|
|
SELinux RBAC
-
SELinux users can be associated with one or more SELinux
role
user system_u roles system_r;
user root roles { user_r sysadm_r };
-
SELinux roles can be associated with one or more types role system_r types { kernel_t initrc_t getty_t klogd_t };
role sysadm_r types { sysadm_t run_init_t };
-
Role allow rule specifies authorised transitions between
roles based on a pair of roles
allow system_r { user_r sysadm_r };
allow user_r sysadm_r;
|