Mapping Oracle Linux Users to SELinux Confined Users
By default, users are mapped to the unconfined_u SELinux user when they're
created. Users can check their security context by running:
id -ZThe output is similar to the following:
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023A system administrator can map an Oracle Linux user to an SELinux
confined user to apply different levels of access. For example, to map the
oracle user to the SELinux user_u user, use the
semanage command:
sudo semanage login -a -s user_u oracleWhen you create a user, you can specify the SELinux user mapping when you run the
useradd command. For example, to add a privileged
oracleadmin user that maps onto the SELinux staff_u
user, run:
sudo useradd -Z staff_u oracleadmin