Show Table of Contents
3.2. SELinux Contexts for Processes
Use the
ps -eZ command to view the SELinux context for processes. For example:
- Open a terminal, such as → → .
- Run the
passwdcommand. Do not enter a new password. - Open a new tab, or another terminal, and run the
ps -eZ | grep passwdcommand. The output is similar to the following:unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 13212 pts/1 00:00:00 passwd
- In the first tab/terminal, press
Ctrl+Cto cancel thepasswdapplication.
In this example, when the
passwd application (labeled with the passwd_exec_t type) is executed, the user's shell process transitions to the passwd_t domain. Remember that the type defines a domain for processes, and a type for files.
Use the
ps -eZ command to view the SELinux contexts for running processes. The following is a truncated example of the output, and may differ on your system:
system_u:system_r:dhcpc_t:s0 1869 ? 00:00:00 dhclient system_u:system_r:sshd_t:s0-s0:c0.c1023 1882 ? 00:00:00 sshd system_u:system_r:gpm_t:s0 1964 ? 00:00:00 gpm system_u:system_r:crond_t:s0-s0:c0.c1023 1973 ? 00:00:00 crond system_u:system_r:kerneloops_t:s0 1983 ? 00:00:05 kerneloops system_u:system_r:crond_t:s0-s0:c0.c1023 1991 ? 00:00:00 atd
The
system_r role is used for system processes, such as daemons. Type Enforcement then separates each domain.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.