unconfined_selinuxSection: unconfined SELinux Policy documentation (8)
Index Return to Main Contents
NAMEunconfined_r - Unconfiend user role - Security Enhanced Linux Policy
SELinux supports Roles Based Access Control, some Linux roles are login roles, while other roles need to be transition to.
Note: The examples in the man page will user the staff_u user.
Non login roles are usually used for administrative tasks.
Roles usually have default types assigned to them.
The default type for the unconfined_r role is unconfined_t.
You can use the newrole program to transition directly to this role.
newrole -r unconfined_r -t unconfined_t
sudo can also be setup to transition to this role using the visudo command.
USERNAME ALL=(ALL) ROLE=unconfined_r TYPE=unconfined_t COMMAND
sudo will run COMMAND as staff_u:unconfined_r:unconfined_t:LEVEL
If you want to use a non login role, you need to make sure the SELinux user you are using can reach this role.
You can see all of the assigned SELinux roles using the following
semanage user -l
If you wanted to add unconfined_r to the staff_u user, you would execute:
$ semanage user -m -R 'staff_r unconfined_r' staff_u
SELinux policy also controls which roles can transition to a different role. You can list these rules using the following command.
SELinux policy allows the staff_r role can transition to the unconfined_r role.
semanage login can also be used to manipulate the Linux User to SELinux User mappings
semanage user can also be used to manipulate SELinux user definitions.
system-config-selinux is a GUI tool available to customize SELinux policy settings.
AUTHORThis manual page was autogenerated by genuserman.py.
SEE ALSOselinux(8), semanage(8).
This document was created by man2html, using the manual pages.
Time: 05:34:31 GMT, December 24, 2015