logadm_selinux

Section: logadm SELinux Policy documentation (8)
Updated: logadm
Index Return to Main Contents

NAME

logadm_r - Log administrator role - Security Enhanced Linux Policy

SELinux supports Roles Based Access Control, some Linux roles are login roles, while other roles need to be transition to.

Note: The examples in the man page will user the staff_u user.

Non login roles are usually used for administrative tasks.

Roles usually have default types assigned to them.

The default type for the logadm_r role is logadm_t.

You can use the newrole program to transition directly to this role.

newrole -r logadm_r -t logadm_t

sudo can also be setup to transition to this role using the visudo command.

USERNAME ALL=(ALL) ROLE=logadm_r TYPE=logadm_t COMMAND
sudo will run COMMAND as staff_u:logadm_r:logadm_t:LEVEL

If you want to use a non login role, you need to make sure the SELinux user you are using can reach this role.

You can see all of the assigned SELinux roles using the following

semanage user -l

If you wanted to add logadm_r to the staff_u user, you would execute:

$ semanage user -m -R 'staff_r logadm_r' staff_u

SELinux policy also controls which roles can transition to a different role. You can list these rules using the following command.

sesearch --role_allow

SELinux policy allows the staff_r role can transition to the logadm_r role.

semanage login can also be used to manipulate the Linux User to SELinux User mappings

semanage user can also be used to manipulate SELinux user definitions.

system-config-selinux is a GUI tool available to customize SELinux policy settings.

This manual page was autogenerated by genuserman.py.

This document was created by man2html, using the manual pages.
Time: 05:34:27 GMT, December 24, 2015