymous components as discussed in the userrange statement and shown in the examples. Example: This example will define the unconfined.user as the default SELinux user: