As everything in SELinux works with labels, even processes are assigned a label, also known as the domain.
We saw that the Apache web server runs in the httpd_t
domain, which can be seen with the ps -eZ
command, as follows:
# ps -eZ | grep httpd
system_u:system_r:httpd_t:s0 2270 ? 00:00:00 httpd
There are a number of other ways to obtain the process context as well. Although the method with ps
is the most obvious, these other methods can prove useful in scripted approaches or through monitoring services.
A first approach is to read the /proc/<pid>/attr/current
pseudo-file, which we've already encountered previously in the book. It displays a process' current security context:
# pidof httpd 1952 1951 1950 1949 1948 1947 # cat /proc/1952/attr/current system_u:system_r:httpd_t:s0
To receive a somewhat more human-readable output, use the secon
command for the given process ID (PID):
# secon --pid...