Handling SELinux roles
We saw how SELinux users define the role(s) that a user can be in. But how does SELinux enforce which role a user logs on through? And when logged on, how can a user switch his active role?
Defining allowed SELinux contexts
To select the context that a successfully authenticated user is assigned to, SELinux introduces the notion of a default context. Based on the context of the tool through which a user is logged in (or through which it executes commands), the right user context is selected.
Inside the /etc/selinux/targeted/contexts
directory, a file called default_contexts
exists. Each line in this file starts with the SELinux context information of the parent process and is then followed by an ordered list of all the contexts ...
Get SELinux System Administration - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.