selinux-policy/policy/users

##################################
#
# Core User configuration.
#

#
# gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_catetories])
#
# Note: Identities without a prefix will not be listed
# in the users_extra file used by genhomedircon.

#
# system_u is the user identity for system processes and objects.
# There should be no corresponding Unix user identity for system,
# and a user process should never be assigned the system user
# identity.
#
gen_user(system_u,, system_r unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats)

#
# user_u is a generic user identity for Linux users who have no
# SELinux user identity defined.  The modified daemons will use
# this user identity in the security context if there is no matching
# SELinux user identity for a Linux user.  If you do not want to
# permit any access to such users, then remove this entry.
#
gen_user(user_u, user, user_r, s0, s0)
gen_user(staff_u, user, staff_r system_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
gen_user(sysadm_u, user, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)

#
# The following users correspond to Unix identities.
# These identities are typically assigned as the user attribute
# when login starts the user shell.  Users with access to the sysadm_r
# role should use the staff_r role instead of the user_r role when
# not in the sysadm_r.
#
gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
move flask dir to top level, and update them from nsa cvs. move files in misc to top level. make mls support work. 2005-06-01 15:40:37 +00:00			`##################################`
			`#`
			`# Core User configuration.`
			`#`

fix gen_user comment for more clarity 2005-08-08 18:13:56 +00:00			`#`
add users_extra support 2006-02-15 19:46:20 +00:00			`# gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_catetories])`
fix gen_user comment for more clarity 2005-08-08 18:13:56 +00:00			`#`
Typo in policy/users Signed-off-by: Justin P. Mattock <justinmattock@gmail.com> Signed-off-by: Chris PeBenito <cpebenito@tresys.com> 2009-12-13 02:39:23 +00:00			`# Note: Identities without a prefix will not be listed`
add users_extra support 2006-02-15 19:46:20 +00:00			`# in the users_extra file used by genhomedircon.`
move user_u and root to users 2005-06-01 17:40:22 +00:00
merge systemuser back in to users 2005-12-05 20:31:54 +00:00			`#`
			`# system_u is the user identity for system processes and objects.`
			`# There should be no corresponding Unix user identity for system,`
			`# and a user process should never be assigned the system user`
			`# identity.`
			`#`
Apply Dominick Grift typo fixes 2010-08-30 21:32:41 +00:00			`gen_user(system_u,, system_r unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats)`
merge systemuser back in to users 2005-12-05 20:31:54 +00:00
move user_u and root to users 2005-06-01 17:40:22 +00:00			`#`
			`# user_u is a generic user identity for Linux users who have no`
			`# SELinux user identity defined. The modified daemons will use`
			`# this user identity in the security context if there is no matching`
			`# SELinux user identity for a Linux user. If you do not want to`
			`# permit any access to such users, then remove this entry.`
			`#`
add users_extra support 2006-02-15 19:46:20 +00:00			`gen_user(user_u, user, user_r, s0, s0)`
UPdate for f14 policy 2010-08-26 13:41:21 +00:00			gen_user(staff_u, user, staff_r system_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
			`gen_user(sysadm_u, user, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)`
move user_u and root to users 2005-06-01 17:40:22 +00:00
			`#`
			`# The following users correspond to Unix identities.`
			`# These identities are typically assigned as the user attribute`
			`# when login starts the user shell. Users with access to the sysadm_r`
			`# role should use the staff_r role instead of the user_r role when`
			`# not in the sysadm_r.`
			`#`
UPdate for f14 policy 2010-08-26 13:41:21 +00:00			gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)