linux_wiki:list_and_identify_selinux_file_and_process_context

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux_wiki:list_and_identify_selinux_file_and_process_context [2018/04/29 23:21]
billdozor [Install SELinux Man Pages] 		linux_wiki:list_and_identify_selinux_file_and_process_context [2019/05/25 23:50]
Line 1: Line 1:
-====== List And Identify Selinux File And Process Context ====== 
- 
-**General Information** 
- 
-Viewing selinux contexts.  
- 
----- 
- 
-===== About Context Labels ===== 
- 
-Three parts of a context label 
-  * **User** => Ends in "_u" and is typically "system_u" on most directories. SELinux users are not the same as Linux users. (**not covered** on the RHCSA or RHCE exams). 
-  * **Role** => Ends in "_r" and most are "object_r". Advanced SELinux management can define specific SELinux users and what permissions they have as per their role. (**not covered** on the RHCSA or RHCE exams) 
-  * **Type** => Ends in "_t". There are many different context types and this part of SELinux **IS covered** on the RHCSA/RHCE exams. 
- 
----- 
- 
-===== Viewing Context Labels ===== 
- 
-List selinux context 
-<code bash> 
-ls -Z /var/www/ 
- 
-drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin 
-drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html 
-</code> 
-  * Context type is "httpd_sys_content_t" for the "html" directory. 
- 
-\\ 
-List all selinux contexts on system 
-<code bash> 
-semanage fcontext -l 
-semanage fcontext -l | grep httpd 
-</code> 
- 
-\\ 
-Identify a process context 
-<code bash> 
-ps auxZ | grep httpd 
- 
-system_u:system_r:httpd_t:s0    apache    1228  0.0  0.2 213228  2880 ?        S    23:32   0:00 /usr/sbin/httpd -DFOREGROUND 
-</code> 
-  * "Z" - adds a column of security data to output 
- 
----- 
- 
-===== Install SELinux Man Pages ===== 
- 
-While not part of an objective, being able to do this could help you on the examine if you are not sure what SELinux context to apply. 
- 
-\\ 
-To install application specific SELinux man pages... 
- 
-  * Check to see how many SELinux specific man pages are available<code bash>man -k _selinux</code> 
-    * If there are only a few, you need to install them. 
-  * sepolicy is the command needed to install, check what provides that<code bash>yum provides */sepolicy</code> 
-  * Install the required package<code bash>yum install policycoreutils-devel</code> 
-  * Install the SELinux man pages<code bash>sepolicy manpage -a -p /usr/share/man/man8</code> 
-  * Update the man database<code bash>mandb</code> 
-  * Check to ensure the new pages exist<code bash>man -k _selinux</code> 
- 
----- 
- 
-===== Install SEInfo Utility ===== 
- 
-seinfo is a useful tool to discover available context types (among other things). 
- 
-See what package provides it<code bash>yum provides /*seinfo</code> 
- 
-Install the package<code bash>yum install setools-console</code> 
- 
-View all the context types that are nfs related<code bash>seinfo -t | grep nfs</code> 
- 
----- 
  
  • linux_wiki/list_and_identify_selinux_file_and_process_context.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)