Roles in selinux
Miroslav Grepl
mgrepl at redhat.com
Mon Sep 29 12:17:23 UTC 2014
On 09/29/2014 08:32 AM, William wrote:
> Hi,
>
> On my Fedora 20 system, I list roles and I can see:
>
> semanage user -l
>
> Labeling MLS/ MLS/
> SELinux User Prefix MCS Level MCS Range
> SELinux Roles
>
> guest_u user s0 s0
> guest_r
> root user s0 s0-s0:c0.c1023
> staff_r sysadm_r system_r unconfined_r
> staff_u user s0 s0-s0:c0.c1023
> staff_r sysadm_r system_r unconfined_r
> sysadm_u user s0 s0-s0:c0.c1023
> sysadm_r
> system_u user s0 s0-s0:c0.c1023
> system_r unconfined_r
> unconfined_u user s0 s0-s0:c0.c1023
> system_r unconfined_r
> user_u user s0 s0
> user_r
> xguest_u user s0 s0
> xguest_r
>
>
> However http://www.selinuxproject.org/page/RefpolicyBasicRoleCreation
> lists roles such as logadm_r etc. Is there a reason these are not in
> f20?
This is what we define for the default SELinux users. You can list all
roles using
$ seinfo -r
and you can assign them to a user using semanage-user.
More information about the selinux
mailing list