O'Reilly logo

SELinux System Administration - Second Edition by Sven Vermeulen

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

SELinux users and roles

Within SELinux systems, the moment a user logs in, the login system checks which SELinux user his or her login is mapped to. Then, when a SELinux user is found, the system looks up the role and domain that the user should be in and sets that as the user's context.

Listing SELinux user mappings

When logged in to the system, we can use id -Z to obtain the current SELinux context. For many users, this context will be unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023, regardless of their username. If not that, it will be a context based on one of sysadm_u, staff_u, or user_u. This is because the majority of Linux distributions will only provide a limited set of SELinux users by default, aligned with the SELinux roles that ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required