2.2. SELinux Contexts for Processes
Use the
ps -eZ
command to view the SELinux context for processes. For example:
Procedure 2.2. View the SELinux Context for the passwd
Utility
- Open a terminal, such as
. - Run the
passwd
utility. Do not enter a new password:~]$
passwd
Changing password for user user_name. Changing password for user_name. (current) UNIX password: - Open a new tab, or another terminal, and enter the following command. The output is similar to the following:
~]$
ps -eZ | grep passwd
unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 13212 pts/1 00:00:00 passwd - In the first tab/terminal, press
Ctrl+C
to cancel thepasswd
utility.
In this example, when the
passwd
utility (labeled with the passwd_exec_t
type) is executed, the user's shell process transitions to the passwd_t
domain. Remember that the type defines a domain for processes, and a type for files.
To view the SELinux contexts for all running processes, run the
ps
utility again. Note that below is a truncated example of the output, and may differ on your system:
]$
ps -eZ
system_u:system_r:dhcpc_t:s0 1869 ? 00:00:00 dhclient system_u:system_r:sshd_t:s0-s0:c0.c1023 1882 ? 00:00:00 sshd system_u:system_r:gpm_t:s0 1964 ? 00:00:00 gpm system_u:system_r:crond_t:s0-s0:c0.c1023 1973 ? 00:00:00 crond system_u:system_r:kerneloops_t:s0 1983 ? 00:00:05 kerneloops system_u:system_r:crond_t:s0-s0:c0.c1023 1991 ? 00:00:00 atd
The
system_r
role is used for system processes, such as daemons. Type Enforcement then separates each domain.