Currently applied to libsetrans, since we have come to no conclusion on 
where this should go.

Currently takes a file of the format
cat /etc/selinux/seusers.conf
dwalsh:staff_u:s0-s0:c1,c5
pwalsh:user_u::   #This is an error
rwalsh:user_u:s4
root:staff_u:s0-s0-s0:c0,c127
default:user_u:s0

Currently I placed the flat file in /etc/selinux/ directory, but might 
be better off in the policy directory, since s4 or staff_u might not be 
defined for MCS policy.

Eventually this function will call out to LDAP also, so not a good 
candidate for libselinux, unless we want the ls command linking against 
LDAP.

I want to add this function to login programs (Pam, gdm) in order to 
limit MCS users.

Need to figure out what to do if no entries are returned.  (I guess 
allow policy to decide.)  Maybe we should eliminate default entry?

Function returns structure containing

username
seusername
sensitivity (Could be a range)
Categories.(Can be null).

When you call selinux functions you will need to create a level by 
appending Sensitivity + ":" + Categories

Dan