Every process and object in the system has a context (also known as a label). This is an attribute used to determine if an access should be allowed between a process and an object. For example, a user process might have the context of user_u:user_r:user_t, and file in the user’s home directory might have the context user_u:object_r:user_home_t. A SELinux context consists of three required fields, and one optional field:
user:role:type:range
The first field is the SELinux user. The second field is the role. The third field in the type. The forth field is the MLS range; this field is optional, and will be discussed later. The following is an example context:
system_u:system_r:xserver_t
In this context, the user is system_u, the role is system_r, and the type is xserver_t. The following is an example context, with the MLS field:
ps
command, when used with the -Z
option will show process contexts.ls
command shows file contexts when
used with the -Z
option.
vagrant up tutorial
vagrant ssh tutorial
Portions of this page's content are copied from this page for non-commercial, education purposes.