diff --git a/refpolicy/policy/users b/refpolicy/policy/users index bb9d37bb4..3477aa70c 100644 --- a/refpolicy/policy/users +++ b/refpolicy/policy/users @@ -4,13 +4,18 @@ # Core User configuration. # +# gen_user(username, role_set, levels) +define(`gen_user_ass',` + user $1 { $2 } ifdef(`enable_mls', `level $3 range $4'); +') + # # system_u is the user identity for system processes and objects. # There should be no corresponding Unix user identity for system, # and a user process should never be assigned the system user # identity. # -user system_u roles system_r user_mls(s0,s0 - s9:c0.c127); +gen_user(system_u, system_r, s0, s0 - s9:c0.c127) # # user_u is a generic user identity for Linux users who have no @@ -19,7 +24,7 @@ user system_u roles system_r user_mls(s0,s0 - s9:c0.c127); # SELinux user identity for a Linux user. If you do not want to # permit any access to such users, then remove this entry. # -user user_u roles { user_r } user_mls(s0,s0 - s9:c0.c127); +gen_user(user_u, user_r, s0, s0 - s9:c0.c127) # # The following users correspond to Unix identities. @@ -28,4 +33,4 @@ user user_u roles { user_r } user_mls(s0,s0 - s9:c0.c127); # role should use the staff_r role instead of the user_r role when # not in the sysadm_r. # -user root roles { sysadm_r staff_r } user_mls(s0,s0 - s9:c0.c127); +gen_user(root, sysadm_r staff_r, s0, s0 - s9:c0.c127)