EnglishFrenchSpanish

OnWorks favicon

newrole - Online in the Cloud

Run newrole in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command newrole that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


newrole - run a shell with a new SELinux role

SYNOPSIS


newrole [-r|--role] ROLE [-t|--type] TYPE [-l|--level] LEVEL [-- [ARGS]...]

DESCRIPTION


Run a new shell in a new context. The new context is derived from the old context in
which newrole is originally executed. If the -r or --role option is specified, then the
new context will have the role specified by ROLE. If the -t or --type option is
specified, then the new context will have the type (domain) specified by TYPE. If a role
is specified, but no type is specified, the default type is derived from the specified
role. If the -l or --level option is specified, then the new context will have the
sensitivity level specified by LEVEL. If LEVEL is a range, the new context will have the
sensitivity level and clearance specified by that range.

Additional arguments ARGS may be provided after a -- option, in which case they are
supplied to the new shell. In particular, an argument of -- -c will cause the next
argument to be treated as a command by most command interpreters.

If a command argument is specified to newrole and the command name is found in
/etc/selinux/newrole_pam.conf, then the pam service name listed in that file for the
command will be used rather than the normal newrole pam configuration. This allows for
per-command pam configuration when invoked via newrole, e.g. to skip the interactive re-
authentication phase.

The new shell will be the shell specified in the user's entry in the /etc/passwd file.

The -V or --version shows the current version of newrole

EXAMPLE


Changing role:
# id -Z
staff_u:staff_r:staff_t:SystemLow-SystemHigh
# newrole -r sysadm_r
# id -Z
staff_u:sysadm_r:sysadm_t:SystemLow-SystemHigh

Changing sensitivity only:
# id -Z
staff_u:sysadm_r:sysadm_t:Unclassified-SystemHigh
# newrole -l Secret
# id -Z
staff_u:sysadm_r:sysadm_t:Secret-SystemHigh

Changing sensitivity and clearance:
# id -Z
staff_u:sysadm_r:sysadm_t:Unclassified-SystemHigh
# newrole -l Secret-Secret
# id -Z
staff_u:sysadm_r:sysadm_t:Secret

Running a program in a given role or level:
# newrole -r sysadm_r -- -c "/path/to/app arg1 arg2..."
# newrole -l Secret -- -c "/path/to/app arg1 arg2..."

Use newrole online using onworks.net services


Free Servers & Workstations

Download Windows & Linux apps

Linux commands

Ad