##################################

#

# User configuration.

#

# This file defines each user recognized by the system security policy.

# Only the user identities defined in this file may be used as the

# user attribute in a security context.

#

# Each user has a set of roles that may be entered by processes

# with the users identity.  The syntax of a user declaration is:

#

# 	user username roles role_set [ ranges MLS_range_set ] level s0 range s0;

#

# The MLS range set should only be specified if MLS was enabled

# for the module and checkpolicy.

#

# system_u is the user identity for system processes and objects.

# There should be no corresponding Unix user identity for system_u,

# and a user process should never be assigned the system_u user

# identity.

#

user system_u roles system_r level s0 range s0 - s0:c0.c255;

#

# user_u is a generic user identity for Linux users who have no

# SELinux user identity defined.  Authorized for all roles in the

# relaxed policy.  sysadm_r is retained for compatibility, but could

# be dropped as long as userspace has no hardcoded dependency on it.

# user_u must be retained due to present userspace hardcoded dependency.

#

user user_u roles { user_r sysadm_r system_r } level s0 range s0 - s0:c0.c255;

# root is retained as a separate user identity simply as a compatibility

# measure with the "strict" policy.  It could be dropped and mapped to user_u

# but this allows existing file contexts that have "root" as the user identity

# to remain valid.

user root roles { user_r sysadm_r system_r } level s0 range s0 - s0:c0.c255;