Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual page 779

system_u:system_r:kernel_t
0:00 [migration/0]
system_u:system_r:kernel_t
0:00 [ksoftirqd/0]
user_u:system_r:unconfined_t
0:01 /usr/libexec/gconfd-2 5
user_u:system_r:unconfined_t
0:00 /usr/bin/gnome-keyring-daemon
user_u:system_r:unconfined_t
0:00 /usr/libexec/gnome-settings-daemon
user_u:system_r:unconfined_t
0:01 metacity --sm-client-id=default1
user_u:system_r:unconfined_t
0:03 gnome-panel --sm-client-id default2
Checking a User ID
You can use the -Z option with the id command to determine a user's security context. Note that with
this command you cannot combine -Z with other options.
[root@localhost ~]# id -Z
user_u:system_r:unconfined_t
Note that you cannot use the -Z option with the id command to inspect the security context of a
different user. That is, you can only display the security context of the currently logged-in user:
[user@localhost ~]$ id
uid=501(user) gid=501(user) groups=501(user) context=user_u:system_r:unconfined_t
[user@localhost ~]$ id root
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[user@localhost ~]$ id -Z root
id: cannot display context when selinux not enabled or when displaying the id
of a different user
Check a File ID
You can use the -Z option with the ls command to group common long-format information. You can
display mode, user, group, security context, and filename information.
cd /etc
ls -Z h* -d
drwxr-xr-x root root
-rw-r--r-- root root
-rw-r--r-- root root
-rw-r--r-- root root
-rw-r--r-- root root
-rw-r--r-- root root
drwxr-xr-x root root
drwxr-xr-x root root
drwxr-xr-x root root
drwxr-xr-x root root
Checking the Security Context of a Process, User, or File Object
root
root
user 3122
user 3125
user 3127
user 3144
user 3148
system_u:object_r:etc_t
system_u:object_r:etc_t
user_u:object_r:etc_t
system_u:object_r:etc_t
system_u:object_r:etc_t
system_u:object_r:etc_t
system_u:object_r:hotplug_etc_t
system_u:object_r:etc_t
system_u:object_r:httpd_sys_content_t htdig
system_u:object_r:httpd_config_t httpd
2 0.0 0.0 0
3 0.0 0.0 0
0.0 0.6 6908 3232 ?
0.0 0.1 2540 588 ?
0.0 1.4 33612 6988 ?
0.1 1.4 16528 7360 ?
0.2 2.9 79544 14808 ?
hal
host.conf
hosts
hosts.allow
hosts.canna
hosts.deny
hotplug
hotplug.d
0 ? S 15:09
0 ? SN 15:09
S 16:47
S 16:47
Sl 16:47
Ss 16:47
Ss 16:47
753