Chapter 3
Managing User Logins
Section 3
Handling SELinux Roles
We saw how SELinux users define the role(s) that a user can be in. But how does SELinux enforce which role a user logs on through? And when logged on, how can a user switch his active role? Let’s answer to this question with this video. - Define allowed SELinux contexts and validate these with getseuser - Switch roles with newrole and reach other domains using runcon - Switch to the system role