10. Manage Security

📘Red Hat Certified System Administrator (RHCSA – EX200)

1. What is an SELinux Context?

An SELinux context is a security label assigned to:

Files and directories
Processes (running services/programs)

It is used by SELinux to decide:

Who can access what
Which process can interact with which file

Context Format

An SELinux context has this format:

user:role:type:level

Example:

system_u:object_r:httpd_sys_content_t:s0

Meaning of Each Field

1. User (SELinux user)

Not the same as Linux user
Defines SELinux identity

Examples:

system_u
user_u

2. Role

Defines what roles the user can assume
Often not heavily used in RHCSA

Examples:

object_r → for files
system_r → for processes

3. Type (MOST IMPORTANT)

This is the most important part for the exam.

Defines what the object or process is allowed to do
SELinux policies are mainly based on type

Examples:

httpd_sys_content_t → web content files
httpd_t → web server process
ssh_home_t → SSH-related files

4. Level (MLS/MCS)

Security level (used in advanced setups)
Usually: s0
Not heavily tested in RHCSA

2. Viewing SELinux Contexts

2.1 View File Contexts

Use:

ls -Z

Example:

ls -Z /var/www/html

Output:

-rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 index.html

2.2 View Directory Contexts

ls -Zd /var/www/html

2.3 View Process Contexts

Use:

ps -eZ

Example:

ps -eZ | grep httpd

Output:

system_u:system_r:httpd_t:s0  1234 ? 00:00:01 httpd

2.4 View Context of Specific Process

ps -Z -p <PID>

3. Understanding File vs Process Context

File Context

Example:

system_u:object_r:httpd_sys_content_t:s0

object_r → it is a file
httpd_sys_content_t → used for web server content

Process Context

Example:

system_u:system_r:httpd_t:s0

system_r → it is a process
httpd_t → web server process type

4. Why Context Matching is Important

SELinux allows access based on rules between types.

Example:

Process: httpd_t
File: httpd_sys_content_t

✔ Access allowed

Wrong Context Example:

File type: default_t

❌ Web server cannot access it

Key Exam Concept

If something is not working, check the SELinux context first

5. Common Commands You Must Know

List contexts of files

ls -Z

List contexts of directories

ls -Zd <directory>

List all processes with contexts

ps -eZ

Filter processes

ps -eZ | grep <service>

6. Important SELinux Types (Very Useful for Exam)

Type	Meaning
`httpd_t`	Web server process
`httpd_sys_content_t`	Web content files
`sshd_t`	SSH daemon process
`user_home_t`	User home files
`var_t`	Variable data files
`default_t`	Incorrect or unknown context

7. Real IT Scenario (Simple Understanding)

Scenario: Web Server Cannot Read File

File exists:

/var/www/html/index.html

But website shows error
Check context:

ls -Z /var/www/html/index.html

Output:

unconfined_u:object_r:default_t:s0 index.html

Problem:

Type is default_t (wrong)

Correct should be:

httpd_sys_content_t

8. Key Differences (Very Important)

Feature	File Context	Process Context
Command	`ls -Z`	`ps -eZ`
Role	`object_r`	`system_r`
Example Type	`httpd_sys_content_t`	`httpd_t`

9. Quick Exam Checklist ✅

Make sure you can:

✔ Read and understand context format
✔ Identify type field quickly
✔ Use ls -Z correctly
✔ Use ps -eZ correctly
✔ Recognize correct vs incorrect contexts
✔ Understand file vs process context difference

10. Common Mistakes (Avoid in Exam)

❌ Ignoring SELinux when service fails
❌ Looking only at Linux permissions (chmod)
❌ Not checking type field
❌ Confusing file context with process context

11. Summary

SELinux uses contexts (labels) to control access
Format: user:role:type:level
Type is the most important part
Use:
- ls -Z → files
- ps -eZ → processes
Access depends on matching allowed types