unconfined_selinux

Section: unconfined SELinux Policy documentation (8)
Updated: unconfined
Index Return to Main Contents

NAME

unconfined_r - Unconfiend user role - Security Enhanced Linux Policy

SELinux supports Roles Based Access Control, some Linux roles are login roles, while other roles need to be transition to.

Note: The examples in the man page will user the staff_u user.

Non login roles are usually used for administrative tasks.

Roles usually have default types assigned to them.

The default type for the unconfined_r role is unconfined_t.

You can use the newrole program to transition directly to this role.

newrole -r unconfined_r -t unconfined_t

sudo can also be setup to transition to this role using the visudo command.

USERNAME ALL=(ALL) ROLE=unconfined_r TYPE=unconfined_t COMMAND
sudo will run COMMAND as staff_u:unconfined_r:unconfined_t:LEVEL

If you want to use a non login role, you need to make sure the SELinux user you are using can reach this role.

You can see all of the assigned SELinux roles using the following

semanage user -l

If you wanted to add unconfined_r to the staff_u user, you would execute:

$ semanage user -m -R 'staff_r unconfined_r' staff_u

SELinux policy also controls which roles can transition to a different role. You can list these rules using the following command.

sesearch --role_allow

SELinux policy allows the staff_r role can transition to the unconfined_r role.

semanage login can also be used to manipulate the Linux User to SELinux User mappings

semanage user can also be used to manipulate SELinux user definitions.

system-config-selinux is a GUI tool available to customize SELinux policy settings.

This manual page was autogenerated by genuserman.py.

This document was created by man2html, using the manual pages.
Time: 05:34:31 GMT, December 24, 2015