O'Reilly logo

SELinux System Administration - Second Edition by Sven Vermeulen

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The context of a process

As everything in SELinux works with labels, even processes are assigned a label, also known as the domain.

Getting a process context

We saw that the Apache web server runs in the httpd_t domain, which can be seen with the ps -eZ command, as follows:

# ps -eZ | grep httpd 
system_u:system_r:httpd_t:s0 2270 ?        00:00:00 httpd 

There are a number of other ways to obtain the process context as well. Although the method with ps is the most obvious, these other methods can prove useful in scripted approaches or through monitoring services.

A first approach is to read the /proc/<pid>/attr/current pseudo-file, which we've already encountered previously in the book. It displays a process' current security context:

# pidof httpd 1952 1951 ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required