Linux Commands

How to List All SELinux Contexts

We can access the security controls that the Security Enhanced Linux (SE), a Linux kernel security module, can support in the Linux operating system. It could be used by SELinux functions to give the security contexts to the processes that are running in the system objects and the files that are existing in directories.

How to List the SELinux Contexts

Every operation and object is labeled in a manner that represents the threat protection metadata that runs the SELinux on the system. In this article, we will look at the distinct techniques to list every SELinux context on our Linux operating system. We will discuss the ways and commands for utilization of listing the items for the entire system along with the command line tools and choices that are made by the graphical user interface.

By understanding the existing SELinux context setup, we can resolve the SELinux problems and alter the SELinux contexts of certain resources easily which is utilized by a few of the uses to list the SELinux contexts. We can quickly list all of the SELinux contexts simply on a Linux system using the outlined techniques in this article. We can control our operating system’s safety using this information. The “semanage” method is utilized if we wish to view all of the SELinux processes’ and documents’ contexts at once.

In Linux, the SELinux security policy unambiguously states the identity of any user who seems to have access to a certain file or process. Linux users therefore invariably addresses their own identity.

Let us have a look at the working of commands which are used to list the context. For this purpose, we need to open the Linux terminal and then add up the “-Z” flag along with the “ls” command. The “ls” command is utilized to list any data. It operates by displaying the directory contents along with the SELinux context for each item. The command is given as follows:

Linux@linux:~$ ls -Z

 
After completing the command, we press enter. It displays the following output as the simple listing of context which is utilized in the current directory:

Linux@linux:~$ ? data.txt    ?   Desktop   ? Downloads   ? filebash.sh   ?   mh.txt

 
We can also select any different directory by passing their path location as an argument with the previous command along with “/” slash and “etc” as follows:

Linux@linux:~$ ls -Z /etc

 
After the completion of the command, it displays all the running processes of the directory as a sequential list with the context of the file.

Linux@linux:~$ ? acpi                        ? lsb-release
? adduser.conf                               ? ltrace.conf 
? alsa                                       ? machine-id
? alternatives                               ? magic
? anacrontab                                 ? magic.mine
? apg.conf                                   ? mailcap
? apm                                        ? mailcap.order
? apparmor                                   ? manpath.config
? apparmor.d                                 ? mime.types                                                                
? apport                                     ? mke2fs.conf
? appstream.conf                             ? ModemManager
? apt                                        ? modprobe.d
? avahi                                      ? modules
? bash.bashrc                                ? modules-load.d
? bash_completion                            ? mtab
? bash_completion.d                          ? mtools.conf
? bindresvport.blacklist                     ? mysql
? binfmt.d                                   ? nanorc
? Bluetooth                                  ? netplan
? belapi.key                                 ? network

 
The “ls -Z” command can also be utilized for rapid inspection of the SELinux contexts of files and directories in any running current directory. It is especially handy to diagnose the SELinux issues to make it simple to detect the files with unexpected contexts. The running security enhanced list is further moving and displays further along with the process which includes some Bash processes, Bluetooth, network, apport, legal, and a few more of them are provided in the following:

Linux@linux:~$ ? init.d                        ? system

? initramfs-tools                              ? terminfo
? inputrc                                      ? thermald
? insserve.conf.d                              ? thunderbird
? iproute2                                     ? timezone
? issue                                        ? tmpfiles.d
? issue.net                                    ? Ubuntu-advantage
? Kernel                                       ? ucf.conf
? Kernel-img.conf                              ? udev
? Kerneloops.conf                              ? udisks 2
? ldap                                         ? ufw
? ld.so.conf                                   ? update-manager
? ld.so.conf.d                                 ? update-motd.d
? legal                                        ? update-notifier
? libao.conf                                   ? Upower
? libaudit.conf                                ? usb_modeswitch.d

 
Now, we utilize the “stat” command which could be used to display the extensive information regarding the file and SELinux context. It could be operated by printing the metadata file and properties which include their timestamps and size. We apply the “stat” command on the text file with the “file.txt” name which is present in the desktop directory to view its SElinux context. The following is the command for the “file.txt” in the desktop directory:

Linux@linux:~/Desktop$ stat file.txt

 
When we proceed with the previous command on the terminal, it displays the file context along with the name, size, and device on the output display as we can see in the following textual form:

Linux@linux:~$ File: file.txt
                             Size: 83         Blocks: 8         I0 Block: 4096         regular file
Device: 805h/2053         Incode: 657033         Links: 1    
Access: (0664/-rw-rw-r- -) Uid: ( 1002/         Linux)    Gid:   (   1002/     Linux)
Access: 2022-12-24  14:16:25.060381731   +0500
Modify: 2022-12-24  14:16:14.224258986   +0500
Change: 2022-12-24  14:16:14.272259527   +0500

 
Now, we implement the “find” command that could also be used for the SELinux context to search the files and directories which meet the given criteria of name, size, and permissions. This command has three intensive roles including “path”, “option”, and “expression”. “Path” defines where we want to search the files. Whereas “options” modifies the behavior of the command. And “expression” searches the criteria for the SELinux context. Now, let us run the find command on the Linux operating system. We add the following command on the terminal:

Linux@linux:~/Desktop$ find /etc

 
This command finds and then displays all the files that are present in the “etc” directory as we did not mention any specific parameter for it. Then, this command displays the following output on the terminal screen of Linux with files and processes that are present and shows it in the form of a list.

/etc
/etc/rpc
/etc/nsswitch.conf
/etc/subgid
/etc/alternatives
/etc/alternatives/my.cnf
/etc/alternatives/x-window-manager.1.gz
/etc/alternatives/iptables-save
/etc/alternatives/x-session-manager.1.gz
/etc/alternatives/pasteurize
/etc/alternatives/ebtables
/etc/alternatives/pinentry
/etc/alternatives/ex
/etc/alternatives/gstreamer-codec-install
/etc/alternatives/netcat.1.gz
/etc/alternatives/write
/etc/alternatives/awk.1.gz
/etc/alternatives/gnome-www-browser
/etc/alternatives/editor
/etc/alternatives/lzma.1.gz
/etc/alternatives/view.ja.1.gz
/etc/alternatives/nawk

 
Now, there is some more extension for the “find” command to search along with the user to gain the list of SELinux context. The command remains the same as the previous one but it includes the user with the “find” command rather than “etc” with a slash. For all the files that are owned by the user of our “Linux” system, we utilize the following command:

Linux@linux:~$ find -user linux

 
After the completion of this command, when we press the enter button, it then displays the list of all processes and files on the terminal that works in this “linux” user operating system as provided in the following output display:

Linux@linux:~$ .
./.gnupg
./.gnup/trustdb.gpg
./.gnup/private-keys-v1.d
./.gnupg/pubring.kbx
./.config
./.config/gnome-initial-setup-done
./.config/user-dirs.dirs
./.config/enchant
./.config/enchant/en_US.exc
./.config/enchant/en_US.dic
./.config/user-dirs.locale
./.config/goa-1.0
./.config/update-notifier
./.config/dconf
./.config/dconf/user
./.config/pulse
./.config/pulse/8a79842bae5e4368a17907e5ab8524dd-default-source

 

Conclusion

We discussed the procedure or concept of using the basic Linux commands to list the SELinux context. We used the “ls -Z” command for file and directory listing for this purpose. We used the “stat” command for the second type of listing command to find the file system and files that were present in the working folders as well as their sizes and permissions. The last command that we used is “find”. It is used to look for and find the files that are required for the particular condition.

About the author

Omar Farooq

Hello Readers, I am Omar and I have been writing technical articles from last decade. You can check out my writing pieces.