selinux-refpolicy/refpolicy/policy/users

49 lines
1.4 KiB
Plaintext
Raw Normal View History

##################################
#
# Core User configuration.
#
# gen_user(username, role_set, levels)
2005-06-09 22:46:38 +00:00
define(`gen_user',`
user $1 roles { $2 } ifdef(`enable_mls', `level $3 range $4');
')
#
# system_u is the user identity for system processes and objects.
# There should be no corresponding Unix user identity for system,
# and a user process should never be assigned the system user
# identity.
#
gen_user(system_u, system_r, s0, s0 - s9:c0.c127)
2005-06-01 17:40:22 +00:00
#
# user_u is a generic user identity for Linux users who have no
# SELinux user identity defined. The modified daemons will use
# this user identity in the security context if there is no matching
# SELinux user identity for a Linux user. If you do not want to
# permit any access to such users, then remove this entry.
#
2005-07-06 20:28:29 +00:00
ifdef(`targeted_policy',`
gen_user(user_u, user_r sysadm_r system_r, s0, s0 - s9:c0.c127)
',`
gen_user(user_u, user_r, s0, s0 - s9:c0.c127)
2005-07-06 20:28:29 +00:00
')
2005-06-01 17:40:22 +00:00
#
# The following users correspond to Unix identities.
# These identities are typically assigned as the user attribute
# when login starts the user shell. Users with access to the sysadm_r
# role should use the staff_r role instead of the user_r role when
# not in the sysadm_r.
#
2005-07-06 20:28:29 +00:00
ifdef(`targeted_policy',`
2005-07-07 15:25:28 +00:00
gen_user(root, user_r sysadm_r system_r, s0, s0 - s9:c0.c127)
2005-07-06 20:28:29 +00:00
',`
2005-07-07 15:25:28 +00:00
ifdef(`direct_sysadm_daemon',`
gen_user(root, sysadm_r staff_r system_r, s0, s0 - s9:c0.c127)
',`
gen_user(root, sysadm_r staff_r, s0, s0 - s9:c0.c127)
')
2005-07-06 20:28:29 +00:00
')