The context of a process
As everything in SELinux works with contexts, even processes are assigned a context, also known as the domain. Let's see how we can obtain this information, how SELinux transitions from one domain to another, and learn how to query the SELinux policy to find more information about these transitions.
Getting a process context
We saw that the nginx
web server runs in the httpd_t
domain, which can be seen with the ps -eZ
command, as follows:
# ps -eZ | grep nginx system_u:system_r:httpd_t:s0 3744 ? 00:00:00 nginx
Several other ways exist to obtain the process context. Although the method with ps
is the most obvious, these other methods can prove useful in scripted approaches or through monitoring services.
A first approach is to read the /proc/<pid>/attr/current
pseudo-file, which we've already encountered in Chapter 1, Fundamental SELinux Concepts. It displays a process's current security context...