Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

2.2. SELinux Contexts for Processes

Use the ps -eZ command to view the SELinux context for processes. For example:

Procedure 2.2. View the SELinux Context for the passwd Utility

  1. Open a terminal, such as ApplicationsSystem ToolsTerminal.
  2. Run the passwd utility. Do not enter a new password:
    ~]$ passwd
    Changing password for user user_name.
    Changing password for user_name.
    (current) UNIX password:
  3. Open a new tab, or another terminal, and enter the following command. The output is similar to the following:
    ~]$ ps -eZ | grep passwd
    unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 13212 pts/1 00:00:00 passwd
  4. In the first tab/terminal, press Ctrl+C to cancel the passwd utility.
In this example, when the passwd utility (labeled with the passwd_exec_t type) is executed, the user's shell process transitions to the passwd_t domain. Remember that the type defines a domain for processes, and a type for files.
To view the SELinux contexts for all running processes, run the ps utility again. Note that below is a truncated example of the output, and may differ on your system:
]$ ps -eZ 
system_u:system_r:dhcpc_t:s0             1869 ?  00:00:00 dhclient
system_u:system_r:sshd_t:s0-s0:c0.c1023  1882 ?  00:00:00 sshd
system_u:system_r:gpm_t:s0               1964 ?  00:00:00 gpm
system_u:system_r:crond_t:s0-s0:c0.c1023 1973 ?  00:00:00 crond
system_u:system_r:kerneloops_t:s0        1983 ?  00:00:05 kerneloops
system_u:system_r:crond_t:s0-s0:c0.c1023 1991 ?  00:00:00 atd
The system_r role is used for system processes, such as daemons. Type Enforcement then separates each domain.