[ubuntu-hardened] selinux - mapping question

yossi ozani yossiozani at gmail.com
Wed Mar 11 22:52:41 GMT 2009

Hi all...

I started to learn selinux and I have a question about mapping in selinux.
I logged in as *staff_u. *The command *id -Z* gives me the following
context: user_u:*user_r*:user_t
The command: *semanage user -l |grep staff_u*
print the output: *staff_u         sysadm_r staff_r*

*My questions:*
1) How the login process know to choose the *staff_r* role and not the*sysadm_r
* role ?
2) If only one is the appropriate role why I can see a list of roles to some
seusers like *staff_u* and *root* ?

Many thanks for the help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20090312/416bf535/attachment.htm 

More information about the ubuntu-hardened mailing list