newrole man page on SuSE
Man page or keyword search:  
man Server   14857 pages
apropos Keyword Search (all sections)
Output format
SuSE logo
[printable version] 
NEWROLE(1)			      NSA			    NEWROLE(1)

NAME
       newrole - run a shell with a new SELinux role

SYNOPSIS
       newrole	[-r|--role]  ROLE  [-t|--type]	TYPE  [-l|--level]  LEVEL  [--
       [ARGS]...]

DESCRIPTION
       Run a new shell in a new context.  The new context is derived from  the
       old  context  in	 which	newrole	 is originally executed.  If the -r or
       --role option is specified, then the new context	 will  have  the  role
       specified  by  ROLE.  If the -t or --type option is specified, then the
       new context will have the type (domain) specified by TYPE.  If  a  role
       is  specified,  but  no	type is specified, the default type is derived
       from the specified role.	 If the -l or  --level	option	is  specified,
       then  the  new  context	will  have  the sensitivity level specified by
       LEVEL.  If LEVEL is a range, the new context will have the  sensitivity
       level and clearance specified by that range.

       Additional  arguments  ARGS may be provided after a -- option, in which
       case they are supplied to the new shell.	 In particular, an argument of
       --  -c  will cause the next argument to be treated as a command by most
       command interpreters.

       If a command argument is specified to newrole and the command  name  is
       found  in  /etc/selinux/newrole_pam.conf,  then	the  pam  service name
       listed in that file for the command will be used rather than the normal
       newrole	pam configuration.  This allows for per-command pam configura‐
       tion when invoked via newrole, e.g. to skip the interactive  re-authen‐
       tication phase.

       The  new	 shell	will be the shell specified in the user's entry in the
       /etc/passwd file.

       The -V or --version shows the current version of newrole

EXAMPLE
       Changing role:
	  # id -Z
	  staff_u:staff_r:staff_t:SystemLow-SystemHigh
	  # newrole -r sysadm_r
	  # id -Z
	  staff_u:sysadm_r:sysadm_t:SystemLow-SystemHigh

       Changing sensitivity only:
	  # id -Z
	  staff_u:sysadm_r:sysadm_t:Unclassified-SystemHigh
	  # newrole -l Secret
	  # id -Z
	  staff_u:sysadm_r:sysadm_t:Secret-SystemHigh

       Changing sensitivity and clearance:
	  # id -Z
	  staff_u:sysadm_r:sysadm_t:Unclassified-SystemHigh
	  # newrole -l Secret-Secret
	  # id -Z
	  staff_u:sysadm_r:sysadm_t:Secret

       Running a program in a given role or level:
	  # newrole -r sysadm_r -- -c "/path/to/app arg1 arg2..."
	  # newrole -l Secret -- -c "/path/to/app arg1 arg2..."

FILES
       /etc/passwd - user account information
       /etc/shadow - encrypted passwords and age information
       /etc/selinux/<policy>/contexts/default_type - default types for roles
       /etc/selinux/<policy>/contexts/securetty_types -	 securetty  types  for
       level changes
       /etc/selinux/newrole_pam.conf  -	 optional mapping of commands to sepa‐
       rate pam service names

SEE ALSO
       runcon (1)

AUTHORS
       Anthony Colatrella
       Tim Fraser
       Steve Grubb <sgrubb@redhat.com>
       Darrel Goeddel <DGoeddel@trustedcs.com>
       Michael Thompson <mcthomps@us.ibm.com>
       Dan Walsh <dwalsh@redhat.com>

Security Enhanced Linux		 October 2000			    NEWROLE(1)
[top]

List of man pages available for SuSE

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net