Chapter 3. Managing User Logins
When we log in to a SELinux-enabled system, we are assigned a default context to work in. This context contains a SELinux user, a SELinux role, a domain, and optionally, a sensitivity range.
In this chapter, we will:
- Define users that have sufficient rights to do their jobs, ranging from regular users with strict SELinux protections to fully privileged, administrative users with few SELinux protections
- Create and assign categories and sensitivities
- Assign roles to users and use various tools to switch roles
We will end the chapter by learning how SELinux integrates with the Linux authentication process.
User-oriented SELinux contexts
Once logged in to a system, our user will run inside a certain context. This user context ...