#DESC Newrole - SELinux utility to run a shell with a new role
#
# Authors:  Anthony Colatrella (NSA) 
# Maintained by Stephen Smalley <sds@epoch.ncsc.mil>
# X-Debian-Packages: policycoreutils
#

# secure mode means that newrole/sudo/su/userhelper cannot reach sysadm_t
bool secure_mode false;

type newrole_exec_t, file_type, exec_type, sysadmfile;
domain_auto_trans(userdomain, newrole_exec_t, newrole_t)

newrole_domain(newrole)

# Write to utmp.
allow newrole_t var_run_t:dir r_dir_perms;
allow newrole_t initrc_var_run_t:file rw_file_perms;

role secadm_r types newrole_t;

ifdef(`targeted_policy', `
typeattribute newrole_t unconfinedtrans;
')