blob: 83755aa09fc5e62255ce369f054b5980baa5f66a [file] [log] [blame] [edit]
By Default on a SELinux Targeted Policy system, all users login using the unconfined_t user.
SELinux has a very powerful concept called confined users. You can setup individual users on your system to login with different SELinux user types. This SELinux User Screen allows you to create/modify SELinux Users and map them to SELinux Roles and MLS/MCS Ranges
Default SELinux Users:
* Terminal user/ssh - guest_u
- No Network, No setuid, no exec in homedir
* Browser user/kiosk - xguest_u
- Web access ports only. No setuid, no exec in homedir
* Full Desktop user - User_u
- Full Network, No SETUID.
* Confined Admin/Desktop User - Staff_u
- Full Network, sudo to admin only, no root password. Usually a confined admin
* Unconfined user - unconfined_u (Default)
- SELinux does not block access.