Setting security contexts for files and directories
Think of SELinux as a glorified labeling system. It adds labels, known as security contexts, to files and directories through extended file attributes. It also adds the same type of labels, known as domains, to system processes. To see these contexts and domains on your CentOS machines, use the -Z
option with either ls
or ps
. For example, files and directories in my own home directory would look as follows:
[donnie@localhost ~]$ ls -Z drwxrwxr-x. donnie donnie unconfined_u:object_r:user_home_t:s0 acl_demo_dir -rw-rw-r--. donnie donnie unconfined_u:object_r:user_home_t:s0 yum_list.txt [donnie@localhost ~]$
Processes on my system would look something like this:
[donnie@localhost ~]$ ps -Z LABEL PID TTY TIME CMD unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 1322 pts/0 00:00:00 bash unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 3978 pts/0 00:00:00 ps [donnie@localhost ~]$
Now, let's break this...