Roles in selinux
William
william at firstyear.id.au
Mon Sep 29 13:10:21 UTC 2014
On Mon, 2014-09-29 at 14:17 +0200, Miroslav Grepl wrote:
> On 09/29/2014 08:32 AM, William wrote:
> > Hi,
> >
> > On my Fedora 20 system, I list roles and I can see:
> >
> > semanage user -l
> >
> > Labeling MLS/ MLS/
> > SELinux User Prefix MCS Level MCS Range
> > SELinux Roles
> >
> > guest_u user s0 s0
> > guest_r
> > root user s0 s0-s0:c0.c1023
> > staff_r sysadm_r system_r unconfined_r
> > staff_u user s0 s0-s0:c0.c1023
> > staff_r sysadm_r system_r unconfined_r
> > sysadm_u user s0 s0-s0:c0.c1023
> > sysadm_r
> > system_u user s0 s0-s0:c0.c1023
> > system_r unconfined_r
> > unconfined_u user s0 s0-s0:c0.c1023
> > system_r unconfined_r
> > user_u user s0 s0
> > user_r
> > xguest_u user s0 s0
> > xguest_r
> >
> >
> > However http://www.selinuxproject.org/page/RefpolicyBasicRoleCreation
> > lists roles such as logadm_r etc. Is there a reason these are not in
> > f20?
> This is what we define for the default SELinux users. You can list all
> roles using
>
> $ seinfo -r
>
> and you can assign them to a user using semanage-user.
As promised:
Roles: 14
auditadm_r
dbadm_r
guest_r
staff_r
user_r
logadm_r
object_r
secadm_r
sysadm_r
system_r
webadm_r
xguest_r
nx_server_r
unconfined_r
I'll do my research from here. Thanks for the pointer.
Perhaps there should be a consistent semanage role set of commands?
More information about the selinux
mailing list