This section describes the user configuration contained in the users file. This configuration defines each user recognized by the security policy. It specifies the roles that can be associated with each user.
The system_u user is the user identity for system processes and objects. There should be no corresponding Unix identity for the Flask system_u user, and a user process should never be assigned the system_u user identity. The system_r role can be associated with this user identity.
The remaining users listed in this configuration correspond to Unix identities in the /etc/passwd file. These user identities are assigned to user processes when login creates the user shell. The user_r role can be associated with any user. The sysadm_r role can be associated with any system administrator.
Although a user may be authorized for an administrator role, the user should still login in the user_r role unless he is performing administrative tasks. Otherwise, the user may unintentionally abuse his privileges. Currently, the ability of an administrator to login in the user_r role is complicated by the fact that the administrator's home directory has a separate type that is not writeable by the user_t domain. This problem will be solved either by adding support for multiple home directories for a user or by adding support for polyinstantiated directories.