The context of a process

As everything in SELinux works with labels, even processes are assigned a label, also known as the domain.

Getting a process context

We saw that the Apache web server runs in the httpd_t domain, which can be seen with the ps -eZ command, as follows:

# ps -eZ | grep httpd 
system_u:system_r:httpd_t:s0 2270 ?        00:00:00 httpd

There are a number of other ways to obtain the process context as well. Although the method with ps is the most obvious, these other methods can prove useful in scripted approaches or through monitoring services.

A first approach is to read the /proc/<pid>/attr/current pseudo-file, which we've already encountered previously in the book. It displays a process' current security context:

# pidof httpd 1952 1951 ...

Get SELinux System Administration - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SELinux System Administration - Second Edition by Sven Vermeulen

The context of a process

Getting a process context

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly