User Tools

Site Tools


classnotes:rh134:selinux:context

Context

everything has a label. Each label is divided into 5 components

user _u$ role _r$ type _t ^sensitivity s category c

These define what you can do in the selinux landscape

You can see the context using the -Z option

Examples

To see options of a process

[root@host ~]# ps -ZC httpd
LABEL                               PID TTY          TIME CMD
system_u:system_r:httpd_t:s0       1550 ?        00:00:00 httpd

Your ID selinux context

[brindleyp@dubrhsatserver62 ~]$ id -Z
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Selinux of files and directories

[brindleyp@Test-RHEL9-01 ~]$ ls -lZ /etc/ssh
total 600
-rw-r--r--. 1 root root     system_u:object_r:etc_t:s0        1921 Jan 16  2023 ssh_config
drwxr-xr-x. 2 root root     system_u:object_r:etc_t:s0          28 Aug 23 12:44 ssh_config.d

to see Selinux context of a port

[root@Test-RHEL9-01 ~]# semanage port -l | grep ssh
ssh_port_t                     tcp      22

Changing Selinux mode

enforcing 1 Selinux is enabled and working
Permissive 0 Selinux is enabled but not enforcing just logging
Disabled Selinux is not working

to see your current mode use getenforce

You can change your selinux mode using setenforce

Selinux can now only be disabled by passing the selinux=0 at the kernel level

classnotes/rh134/selinux/context.txt · Last modified: by 127.0.0.1