Show Table of Contents
2.2. SELinux Contexts for Processes
Use the
ps -eZ command to view the SELinux context for processes. For example:
Procedure 2.2. View the SELinux Context for the passwd Utility
- Open a terminal, such as → → .
- Run the
passwdutility. Do not enter a new password:~]$passwdChanging password for user user_name. Changing password for user_name. (current) UNIX password: - Open a new tab, or another terminal, and enter the following command. The output is similar to the following:
~]$ps -eZ | grep passwdunconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 13212 pts/1 00:00:00 passwd - In the first tab/terminal, press
Ctrl+Cto cancel thepasswdutility.
In this example, when the
passwd utility (labeled with the passwd_exec_t type) is executed, the user's shell process transitions to the passwd_t domain. Remember that the type defines a domain for processes, and a type for files.
To view the SELinux contexts for all running processes, run the
ps utility again. Note that below is a truncated example of the output, and may differ on your system:
]$ps -eZsystem_u:system_r:dhcpc_t:s0 1869 ? 00:00:00 dhclient system_u:system_r:sshd_t:s0-s0:c0.c1023 1882 ? 00:00:00 sshd system_u:system_r:gpm_t:s0 1964 ? 00:00:00 gpm system_u:system_r:crond_t:s0-s0:c0.c1023 1973 ? 00:00:00 crond system_u:system_r:kerneloops_t:s0 1983 ? 00:00:05 kerneloops system_u:system_r:crond_t:s0-s0:c0.c1023 1991 ? 00:00:00 atd
The
system_r role is used for system processes, such as daemons. Type Enforcement then separates each domain.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.