2005-06-01 15:40:37 +00:00
|
|
|
|
|
|
|
##################################
|
|
|
|
#
|
|
|
|
# Core User configuration.
|
|
|
|
#
|
|
|
|
|
2005-08-08 18:13:56 +00:00
|
|
|
#
|
2006-02-15 19:46:20 +00:00
|
|
|
# gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_catetories])
|
2005-08-08 18:13:56 +00:00
|
|
|
#
|
2006-02-15 19:46:20 +00:00
|
|
|
# Note: Identities without a prefix wil not be listed
|
|
|
|
# in the users_extra file used by genhomedircon.
|
2005-06-01 17:40:22 +00:00
|
|
|
|
2005-12-05 20:31:54 +00:00
|
|
|
#
|
|
|
|
# system_u is the user identity for system processes and objects.
|
|
|
|
# There should be no corresponding Unix user identity for system,
|
|
|
|
# and a user process should never be assigned the system user
|
|
|
|
# identity.
|
|
|
|
#
|
2006-02-15 19:46:20 +00:00
|
|
|
gen_user(system_u,, system_r, s0, s0 - s15:c0.c255, c0.c255)
|
2005-12-05 20:31:54 +00:00
|
|
|
|
2005-06-01 17:40:22 +00:00
|
|
|
#
|
|
|
|
# user_u is a generic user identity for Linux users who have no
|
|
|
|
# SELinux user identity defined. The modified daemons will use
|
|
|
|
# this user identity in the security context if there is no matching
|
|
|
|
# SELinux user identity for a Linux user. If you do not want to
|
|
|
|
# permit any access to such users, then remove this entry.
|
|
|
|
#
|
2005-07-06 20:28:29 +00:00
|
|
|
ifdef(`targeted_policy',`
|
2006-02-15 19:46:20 +00:00
|
|
|
gen_user(user_u, user, user_r sysadm_r system_r, s0, s0 - s15:c0.c255, c0.c255)
|
2005-07-06 20:28:29 +00:00
|
|
|
',`
|
2006-02-15 19:46:20 +00:00
|
|
|
gen_user(user_u, user, user_r, s0, s0)
|
2006-06-12 21:36:38 +00:00
|
|
|
gen_user(staff_u, staff, staff_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - s15:c0.c255, c0.c255)
|
2006-02-15 19:46:20 +00:00
|
|
|
gen_user(sysadm_u, sysadm, sysadm_r, s0, s0 - s15:c0.c255, c0.c255)
|
2005-07-06 20:28:29 +00:00
|
|
|
')
|
2005-06-01 17:40:22 +00:00
|
|
|
|
|
|
|
#
|
|
|
|
# The following users correspond to Unix identities.
|
|
|
|
# These identities are typically assigned as the user attribute
|
|
|
|
# when login starts the user shell. Users with access to the sysadm_r
|
|
|
|
# role should use the staff_r role instead of the user_r role when
|
|
|
|
# not in the sysadm_r.
|
|
|
|
#
|
2005-07-06 20:28:29 +00:00
|
|
|
ifdef(`targeted_policy',`
|
2006-02-15 19:46:20 +00:00
|
|
|
gen_user(root, user, user_r sysadm_r system_r, s0, s0 - s15:c0.c255, c0.c255)
|
2005-07-06 20:28:29 +00:00
|
|
|
',`
|
2005-07-07 15:25:28 +00:00
|
|
|
ifdef(`direct_sysadm_daemon',`
|
2006-06-12 21:36:38 +00:00
|
|
|
gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - s15:c0.c255, c0.c255)
|
2005-08-11 14:35:52 +00:00
|
|
|
',`
|
2006-06-12 21:36:38 +00:00
|
|
|
gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - s15:c0.c255, c0.c255)
|
2005-07-07 15:25:28 +00:00
|
|
|
')
|
2005-07-06 20:28:29 +00:00
|
|
|
')
|