##################################

#

# User configuration.

#

# This file defines each user recognized by the system security policy.

# Only the user identities defined in this file may be used as the

# user attribute in a security context.

#

# Each user has a set of roles that may be entered by processes

# with the users identity.  The syntax of a user declaration is:

#

# 	user username roles role_set [ level default_level range allowed_range ];

#

# The MLS default level and allowed range should only be specified if 

# MLS was enabled in the policy.

#

# system_u is the user identity for system processes and objects.

# There should be no corresponding Unix user identity for system_u,

# and a user process should never be assigned the system_u user

# identity.

#

user system_u roles system_r;

#

# user_u is a generic user identity for Linux users who have no

# SELinux user identity defined.  The modified daemons will use

# this user identity in the security context if there is no matching

# SELinux user identity for a Linux user.  If you do not want to

# permit any access to such users, then remove this entry.

#

user user_u roles { user_r }; 

#

# The following users correspond to Unix identities.

# These identities are typically assigned as the user attribute

# when login starts the user shell.  Users with access to the sysadm_r

# role should use the staff_r role instead of the user_r role when

# not in the sysadm_r.

#

# The sysadm_r user also needs to be permitted system_r if we are to allow

# direct execution of daemons

user root roles { sysadm_r staff_r ifdef(`direct_sysadm_daemon', `system_r') };

# sample for administrative user

#user jadmin roles { staff_r sysadm_r ifdef(`direct_sysadm_daemon', `system_r') };

# sample for regular user

#user jdoe roles { user_r };