SELinux users and roles
Within SELinux systems, the moment a user logs in, the login system checks which SELinux user his or her login is mapped to. Then, when a SELinux user is found, the system looks up the role and domain that the user should be in and sets that as the user's context.
Listing SELinux user mappings
When logged in to the system, we can use id -Z
to obtain the current SELinux context. For many users, this context will be unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
, regardless of their username. If not that, it will be a context based on one of sysadm_u
, staff_u
, or user_u
. This is because the majority of Linux distributions will only provide a limited set of SELinux users by default, aligned with the SELinux roles that ...
Get SELinux System Administration - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.