PDF (A4) - 40.1Mb
Man Pages (TGZ) - 259.0Kb
Man Pages (Zip) - 366.2Kb
Info (Gzip) - 4.0Mb
Info (Zip) - 4.0Mb
Security-Enhanced Linux (SELinux) is a mandatory access control (MAC) system that implements access rights by applying a security label referred to as anSELinux context to each system object. SELinux policy modules use SELinux contexts to define rules for how processes, files, ports, and other system objects interact with each other. Interaction between system objects is only permitted if a policy rule allows it.
An SELinux context (the label applied to a system object) has the following fields:user,role,type, andsecurity level. Type information rather than the entire SELinux context is used most commonly to define rules for how processes interact with other system objects. MySQL SELinux policy modules, for example, define policy rules usingtype information.
You can view SELinux contexts using operating system commands such asls andps with the-Z option. Assuming that SELinux is enabled and a MySQL Server is running, the following commands show the SELinux context for themysqld process and MySQL data directory:
mysqld process:
$> ps -eZ | grep mysqldsystem_u:system_r:mysqld_t:s0 5924 ? 00:00:03 mysqldMySQL data directory:
$> cd /var/lib$> ls -Z | grep mysqlsystem_u:object_r:mysqld_db_t:s0 mysqlwhere:
system_uis an SELinux user identity for system processes and objects.system_ris an SELinux role used for system processes.objects_ris an SELinux role used for system objects.mysqld_tis the type associated with the mysqld process.mysqld_db_tis the type associated with the MySQL data directory and its files.s0is the security level.
For more information about interpreting SELinux contexts, refer to your distribution's SELinux documentation.
PDF (A4) - 40.1Mb
Man Pages (TGZ) - 259.0Kb
Man Pages (Zip) - 366.2Kb
Info (Gzip) - 4.0Mb
Info (Zip) - 4.0Mb