User:SwifT/selinux-tutorials/2

The entire security context explained
In the previous tutorials we have seen the security contexts of processes and files numerous times. We always focused on the third part of the context (the type/domain), but there are several other fields. In this tutorial, we'll give a more detailed explanation of the various other fields.

File security context
Let's take a look at a specific file context.

Until now, we have always focused on the mysqld_var_run_t part (a type which tells us that this is a mysql-related file type). This is the type part of the context, but there are other fields available as well.

On some SELinux-enabled systems, you will find a fourth field and perhaps even a fifth:


 * The first field is the SELinux owner field. This is different from the Linux owner.
 * The second field is the SELinux role field.
 * The third field is the SELinux type field.
 * The fourth field, which is not always shown, is the SELinux sensitivity field.
 * The fifth field, which is not always shown, is the SELinux category field.

The fourth and fifth field are not always shown because they depend on the enabled SELinux features. The fourth field is only shown when the SELinux policy loaded also supports MLS (Multi-Level Security), the fifth field is even only shown when
 * 1) MLS is active
 * 2) categories are used on the context (so not displayed when no categories are used)