OK, this got closed on bugzilla with the suggestion to bring it up for discussion on the mailing list.
The problem:
Currently, there is no way for a user to display what roles are available ... available for switching to via a newrole command.
Solution:
Provide a command to display the roles available to a user ... what roles could be specified for that user on a newroles command.
Gene
The problem:
Currently, there is no way for a user to display what roles are available ... available for switching to via a newrole command.
Solution:
Provide a command to display the roles available to a user ... what roles could be specified for that user on a newroles command.
If you have setools installed, then run 'seuser show roles' or 'seinfo -r'; seinfo is a more general purpose command. 'seuser users username' or 'seinfo -uusername -x' will show the authorized roles for username.
Currently (as of v 1.3) these tools require policy sources to be installed to work (it uses the policy.conf file). Shortly (couple of weeks) we'll release v 1.4 which will allow our core library to work off binary policy files (which must always be present) breaking the requirement for policy sources (unless of course you plan to use seuser to add a user!).
Frank
selinux@lists.fedoraproject.org