개요

SELinux user mapping

As the Linux root user, run the semanage login -l command to view the mapping between Linux users and SELinux users:

~]# semanage login -l

Login Name SELinux User MLS/MCS Range

__default__ unconfined_u s0-s0:c0.c1023
root unconfined_u s0-s0:c0.c1023
system_u system_u s0-s0:c0.c1023

모든 사용자는 기본적으로 __default__  에 매핑되고 SElinux user 는 unconfined_u 이다.

 

Confining New Linux Users: useradd

현재 login user 의 policy 보기

~]$ id -Z
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

 

사용자 추가시 user mapping 지정

As the Linux root user, run the useradd -Z user_u useruuser command to create a new Linux user (useruuser) that is mapped to the SELinux user_u user.

기존 사용자는 usermod -Z 로 mapping 수정 가능
semanage 로 user mapping 확인

As the Linux root user, run the semanage login -l command to view the mapping between the Linux useruuser user and user_u:

참고 자료





blog comments powered by Disqus