1By Default on a SELinux Targeted Policy system, all users login using the unconfined_t user. 2 3SELinux has a very powerful concept called confined users. You can setup individual users on your system to login with different SELinux user types. This SELinux User Screen allows you to create/modify SELinux Users and map them to SELinux Roles and MLS/MCS Ranges 4 5Default SELinux Users: 6 7* Terminal user/ssh - guest_u 8 - No Network, No setuid, no exec in homedir 9 10* Browser user/kiosk - xguest_u 11 - Web access ports only. No setuid, no exec in homedir 12 13* Full Desktop user - User_u 14 - Full Network, No SETUID. 15 16* Confined Admin/Desktop User - Staff_u 17 - Full Network, sudo to admin only, no root password. Usually a confined admin 18 19* Unconfined user - unconfined_u (Default) 20 - SELinux does not block access. 21