SELinux View Security Context

SELinux Display Security Context

SELinux (Security-Enhanced Linux) enhances the security of Linux systems by adding mandatory access control (MAC) and defining security contexts for files, processes, and users. In this tutorial, we will discuss how to display the security context of files and processes using various command-line tools.

  • Displaying the security context of files:

To display the security context of files, use the -Z option with the ls command:

ls -Z

This will list the files in the current directory along with their security contexts. For example, the output may look like this:

-rw-r--r--. user group unconfined_u:object_r:user_home_t:s0 file.txt

In the above output, unconfined_u:object_r:user_home_t:s0 is the security context of the file.txt file. It consists of the following components:

  • User identity (unconfined_u)
  • Role (object_r)
  • Type or domain (user_home_t)
  • Multi-Level Security (MLS) or Multi-Category Security (MCS) level (s0)
  • Displaying the security context of running processes:

To display the security context of running processes, use the -Z option with the ps command:

ps -eZ

The output will list the running processes along with their security contexts, similar to the following example:

LABEL PID TTY TIME CMD system_u:system_r:init_t:s0 1 ? 00:00:01 init system_u:system_r:kernel_t:s0 2 ? 00:00:00 kthreadd

In the above output, system_u:system_r:init_t:s0 is the security context of the init process.

  • Displaying the security context of network sockets:

To display the security context of network sockets, use the -Z option with the ss or netstat commands:

  • For ss:

    sudo ss -Z

  • For netstat:

    sudo netstat -Z
  • Displaying the security context of a specific file or directory:

To display the security context of a specific file or directory, use the stat command with the -c %C format option:

stat -c %C /path/to/file
  • Displaying the security context of a specific process:

To display the security context of a specific process, use the ps command with the -p (PID) and -Z options:

ps -Z -p PID

Replace PID with the process ID of the process you want to examine.

In this tutorial, we've discussed how to display the security context of files and processes using various command-line tools on a Linux system with SELinux enabled. Understanding and examining security contexts is essential for maintaining a secure and well-managed system.

Examples

  1. How to check SELinux security context on Linux: Use ls and ps commands to check the SELinux context of files and processes.

    ls -Z filename ps -eZ | grep process_name

  2. Displaying security labels in SELinux: Show security labels with the -Z option in ls. Example:

    ls -Z

  3. Querying security context with getfilecon and getcon commands: Use getfilecon to query file context and getcon for process context.

    getfilecon filename getcon

  4. Troubleshooting SELinux issues with security context display: When troubleshooting SELinux issues, inspect the security context to identify potential problems.

    journalctl -xe | grep AVC

More Tags

datetime-format skew android-navigationview between asp.net-core-1.0 zsh-completion kendo-ui-grid rxjs bottle filesystems

More Programming Guides

Other Guides

More Programming Examples