Scroll to navigation

sestatus.conf(5) sestatus configuration file sestatus.conf(5)

NAME

sestatus.conf - The sestatus(8) configuration file.
 

DESCRIPTION

The sestatus.conf file is used by the sestatus(8) command with the -v option to determine what file and process security contexts should be displayed.
 
The fully qualified path name of the configuration file is:
/etc/sestatus.conf
 
The file consists of two optional sections as described in the FILE FORMAT section. Whether these exist or not, the following will always be displayed:
The current process context
 
The init process context
 
The controlling terminal file context
 

FILE FORMAT

The format consists of two optional sections as follows:
[files]
 
file_name
 
[file_name]
 
...
 
[process]
 
executable_file_name
 
[executable_file_name]
 
...
 
Where:
[files]
The start of the file list block.
file_name
One or more fully qualified file names, each on a new line will that will have its context displayed. If the file does not exist, then it is ignored. If the file is a symbolic link, then sestatus -v will also display the target file context.
 
[process]
The start of the process list block.
executable_file_name
One or more fully qualified executable file names that should it be an active process, have its context displayed. Each entry is on a new line.
 

EXAMPLE

# /etc/sestatus.conf
 
[files]
 
/etc/passwd
 
/etc/shadow
 
/bin/bash
 
/bin/login
 
/lib/libc.so.6
 
/lib/ld-linux.so.2
 
/lib/ld.so.1
 
[process]
 
/sbin/mingetty
 
/sbin/agetty
 
/usr/sbin/sshd
 

SEE ALSO

selinux(8), sestatus(8)
26-Nov-2011 Security Enhanced Linux