User Roles

User roles define what roles a user can take on. Such a role begins with the keyword user followed by the user name, then the keyword roles, and finally the roles it can use. You will find these rules in the selinux reference policy source code files. The following example is a definition of the system_u user:

user system_u roles system_r;

If a user can have several roles, then they are listed in brackets. The following is the definition of the standard user role in the targeted policy, which allows users to take on system administrative roles:

user user_u roles { user_r sysadm_r system_r };

The strict policy lists only the user_r role. user user_u roles { user_r };

0 0

Post a comment