Jumping from one role to another
Although we can be assigned with multiple roles, we still need to switch roles based on our needs. SELinux supports multiple methods for switching roles and sensitivities or launching applications in specific categories.
Full role switching with newrole
The SELinux newrole application can be used to transition from one role to another. Consider an SELinux system without unconfined domains, and where we are by default logged in as the staff_r role. In order to perform administrative tasks, we need to switch to the sysadm_r administrative role, which we can do with newrole.
If the SELinux user we are mapped to (for example, sysadm_u) is allowed to access the specified role (in the example, sysadm_r), then our context is changed from the previous role to the new one. Usually, this also changes the user domain.
Let’s check our current context, change our role, and then check the context again to ensure that we properly switched to our role as follows:
$ id -Z staff_u...
