Although we can be assigned with multiple roles, we still need to switch roles based on our needs. SELinux supports multiple methods for switching roles and sensitivities or launching applications in specific categories.
newrole application can be used to transition from one role to another. Consider an SELinux system without unconfined domains, and where we are by default logged in as the
staff_r role. In order to perform administrative tasks, we need to switch to the
sysadm_r administrative role, which we can do with
If the SELinux user we are mapped to (for example,
sysadm_u) is allowed to access the specified role (in the example,
sysadm_r), then our context ...