Show Table of Contents
5.11.3. Creating a User With a Specific MLS Range
Follow these steps to create a new Linux user with a specific MLS range:
- Add a new Linux user via the
useraddcommand and map the new Linux user to an existing SELinux user (in this case,user_u):~]#
useradd -Z user_u john - Assign the newly-created Linux user a password:
~]#
passwd john - Run the
semanage login -lcommand to view the mapping between SELinux and Linux users. The output should be as follows:Login Name SELinux User MLS/MCS Range __default__ user_u s0 john user_u s0 root root s0-s15:c0.c1023 system_u system_u s0-s15:c0.c1023
- Define a specific range for user
john:~]#
semanage login --modify --seuser user_u --range s2:c100 john - Run the
semanage login -lcommand to view the mapping between SELinux and Linux users. Note that the userjohnnow has a specific MLS range defined:Login Name SELinux User MLS/MCS Range __default__ user_u s0 john user_u s2:c100 root root s0-s15:c0.c1023 system_u system_u s0-s15:c0.c1023
- To correct the label on john's home directory (if needed), run the following command:
~]#
chcon -R -l s2:c100 /home/john
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.