Red Hat SummitEste contenido no está disponible en el idioma seleccionado.
6.4. Changing the Default Mapping
In Red Hat Enterprise Linux 6, Linux users are mapped to the SELinux
__default__ login by default (which is in turn mapped to the SELinux unconfined_u user). If you would like new Linux users, and Linux users not specifically mapped to an SELinux user to be confined by default, change the default mapping with the semanage login command.
For example, run the following command as the Linux root user to change the default mapping from
unconfined_u to user_u:
~]# semanage login -m -S targeted -s "user_u" -r s0 __default__
Run the
semanage login -l command as the Linux root user to verify the __default__ login is mapped to user_u:
~]# semanage login -l
Login Name SELinux User MLS/MCS Range
__default__ user_u s0
root unconfined_u s0-s0:c0.c1023
system_u system_u s0-s0:c0.c1023
If a new Linux user is created and an SELinux user is not specified, or if an existing Linux user logs in and does not match a specific entry from the
semanage login -l output, they are mapped to user_u, as per the __default__ login.
To change back to the default behavior, run the following command as the Linux root user to map the
__default__ login to the SELinux unconfined_u user:
~]# semanage login -m -S targeted -s "unconfined_u" -r s0-s0:c0.c1023 __default__