As described in Administering SELinux Security Context, each SELinux user account compliments a regular Oracle Linux user account. SELinux maps every Oracle Linux user to an SELinux user identity that's used in the SELinux context for the processes in a user session.

SELinux users form part of a SELinux policy that's authorized for a specific set of roles and for a specific MLS (Multi-Level Security) range, and each Oracle Linux user is mapped to an SELinux user as part of the policy. As a result, Linux users inherit the restrictions and security rules and mechanisms placed on SELinux users. To define the roles and levels of users, the mapped SELinux user identity is used in the SELinux context for processes in a session.

By default, users are mapped to the unconfined_u SELinux user when they're created, unless otherwise specified. With that setting, SELinux functions in a nonrestrictive capacity. To improve system security, you can change the default user mapping and start applying different user mappings for different user requirements on the system.