Wednesday, February 21, 2018

Fedora 27 : selinux and getfattr attributes.

In this tutorial I show you how to use the getfattr command to get extended attributes of filesystem objects and security selinux.
One attribute is for selinux and other like:

  • security.capability - the security.capability files stores Linux capabilities for the related file and is applies to binaries which are provided one or more capabilities via this file.
  • security.ima - for the Integrity Measurement Architecture (IMA), the file security.ima stores a hash or digital signature.
  • security.evm - this is similar to security.ima, the Extended Verification Module (EVM) stores a hash/HMAC or digital signature in this file ( the different with IMA is that it protects the metadata of the file, not the contents).

Now, about :
You can use for example the getfattr command to perform specific security selinux tasks:

# getfattr -m security.selinux -d /etc/passwd
getfattr: Removing leading '/' from absolute path
# file: etc/passwd 
# getfattr -m security.selinux -d /etc/shadow
# getfattr -m security.selinux -d /var/www d /var/www
Both getfattr and setfattr commands has provided by the POSIX ACL package (Portable Operating Systems Interface).