此内容没有您所选择的语言版本。
49.4.3. SELinux Security Contexts
SELinux stores security contexts as an extended attribute of a file. The
"security."
namespace is used for security modules, and the security.selinux
name is used to persistently store SELinux security labels on files. The contents of this attribute will vary depending on the file or directory you inspect and the policy the machine is enforcing.
Note
This is expected to change in the 2.6.15 kernel (and already has in the latest -mm kernels), so that
getxattr(2)
always returns the kernel's canonicalized version of the label.
You can use the
ls -Z
command to view the category label of a file:
~]# ls -Z gravityControl.txt
-rw-r--r-- user user user_u:object_r:tmp_t:Moonbase_Plans gravityControl.txt
You can use the
gefattr(1)
command to view the internal category value (c10):
~]# getfattr -n security.selinux gravityControl.txt
# file: gravityControl.txt
security.selinux="user_u:object_r:tmp_t:s0:c10\000"
Refer to Section 49.5, “Getting Started with Multi-Category Security (MCS)” for details on creating categories and assigning them to files.