[selinux-policy: 240/3172] move user_u and root to users
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:25:42 UTC 2010
commit 2fc84fd172d9bbf221740ed7bbb9d55e1fafd6f4
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Jun 1 17:40:22 2005 +0000
move user_u and root to users
refpolicy/config/local.users | 4 ----
refpolicy/policy/users | 18 ++++++++++++++++++
2 files changed, 18 insertions(+), 4 deletions(-)
---
diff --git a/refpolicy/config/local.users b/refpolicy/config/local.users
index 887f6f7..7e2bf7a 100644
--- a/refpolicy/config/local.users
+++ b/refpolicy/config/local.users
@@ -14,10 +14,6 @@
# The MLS default level and allowed range should only be specified if
# MLS was enabled in the policy.
-user user_u roles { user_r };
-
-user root roles { sysadm_r staff_r };
-
# sample for administrative user
# user jadmin roles { staff_r sysadm_r };
diff --git a/refpolicy/policy/users b/refpolicy/policy/users
index a7a51b1..bb9d37b 100644
--- a/refpolicy/policy/users
+++ b/refpolicy/policy/users
@@ -11,3 +11,21 @@
# identity.
#
user system_u roles system_r user_mls(s0,s0 - s9:c0.c127);
+
+#
+# user_u is a generic user identity for Linux users who have no
+# SELinux user identity defined. The modified daemons will use
+# this user identity in the security context if there is no matching
+# SELinux user identity for a Linux user. If you do not want to
+# permit any access to such users, then remove this entry.
+#
+user user_u roles { user_r } user_mls(s0,s0 - s9:c0.c127);
+
+#
+# The following users correspond to Unix identities.
+# These identities are typically assigned as the user attribute
+# when login starts the user shell. Users with access to the sysadm_r
+# role should use the staff_r role instead of the user_r role when
+# not in the sysadm_r.
+#
+user root roles { sysadm_r staff_r } user_mls(s0,s0 - s9:c0.c127);
More information about the scm-commits
mailing list