According to https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm... (Table 3.1), guest_u can't use networking. What does this mean, regular users on non-SELinux systems can't modify network parameters?
There are a few non-integrated aspects surrounding restricted users, wondering if this is going to be rectified in the future or is there an underlying reason it was done? Examples:
User deletion doesn't automatically remove any SELinux definition for that user. I experimented enough to learn that, if a user is deleted without removing the SELinux context and later a user with the same name is created then it will automatically have the previously-defined SELinux context. I saw the warnings when using useradd and userdel but wondered why the process wasn't just integrated.
Changing a user to be restricted also requires using 'chcon -R' on their home directory, is there a reason this isn't integrated?
If a user is made restricted and root then does 'su - <user>', 'id -Z' doesn't report the restricted context even though whoami reports the restricted user name. Is this "by design"?
selinux@lists.fedoraproject.org