linux:classnotes:rh134:selinux:context
Context
everything has a label. Each label is divided into 5 components
| user _u$ | role _r$ | type _t | ^sensitivity s | category c |
|---|
These define what you can do in the selinux landscape
You can see the context using the -Z option
Examples
To see options of a process
[root@host ~]# ps -ZC httpd LABEL PID TTY TIME CMD system_u:system_r:httpd_t:s0 1550 ? 00:00:00 httpd
Your ID selinux context
[brindleyp@dubrhsatserver62 ~]$ id -Z unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Selinux of files and directories
[brindleyp@Test-RHEL9-01 ~]$ ls -lZ /etc/ssh total 600 -rw-r--r--. 1 root root system_u:object_r:etc_t:s0 1921 Jan 16 2023 ssh_config drwxr-xr-x. 2 root root system_u:object_r:etc_t:s0 28 Aug 23 12:44 ssh_config.d
to see Selinux context of a port
[root@Test-RHEL9-01 ~]# semanage port -l | grep ssh ssh_port_t tcp 22
Changing Selinux mode
| enforcing 1 | Selinux is enabled and working |
|---|---|
| Permissive 0 | Selinux is enabled but not enforcing just logging |
| Disabled | Selinux is not working |
to see your current mode use getenforce
You can change your selinux mode using setenforce
Selinux can now only be disabled by passing the selinux=0 at the kernel level
linux/classnotes/rh134/selinux/context.txt · Last modified: by 127.0.0.1