On Mon, 2014-09-29 at 14:17 +0200, Miroslav Grepl wrote: > On 09/29/2014 08:32 AM, William wrote: > > Hi, > > > > On my Fedora 20 system, I list roles and I can see: > > > > semanage user -l > > > > Labeling MLS/ MLS/ > > SELinux User Prefix MCS Level MCS Range > > SELinux Roles > > > > guest_u user s0 s0 > > guest_r > > root user s0 s0-s0:c0.c1023 > > staff_r sysadm_r system_r unconfined_r > > staff_u user s0 s0-s0:c0.c1023 > > staff_r sysadm_r system_r unconfined_r > > sysadm_u user s0 s0-s0:c0.c1023 > > sysadm_r > > system_u user s0 s0-s0:c0.c1023 > > system_r unconfined_r > > unconfined_u user s0 s0-s0:c0.c1023 > > system_r unconfined_r > > user_u user s0 s0 > > user_r > > xguest_u user s0 s0 > > xguest_r > > > > > > However http://www.selinuxproject.org/page/RefpolicyBasicRoleCreation > > lists roles such as logadm_r etc. Is there a reason these are not in > > f20? > This is what we define for the default SELinux users. You can list all > roles using > > $ seinfo -r > > and you can assign them to a user using semanage-user. As promised: Roles: 14 auditadm_r dbadm_r guest_r staff_r user_r logadm_r object_r secadm_r sysadm_r system_r webadm_r xguest_r nx_server_r unconfined_r I'll do my research from here. Thanks for the pointer. Perhaps there should be a consistent semanage role set of commands? -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
