Grsecurity/Appendix/Role Modes
< Grsecurity | Appendix
Mode | Meaning |
---|---|
u | This role is a user role. That is, the role name must be an existing user on the system. |
g | This role is a group role. That is, the role name must be an existing group on the system. |
s | This role is a special role, meaning it does not belong to a user or group and does not require an enforced secure policy base to be included in the ruleset. |
l | Lowercase L. This role has learning enabled. |
A | This role is an administrative role, thus it has special privileges that normal roles do not have. In particular, this role bypasses the additional ptrace and library loading restrictions. |
G | This role can use gradm to authenticate to the kernel. A policy for gradm will automatically be added to the role. |
N | This role does not require authentication. To access this role, use 'gradm -n <rolename>'. |
P | This role uses Pluggable Authentication Modules (PAM) for authentication. |
T | This role has Trusted Path Execution (TPE) enabled. |
R | The role is persistent. When the shell/session in which authorization was done is terminated, spawned processes won't be dropped to non-special role. Do NOT use this flag with any role that does anything but shut the system down. |