Configure the operating system to confine SELinux users to roles that conform
to least privilege. Use the following command to map the "staff_u" SELinux user
to the "staff_r" and "sysadm_r" roles:
$ sudo semanage user -m staff_u -R staff_r -R sysadm_r
Use the following command to map the "user_u" SELinux user to the "user_r" role:
$ sudo semanage -m user_u -R user_r