auditadm_selinux(8) auditadm SELinux Policy documentation auditadm_selinux(8)NAME
auditadm_r - Audit administrator role - Security Enhanced Linux Policy
DESCRIPTION
SELinux supports Roles Based Access Control, some Linux roles are login
roles, while other roles need to be transition to.
Note: The examples in the man page will user the staff_u user.
Non login roles are usually used for administrative tasks.
Roles usually have default types assigned to them.
The default type for the auditadm_r role is auditadm_t.
You can use the newrole program to transition directly to this role.
newrole -r auditadm_r -t auditadm_t
sudo can also be setup to transition to this role using the visudo com‐
mand.
USERNAME ALL=(ALL) ROLE=auditadm_r TYPE=auditadm_t COMMAND
sudo will run COMMAND as staff_u:auditadm_r:auditadm_t:LEVEL
If you want to use a non login role, you need to make sure the SELinux
user you are using can reach this role.
You can see all of the assigned SELinux roles using the following
semanage user -l
If you wanted to add auditadm_r to the staff_u user, you would execute:
$ semanage user -m -R 'staff_r auditadm_r' staff_u
SELinux policy also controls which roles can transition to a different
role. You can list these rules using the following command.
sesearch --role_allow
SELinux policy allows the sysadm_r, secadm_r, staff_r roles can transi‐
tion to the auditadm_r role.
COMMANDS
semanage login can also be used to manipulate the Linux User to SELinux
User mappings
semanage user can also be used to manipulate SELinux user definitions.
system-config-selinux is a GUI tool available to customize SELinux pol‐
icy settings.
AUTHOR
This manual page was autogenerated by genuserman.py.
SEE ALSOselinux(8), semanage(8).
mgrepl@redhat.com auditadm auditadm_selinux(8)