As everything in SELinux works with labels, even processes are assigned a label, also known as the domain.
We saw that the Apache web server runs in the
httpd_t domain, which can be seen with the
ps -eZ command, as follows:
# ps -eZ | grep httpd system_u:system_r:httpd_t:s0 2270 ? 00:00:00 httpd
There are a number of other ways to obtain the process context as well. Although the method with
ps is the most obvious, these other methods can prove useful in scripted approaches or through monitoring services.
A first approach is to read the
/proc/<pid>/attr/current pseudo-file, which we've already encountered previously in the book. It displays a process' current security context:
# pidof httpd 1952 1951 ...