################################## # # Core User configuration. # # gen_user(username, role_set, levels) define(`gen_user',` user $1 roles { $2 } ifdef(`enable_mls', `level $3 range $4'); ') # # system_u is the user identity for system processes and objects. # There should be no corresponding Unix user identity for system, # and a user process should never be assigned the system user # identity. # gen_user(system_u, system_r, s0, s0 - s9:c0.c127) # # user_u is a generic user identity for Linux users who have no # SELinux user identity defined. The modified daemons will use # this user identity in the security context if there is no matching # SELinux user identity for a Linux user. If you do not want to # permit any access to such users, then remove this entry. # ifdef(`targeted_policy',` gen_user(user_u, user_r sysadm_r system_r, s0, s0 - s9:c0.c127) ',` gen_user(user_u, user_r, s0, s0 - s9:c0.c127) ') # # The following users correspond to Unix identities. # These identities are typically assigned as the user attribute # when login starts the user shell. Users with access to the sysadm_r # role should use the staff_r role instead of the user_r role when # not in the sysadm_r. # ifdef(`targeted_policy',` gen_user(root, user_r sysadm_r system_r, s0, s0 - s9:c0.c127) ',` gen_user(root, sysadm_r staff_r, s0, s0 - s9:c0.c127) ')