When we log in to a SELinux-enabled system, we are assigned a default context to work in. This context contains a SELinux user, a SELinux role, a domain, and optionally, a sensitivity range.
In this chapter, we will:
Define users that have sufficient rights to do their jobs, ranging from regular users with strict SELinux protections to fully privileged, administrative users with few SELinux protections
Create and assign categories and sensitivities
Assign roles to users and use various tools to switch roles
We will end the chapter by learning how SELinux integrates with the Linux authentication process.