SELinux Game Learn SELinux By Doing

File and Process Contexts

Every process and object in the system has a context (also known as a label). This is an attribute used to determine if an access should be allowed between a process and an object. For example, a user process might have the context of user_u:user_r:user_t, and file in the user’s home directory might have the context user_u:object_r:user_home_t. A SELinux context consists of three required fields, and one optional field:


The first field is the SELinux user. The second field is the role. The third field in the type. The forth field is the MLS range; this field is optional, and will be discussed later. The following is an example context:


In this context, the user is system_u, the role is system_r, and the type is xserver_t. The following is an example context, with the MLS field:


Try it!

Explore these commands using the tutorial vagrant box. Start the environment using
vagrant up tutorial
vagrant ssh tutorial
If you don't have the command, visit the getting started guide

More Tutorials

After this one, the following tutorials are recommended:

Portions of this page's content are copied from this page for non-commercial, education purposes.