1. Manuals
  2. Tumbleweed
  3. policycoreutils
  4. sestatus.conf(5)

Scroll to navigation

sestatus.conf(5) sestatus configuration file sestatus.conf(5)

NAME

sestatus.conf - The sestatus(8) configuration file.

DESCRIPTION

The sestatus.conf file is used by the sestatus(8) command with the -v option to determine what file and process security contexts should be displayed.

The fully qualified path name of the configuration file is:

/etc/sestatus.conf or <vendordir>/sestatus.conf if it is not available

The file consists of two optional sections as described in the FILE FORMAT section. Whether these exist or not, the following will always be displayed:

The current process context
The init process context
The controlling terminal file context

FILE FORMAT

The format consists of two optional sections as follows:

[files]
file_name
[file_name]
...

[process]
executable_file_name
[executable_file_name]
...

Where:

[files]
The start of the file list block.
file_name
One or more fully qualified file names, each on a new line will that will have its context displayed. If the file does not exist, then it is ignored. If the file is a symbolic link, then sestatus -v will also display the target file context.

[process]

The start of the process list block.
executable_file_name
One or more fully qualified executable file names that should it be an active process, have its context displayed. Each entry is on a new line.

EXAMPLE

# /etc/sestatus.conf
[files]
/etc/passwd
/etc/shadow
/bin/bash
/bin/login
/lib/libc.so.6
/lib/ld-linux.so.2
/lib/ld.so.1

[process]
/sbin/mingetty
/sbin/agetty
/usr/sbin/sshd

SEE ALSO

selinux(8), sestatus(8)

26-Nov-2011 Security Enhanced Linux