linux_wiki:list_and_identify_selinux_file_and_process_context

This is an old revision of the document!

List And Identify Selinux File And Process Context

General Information

About this page/how-to/script.

Three parts of a context label

  • User ⇒ Ends in “_u” and is typically “system_u” on most directories. SELinux users are not the same as Linux users. (not covered on the RHCSA or RHCE exams).
  • Role ⇒ Ends in “_r” and most are “object_r”. Advanced SELinux management can define specific SELinux users and what permissions they have as per their role. (not covered on the RHCSA or RHCE exams)
  • Type ⇒ Ends in “_t”. There are many different context types and this part of SELinux IS covered on the RHCSA/RHCE exams.


List selinux context 

ls -Z /var/www/
 
drwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
  • Context type is “httpd_sys_content_t” for the “html” directory.


List all selinux contexts on system 

semanage fcontext -l
semanage fcontext -l | grep httpd


Identify a process context 

ps auxZ | grep httpd
 
system_u:system_r:httpd_t:s0    apache    1228  0.0  0.2 213228  2880 ?        S    23:32   0:00 /usr/sbin/httpd -DFOREGROUND
  • “Z” - adds a column of security data to output
  • linux_wiki/list_and_identify_selinux_file_and_process_context.1456802186.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)