NEWROLE - Online Linux Manual PageSection : 1
Updated : October 2000
Source : Security Enhanced Linux
Note : NSA

NAMEnewrole − run a shell with a new SELinux role

SYNOPSISnewrole [-r|--role] ROLE [-t|--type] TYPE [-l|--level] [-p|--preserve-environment] LEVEL [-- [ARGS]...]

DESCRIPTIONRun a new shell in a new context. The new context is derived from the old context in which newrole is originally executed. If the -r or --role option is specified, then the new context will have the role specified by ROLE. If the -t or --type option is specified, then the new context will have the type (domain) specified by TYPE. If a role is specified, but no type is specified, the default type is derived from the specified role. If the -l or --level option is specified, then the new context will have the sensitivity level specified by LEVEL. If LEVEL is a range, the new context will have the sensitivity level and clearance specified by that range. If the -p or --preserve-environment option is specified, the shell with the new SELinux context will preserve environment variables, otherwise a new minimal environment is created. Additional arguments ARGS may be provided after a -- option, in which case they are supplied to the new shell. In particular, an argument of −− −c will cause the next argument to be treated as a command by most command interpreters. If a command argument is specified to newrole and the command name is found in /etc/selinux/newrole_pam.conf, then the pam service name listed in that file for the command will be used rather than the normal newrole pam configuration. This allows for per-command pam configuration when invoked via newrole, e.g. to skip the interactive re-authentication phase. The new shell will be the shell specified in the user's entry in the /etc/passwd file. The -V or --version shows the current version of newrole

EXAMPLE
Changing role:
   # id −Z
   staff_u:staff_r:staff_t:SystemLow-SystemHigh
   # newrole −r sysadm_r
   # id −Z
   staff_u:sysadm_r:sysadm_t:SystemLow-SystemHigh Changing sensitivity only:
   # id −Z
   staff_u:sysadm_r:sysadm_t:Unclassified-SystemHigh
   # newrole −l Secret
   # id −Z
   staff_u:sysadm_r:sysadm_t:Secret-SystemHigh Changing sensitivity and clearance:
   # id −Z
   staff_u:sysadm_r:sysadm_t:Unclassified-SystemHigh
   # newrole −l Secret-Secret
   # id −Z
   staff_u:sysadm_r:sysadm_t:Secret
Running a program in a given role or level:
   # newrole −r sysadm_r −− −c "/path/to/app arg1 arg2..."
   # newrole −l Secret −− −c "/path/to/app arg1 arg2..."

FILES/etc/passwd - user account information
/etc/shadow - encrypted passwords and age information
/etc/selinux/<policy>/contexts/default_type - default types for roles
/etc/selinux/<policy>/contexts/securetty_types - securetty types for level changes
/etc/selinux/newrole_pam.conf - optional mapping of commands to separate pam service names

SEE ALSOruncon(1)

AUTHORSAnthony Colatrella Tim Fraser Steve Grubb <sgrubb@redhat.com> Darrel Goeddel <DGoeddel@trustedcs.com> Michael Thompson <mcthomps@us.ibm.com> Dan Walsh <dwalsh@redhat.com>
0
Johanes Gumabo
Data Size   :   8,935 byte
man-newrole.1Build   :   2024-12-05, 20:55   :  
Visitor Screen   :   x
Visitor Counter ( page / site )   :   3 / 171,711
Visitor ID   :     :  
Visitor IP   :   18.191.178.145   :  
Visitor Provider   :   AMAZON-02   :  
Provider Position ( lat x lon )   :   39.962500 x -83.006100   :   x
Provider Accuracy Radius ( km )   :   1000   :  
Provider City   :   Columbus   :  
Provider Province   :   Ohio ,   :   ,
Provider Country   :   United States   :  
Provider Continent   :   North America   :  
Visitor Recorder   :   Version   :  
Visitor Recorder   :   Library   :  
Online Linux Manual Page   :   Version   :   Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page   :   Library   :   lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page   :   Library   :   lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base   :   Version   :   Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base   :   Library   :   lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36

Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.