Re: Roles in selinux
On Mon, 2014-09-29 at 14:17 +0200, Miroslav Grepl wrote:
On 09/29/2014 08:32 AM, William wrote:
> Hi,
>
> On my Fedora 20 system, I list roles and I can see:
>
> semanage user -l
>
> Labeling MLS/ MLS/
> SELinux User Prefix MCS Level MCS Range
> SELinux Roles
>
> guest_u user s0 s0
> guest_r
> root user s0 s0-s0:c0.c1023
> staff_r sysadm_r system_r unconfined_r
> staff_u user s0 s0-s0:c0.c1023
> staff_r sysadm_r system_r unconfined_r
> sysadm_u user s0 s0-s0:c0.c1023
> sysadm_r
> system_u user s0 s0-s0:c0.c1023
> system_r unconfined_r
> unconfined_u user s0 s0-s0:c0.c1023
> system_r unconfined_r
> user_u user s0 s0
> user_r
> xguest_u user s0 s0
> xguest_r
>
>
> However http://www.selinuxproject.org/page/RefpolicyBasicRoleCreation
> lists roles such as logadm_r etc. Is there a reason these are not in
> f20?
This is what we define for the default SELinux users. You can list all
roles using
$ seinfo -r
and you can assign them to a user using semanage-user.
As promised:
Roles: 14
auditadm_r
dbadm_r
guest_r
staff_r
user_r
logadm_r
object_r
secadm_r
sysadm_r
system_r
webadm_r
xguest_r
nx_server_r
unconfined_r
I'll do my research from here. Thanks for the pointer.
Perhaps there should be a consistent semanage role set of commands?