Guide/Contexts

From SELinux Wiki

(Difference between revisions)
Jump to: navigation, search
Revision as of 14:05, 26 June 2009 (edit)
CalebCase (Talk | contribs)
(New page: === Contexts === ==== Displaying Contexts ==== Display the context of... ... your shell: <pre> $ id -Z unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c255 </pre> ... a file: <pre> $...)
← Previous diff
Revision as of 14:09, 26 June 2009 (edit) (undo)
CalebCase (Talk | contribs)
m
Next diff →
Line 1: Line 1:
-=== Contexts ===+== Contexts ==
-==== Displaying Contexts ====+=== Displaying Contexts ===
Display the context of... Display the context of...
Line 28: Line 28:
</pre> </pre>
-==== Changing Contexts ====+=== Changing Contexts ===
Change the context of... Change the context of...

Revision as of 14:09, 26 June 2009

Contexts

Displaying Contexts

Display the context of...

... your shell:

$ id -Z
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c255

... a file:

$ ls -Z /bin/bash
system_u:object_r:shell_exec_t:s0 /bin/bash

... a process:

$ ps -Z
LABEL                             PID TTY          TIME CMD
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c255 23912 pts/3 00:00:00 bash
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c255 25101 pts/3 00:00:00 ps

Changing Contexts

Change the context of...

... a file:

$ touch /tmp/myfile
$ ls -Z /tmp/myfile
unconfined_u:object_r:user_tmp_t:s0 /tmp/myfile
$ chcon -t user_home_t /tmp/myfile
$ ls -Z /tmp/myfile
unconfined_u:object_r:user_home_t:s0 /tmp/myfile

... your shell:

$ id -Z
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c255
$ newrole -r system_r -t unconfined_t
Password:
$ id -Z
unconfined_u:system_r:unconfined_t:s0-s0:c0.c255

... a program when started (temporary):

$ runcon system_u:system_r:crond_t:s0:c0.c255 /bin/bash
$ id -Z
system_u:system_r:crond_t:s0:c0.c255
Personal tools