How to understand the security context in "ls -Z"?
10,021
SELinux provides a user (unconfined_u), a role (object_r), a type (user_home_t), and a level (s0). This information is used to make access control decisions. On DAC systems, access is controlled based on Linux user and group IDs. SELinux policy rules are checked after DAC rules. SELinux policy rules are not used if DAC rules deny access first.
This link can give you more information for your question.
Related videos on Youtube
Author by
Nan Xiao
Updated on September 18, 2022Comments
-
Nan Xiao almost 2 years
After referring "
man ls
", it shows "ls -Z
" can display the security context:-Z, --context Display security context so it fits on most displays. Displays only mode, user, group, security context and file name.
Executing the "
ls -Z
" command, the output likes this:[root@localhost ~]# ls -Z -rw-------. root root system_u:object_r:admin_home_t:s0 anaconda-ks.cfg drwxrwxrwx. root root unconfined_u:object_r:admin_home_t:s0 backup
How to understand the security context:
unconfined_u:object_r:admin_home_t:s0
? The "man ls
" doesn't provide the info.