With the SELinux users available, we can now map Linux users to SELinux users. This will ensure that the users, when logged in to the system, are assigned a default context aligned with this SELinux user.
In order to map Linux users to SELinux users, the following steps can be taken:
List the existing mappings with
semanage login
:~# semanage login -l Login Name SELinux User MLS/MCS Range __default__ user_u s0-s0:c0.c1023 root root s0-s0:c0.c1023 system_u system_u s0-s0:c0.c1023 %wheel sysadm_u s0-s0:c0.c1023
For an individual user account, map the account to an SELinux user with
semanage login
:~# semanage login -a -s dbadm_u user1
It is also possible to assign a group of users to an SELinux user through their primary Linux group. For instance, if a
dba
group exists, it can be assigned to an SELinux...