getcon

getcon

The getcon command retrieves the SELinux security context of the current process. SELinux (Security-Enhanced Linux) is a security architecture built into the Linux kernel that provides mandatory access control (MAC). A security context, often called a context, identifies the security attributes associated with a process, file, or other system resource. It includes information like the user, role, type, and sensitivity level.

getcon is a fundamental tool for administrators and developers working with SELinux to understand and verify the security context under which processes are running. This information is crucial for debugging access control issues, enforcing security policies, and ensuring the integrity of the system. The output is a string representing the context, which can then be used to configure or analyze security policies. While simple, it is essential for a secure linux setup.

Without appropriate permissions, getcon might only show the context of the user executing the command. Root privileges are usually necessary to view all processes.

The output of getcon is a string in the format `user:role:type:sensitivity`. Each component represents a different aspect of the security context. Understanding these components is vital for interpreting SELinux policies.

SELinux and its associated tools, including getcon, were developed by the National Security Agency (NSA) and integrated into the Linux kernel to provide a robust security framework. The command's purpose has remained consistent: to allow users and administrators to easily inspect the security context of running processes, facilitating the management and enforcement of SELinux policies.

setcon(1), chcon(1), runcon(1), semanage(8), ps(1)