Hello Henry,
Please try to be a bit more specific when making questions, it is not clear
at all what you mean or what you need to understand better.
That said, the manual page for seusers(5) contains a description of the
structure of the file, basically:
user_id:seuser_id:range
In your case, you show two lines:
root:root:s0-s0:c0.c1023
and
__default__:user_u:s0-s0
The first field, the user_id, describes the mapping between Linux users and
SELinux users. You can read more in semanage-login(8). The special
designator __default__ applies to all Linux users for which there is not an
explicit mapping defined.
In my Fedora:
$ sudo semanage login -l
Login Name SELinux User MLS/MCS Range Service
__default__ unconfined_u s0-s0:c0.c1023 *
root unconfined_u s0-s0:c0.c1023 *
The second field describes the mapping between SELinux users and SELinux
roles. The manual page you can read is semanage-user(8).
In my system:
$ sudo semanage user -l
Labelling MLS/ MLS/
SELinux User Prefix MCS Level MCS Range
SELinux Roles
guest_u user s0 s0 guest_r
root user s0 s0-s0:c0.c1023
staff_r sysadm_r system_r unconfined_r
staff_u user s0 s0-s0:c0.c1023
staff_r sysadm_r system_r unconfined_r
sysadm_u user s0 s0-s0:c0.c1023
sysadm_r
system_u user s0 s0-s0:c0.c1023
system_r unconfined_r
unconfined_u user s0 s0-s0:c0.c1023
system_r unconfined_r
user_u user s0 s0 user_r
xguest_u user s0 s0
xguest_r
It looks like you have modified the default SELinux user to be user_u.
Does that help?
On Wed, Feb 22, 2023 at 7:01 PM Henry Zhang <henryzhang62(a)gmail.com> wrote:
Hi,
I want to understand content of seuser configuration as:
root:root:s0-s0:c0.c1023
__default__:user_u:s0-s0
I do not know why it looks like that.
----henry
_______________________________________________
selinux mailing list -- selinux(a)lists.fedoraproject.org
To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue