Selinux context type is same for root & normal user both

Selinux context type is same for root & normal user both

[Ashish Mishra]

Hi Group members ,

I am trying to get SELINUX being added in our custom BSP .

I am able to reach till i have selinux-refpolicy installed on target &
the getenforce / setenforce commands are working.
I can verify them using log messages in /var/log/audit.log

Below is the observation ( problem ) which i am observing w.r.t context type of
selinux .
a) File created as root has "system_u:object_r:root_t"
b) File created as testuser also has "system_u:object_r:root_t"
    but i was expecting something  "unconfined_u:object_r:user_home_t"

Can members please provide any input as to what might be the cause of this
or any pointers to debug the same.

I am using TEMPFS as a file system .

Thanks ,
Ashish

Re: Selinux context type is same for root & normal user both

[Dominick Grift]

Ashish Mishra <ashishm@mvista.com> writes:

> Hi Group members ,
>
> I am trying to get SELINUX being added in our custom BSP .
>
> I am able to reach till i have selinux-refpolicy installed on target &
> the getenforce / setenforce commands are working.
> I can verify them using log messages in /var/log/audit.log
>
> Below is the observation ( problem ) which i am observing w.r.t context type of
> selinux .
> a) File created as root has "system_u:object_r:root_t"

"root" is a hybrid user (system processes are often associated with
root identity as well a the root login user) When a system process
associated with "system_u" creates a "file" in a directory with type
root_t (and there is no type transition rule telling selinux to
transition to default_t) then the file ends up with
system_u:object_r:root_t"

if the file was created by a "real" login user, then the label of the
file indicates that the context associated with the root login user was
wrong because generally the root login user shouldnt be associated with
"system_u"

> b) File created as testuser also has "system_u:object_r:root_t"

provided that the "testuser" identity is not a identity for system
services, than this indicates that both the processes creating the file
as well as the target directory of the file are mislabeled.

ensure that your login users are associated with the expected contexts,
and also ensure that your filesystems are labeled according to the policy

>     but i was expecting something  "unconfined_u:object_r:user_home_t"
>
> Can members please provide any input as to what might be the cause of this
> or any pointers to debug the same.
>
> I am using TEMPFS as a file system .
>
> Thanks ,
> Ashish

-- 
gpg --locate-keys dominick.grift@defensec.nl
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
Dominick Grift

Re: Selinux context type is same for root & normal user both

[Ashish Mishra]

Hi Dominick ,

Thanks for inputs .

a) This is an embedded board which logs in by default as a ROOT user.
     Any pointers as to where can i look to debug the cause due to
which context is "system_u"

b) Apologies , but can you please help method / approach / debug
points by which
    -> I can evaluate the expected contexts for root & testuser
    -> I can see that the labels are created using ls -alZ .
        Is there any other method / debug point to check filesystems
are labeled according to the policy.
        ( as i am using standard refpolicy to create an default policy
on board )


Thanks ,
Ashish

Re: Selinux context type is same for root & normal user both

[Dominick Grift]

Ashish Mishra <ashishm@mvista.com> writes:

> Hi Dominick ,
>
> Thanks for inputs .
>
> a) This is an embedded board which logs in by default as a ROOT user.
>      Any pointers as to where can i look to debug the cause due to
> which context is "system_u"

Lack of PAM support or misconfigurated PAM config (pam_selinux needs to
be present in the appropriate PAM stacks)

>
> b) Apologies , but can you please help method / approach / debug
> points by which
>     -> I can evaluate the expected contexts for root & testuser
>     -> I can see that the labels are created using ls -alZ .
>         Is there any other method / debug point to check filesystems
> are labeled according to the policy.
>         ( as i am using standard refpolicy to create an default policy
> on board )

You start by determining the current context of the login user (id -Z
will print the context of the current shell). Then you determine the
context of the directory in which the file is created (ls -dZ)

With this information you can query:

sesearch -T -s "type returned by id -Z" | grep "type returned by ls -dZ"

That should return any existing "type_transition" rules where the type
of the user is the source and the type of the destination directory is a target

>
>
> Thanks ,
> Ashish

The question is whether you want/need IBAC/RBAC on an embedded device
with only one user (root)

In my policy for OpenWrt (which is a embedded wireless router firmare) i
do not use IBAC/RBAC either and i just add a rule that say's when the
login program (sshd) executes a shell then assume that this is a login
user shell and automatically transition from the sshd context to a specified
user context)

On embedded devices "modular reference policy" does not make sense to
use (these devices generally do not have the resources to compile/link
policy at runtime) IMHO and the "monolithic reference policy" does not work well with
PAM and users.

But, yes, if you want modular refpolicy on a multi-user system then you
probably want PAM

-- 
gpg --locate-keys dominick.grift@defensec.nl
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
Dominick Grift

Re: Selinux context type is same for root & normal user both

[Ashish Mishra]

Hi Dominick ,

Thanks for the inputs above.

1) w.r.t Monolithic , i am trying refpolicy with monolithic design as suggested.

2) I am debugging on the lines you suggested , and prima facie looks like the
    busybox login is being executed here which takes
system_u:object_r:root_t as context

3) Can you please let me know which stable source code for
    a) policycoreutils-python    ( to get semanage on target )
    b) setools-console              ( to get seinfo / sesearch on target )
    Please note that we have integrated userland libraries and tools
projects from https://github.com/SELinuxProject/selinux
    But the above mentioned binaries are not present on target.

Request to please let me know input / feedback if i am missing any
obvious things here

Thanks ,
Ashish







On Mon, Jan 4, 2021 at 6:21 PM Dominick Grift
<dominick.grift@defensec.nl> wrote:
>
> Ashish Mishra <ashishm@mvista.com> writes:
>
> > Hi Dominick ,
> >
> > Thanks for inputs .
> >
> > a) This is an embedded board which logs in by default as a ROOT user.
> >      Any pointers as to where can i look to debug the cause due to
> > which context is "system_u"
>
> Lack of PAM support or misconfigurated PAM config (pam_selinux needs to
> be present in the appropriate PAM stacks)
>
> >
> > b) Apologies , but can you please help method / approach / debug
> > points by which
> >     -> I can evaluate the expected contexts for root & testuser
> >     -> I can see that the labels are created using ls -alZ .
> >         Is there any other method / debug point to check filesystems
> > are labeled according to the policy.
> >         ( as i am using standard refpolicy to create an default policy
> > on board )
>
> You start by determining the current context of the login user (id -Z
> will print the context of the current shell). Then you determine the
> context of the directory in which the file is created (ls -dZ)
>
> With this information you can query:
>
> sesearch -T -s "type returned by id -Z" | grep "type returned by ls -dZ"
>
> That should return any existing "type_transition" rules where the type
> of the user is the source and the type of the destination directory is a target
>
> >
> >
> > Thanks ,
> > Ashish
>
> The question is whether you want/need IBAC/RBAC on an embedded device
> with only one user (root)
>
> In my policy for OpenWrt (which is a embedded wireless router firmare) i
> do not use IBAC/RBAC either and i just add a rule that say's when the
> login program (sshd) executes a shell then assume that this is a login
> user shell and automatically transition from the sshd context to a specified
> user context)
>
> On embedded devices "modular reference policy" does not make sense to
> use (these devices generally do not have the resources to compile/link
> policy at runtime) IMHO and the "monolithic reference policy" does not work well with
> PAM and users.
>
> But, yes, if you want modular refpolicy on a multi-user system then you
> probably want PAM
>
> --
> gpg --locate-keys dominick.grift@defensec.nl
> Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
> https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
> Dominick Grift

Re: Selinux context type is same for root & normal user both

[Dominick Grift]

Ashish Mishra <ashishm@mvista.com> writes:

> Hi Dominick ,
>
> Thanks for the inputs above.
>
> 1) w.r.t Monolithic , i am trying refpolicy with monolithic design as suggested.
>
> 2) I am debugging on the lines you suggested , and prima facie looks like the
>     busybox login is being executed here which takes
> system_u:object_r:root_t as context

I do not understand what you mean by that. Context
"system_u:object_r:root_t" is a "file" context and I do not understand
where you get that from.

Busybox is a shell with built-in modules AFAIK. It should be labeled
"u:object_r:shell_exec_t" IMHO

>
> 3) Can you please let me know which stable source code for
>     a) policycoreutils-python    ( to get semanage on target )
>     b) setools-console              ( to get seinfo / sesearch on target )
>     Please note that we have integrated userland libraries and tools
> projects from https://github.com/SELinuxProject/selinux
>     But the above mentioned binaries are not present on target.

https://github.com/SELinuxProject/selinux/releases/download/20200710/selinux-python-3.1.tar.gz
https://github.com/SELinuxProject/setools/releases/download/4.3.0/setools-4.3.0.tar.bz2

>
> Request to please let me know input / feedback if i am missing any
> obvious things here

Its hard to say. There are quite a few variables and I am not sure
exactly what the current state of your work is and where you want to go
(ie what your goals and requirements are)

I guess you should determine what the login programs used are and then
to address those to ensure that login user shells are labeled the way
you want them labeled.

It is probably best to enclose avc denials for any challenge you face.


>
> Thanks ,
> Ashish
>
>
>
>
>
>
>
> On Mon, Jan 4, 2021 at 6:21 PM Dominick Grift
> <dominick.grift@defensec.nl> wrote:
>>
>> Ashish Mishra <ashishm@mvista.com> writes:
>>
>> > Hi Dominick ,
>> >
>> > Thanks for inputs .
>> >
>> > a) This is an embedded board which logs in by default as a ROOT user.
>> >      Any pointers as to where can i look to debug the cause due to
>> > which context is "system_u"
>>
>> Lack of PAM support or misconfigurated PAM config (pam_selinux needs to
>> be present in the appropriate PAM stacks)
>>
>> >
>> > b) Apologies , but can you please help method / approach / debug
>> > points by which
>> >     -> I can evaluate the expected contexts for root & testuser
>> >     -> I can see that the labels are created using ls -alZ .
>> >         Is there any other method / debug point to check filesystems
>> > are labeled according to the policy.
>> >         ( as i am using standard refpolicy to create an default policy
>> > on board )
>>
>> You start by determining the current context of the login user (id -Z
>> will print the context of the current shell). Then you determine the
>> context of the directory in which the file is created (ls -dZ)
>>
>> With this information you can query:
>>
>> sesearch -T -s "type returned by id -Z" | grep "type returned by ls -dZ"
>>
>> That should return any existing "type_transition" rules where the type
>> of the user is the source and the type of the destination directory is a target
>>
>> >
>> >
>> > Thanks ,
>> > Ashish
>>
>> The question is whether you want/need IBAC/RBAC on an embedded device
>> with only one user (root)
>>
>> In my policy for OpenWrt (which is a embedded wireless router firmare) i
>> do not use IBAC/RBAC either and i just add a rule that say's when the
>> login program (sshd) executes a shell then assume that this is a login
>> user shell and automatically transition from the sshd context to a specified
>> user context)
>>
>> On embedded devices "modular reference policy" does not make sense to
>> use (these devices generally do not have the resources to compile/link
>> policy at runtime) IMHO and the "monolithic reference policy" does not work well with
>> PAM and users.
>>
>> But, yes, if you want modular refpolicy on a multi-user system then you
>> probably want PAM
>>
>> --
>> gpg --locate-keys dominick.grift@defensec.nl
>> Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
>> https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
>> Dominick Grift

-- 
gpg --locate-keys dominick.grift@defensec.nl
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
Dominick Grift

Re: Selinux context type is same for root & normal user both

[Dominick Grift]

Ashish Mishra <ashishm@mvista.com> writes:

> HI Dominick , 
>
> 1) Thanks for pointers . 
>      I will look at the suggestion for login programs. 

I think I understand a little bit what your issue might be now, and if
correct then I believe the focus should be on initial labeling of the filesystem.

>
> 2) The major discrepancy which i am observing is all the folder and files across 
>      filesystem have same context "system_u:object_r:root_t" 
>      Like /etc ,  /var , /bin , /root etc all folders & files have this same context .
>      Attached is the context log for the folder. 

I see, i guess that is rootfs and that it is not labeled initially.
In OpenWrt generally a (readonly) squashfs us used (to boot from) with
overlayfs. The squashfs is labeled at built-time and the root directory of the overlay as well.

I guess that if you want to use rootfs, that you would have to address
initial labeling somehow.

It might help if you tell us a bit about the filesystems used in your
system.



>      
> Any feedback / pointer on point-2 will be helpful .
> I will evaluate the point-1 as suggested . 
>
> Thanks for sharing valuable info. 
> Ashish 
>        
>
> On Wed, Jan 6, 2021 at 7:22 PM Dominick Grift <dominick.grift@defensec.nl> wrote:
>
>  Ashish Mishra <ashishm@mvista.com> writes:
>
>  > Hi Dominick ,
>  >
>  > Thanks for the inputs above.
>  >
>  > 1) w.r.t Monolithic , i am trying refpolicy with monolithic design as suggested.
>  >
>  > 2) I am debugging on the lines you suggested , and prima facie looks like the
>  >     busybox login is being executed here which takes
>  > system_u:object_r:root_t as context
>
>  I do not understand what you mean by that. Context
>  "system_u:object_r:root_t" is a "file" context and I do not understand
>  where you get that from.
>
>  Busybox is a shell with built-in modules AFAIK. It should be labeled
>  "u:object_r:shell_exec_t" IMHO
>
>  >
>  > 3) Can you please let me know which stable source code for
>  >     a) policycoreutils-python    ( to get semanage on target )
>  >     b) setools-console              ( to get seinfo / sesearch on target )
>  >     Please note that we have integrated userland libraries and tools
>  > projects from https://github.com/SELinuxProject/selinux
>  >     But the above mentioned binaries are not present on target.
>
>  https://github.com/SELinuxProject/selinux/releases/download/20200710/selinux-python-3.1.tar.gz
>  https://github.com/SELinuxProject/setools/releases/download/4.3.0/setools-4.3.0.tar.bz2
>
>  >
>  > Request to please let me know input / feedback if i am missing any
>  > obvious things here
>
>  Its hard to say. There are quite a few variables and I am not sure
>  exactly what the current state of your work is and where you want to go
>  (ie what your goals and requirements are)
>
>  I guess you should determine what the login programs used are and then
>  to address those to ensure that login user shells are labeled the way
>  you want them labeled.
>
>  It is probably best to enclose avc denials for any challenge you face.
>
>  >
>  > Thanks ,
>  > Ashish
>  >
>  >
>  >
>  >
>  >
>  >
>  >
>  > On Mon, Jan 4, 2021 at 6:21 PM Dominick Grift
>  > <dominick.grift@defensec.nl> wrote:
>  >>
>  >> Ashish Mishra <ashishm@mvista.com> writes:
>  >>
>  >> > Hi Dominick ,
>  >> >
>  >> > Thanks for inputs .
>  >> >
>  >> > a) This is an embedded board which logs in by default as a ROOT user.
>  >> >      Any pointers as to where can i look to debug the cause due to
>  >> > which context is "system_u"
>  >>
>  >> Lack of PAM support or misconfigurated PAM config (pam_selinux needs to
>  >> be present in the appropriate PAM stacks)
>  >>
>  >> >
>  >> > b) Apologies , but can you please help method / approach / debug
>  >> > points by which
>  >> >     -> I can evaluate the expected contexts for root & testuser
>  >> >     -> I can see that the labels are created using ls -alZ .
>  >> >         Is there any other method / debug point to check filesystems
>  >> > are labeled according to the policy.
>  >> >         ( as i am using standard refpolicy to create an default policy
>  >> > on board )
>  >>
>  >> You start by determining the current context of the login user (id -Z
>  >> will print the context of the current shell). Then you determine the
>  >> context of the directory in which the file is created (ls -dZ)
>  >>
>  >> With this information you can query:
>  >>
>  >> sesearch -T -s "type returned by id -Z" | grep "type returned by ls -dZ"
>  >>
>  >> That should return any existing "type_transition" rules where the type
>  >> of the user is the source and the type of the destination directory is a target
>  >>
>  >> >
>  >> >
>  >> > Thanks ,
>  >> > Ashish
>  >>
>  >> The question is whether you want/need IBAC/RBAC on an embedded device
>  >> with only one user (root)
>  >>
>  >> In my policy for OpenWrt (which is a embedded wireless router firmare) i
>  >> do not use IBAC/RBAC either and i just add a rule that say's when the
>  >> login program (sshd) executes a shell then assume that this is a login
>  >> user shell and automatically transition from the sshd context to a specified
>  >> user context)
>  >>
>  >> On embedded devices "modular reference policy" does not make sense to
>  >> use (these devices generally do not have the resources to compile/link
>  >> policy at runtime) IMHO and the "monolithic reference policy" does not work well with
>  >> PAM and users.
>  >>
>  >> But, yes, if you want modular refpolicy on a multi-user system then you
>  >> probably want PAM
>  >>
>  >> --
>  >> gpg --locate-keys dominick.grift@defensec.nl
>  >> Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
>  >> https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
>  >> Dominick Grift
>
>  -- 
>  gpg --locate-keys dominick.grift@defensec.nl
>  Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
>  https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
>  Dominick Grift
>
>

-- 
gpg --locate-keys dominick.grift@defensec.nl
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
Dominick Grift

Re: Selinux context type is same for root & normal user both

[Ashish Mishra]

Hi Dominick ,
Thanks for your valuable time and inputs .

As a background w.r.t ROOTFS :
a) We had an custom SDK which is a basic makefile based SDK .

b) The rootfs was RAMFS based .
     For selinux we switched from RAMFS to TEMPFS

c) It was not having SELINUX , so we added refpolicy & selinux-userland
     Expectation was we will get working selinux context & policy.
     I have the policy but the context is being the same for each file
and folder .

d)  The setup is being evaluated for tempfs ( INITRAMFS-as -TEMPFS +
SELINUX ) w.r.t output of mount command :
~ # mount
rootfs on / type rootfs (rw,seclabel,size=253620k,nr_inodes=63405)
sysfs on /sys type sysfs (rw,seclabel,relatime)
selinuxfs on /sys/fs/selinux type selinuxfs (rw,nosuid,noexec,relatime)
nodev on /dev type devtmpfs
(rw,seclabel,relatime,size=253620k,nr_inodes=63405,mode=755)
none on /proc type proc (rw,relatime)
none on /dev/shm type tmpfs (rw,seclabel,relatime)
none on /dev/pts type devpts (rw,seclabel,relatime,mode=600,ptmxmode=000)
none on /sys/kernel/debug type debugfs (rw,seclabel,relatime)
none on /mnth type hugetlbfs (rw,seclabel,relatime)
cgroup on /sys/fs/cgroup type tmpfs (rw,seclabel,relatime,mode=755)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu type cgroup (rw,relatime,cpu)
cgroup on /sys/fs/cgroup/cpuacct type cgroup (rw,relatime,cpuacct)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,relatime,blkio)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,relatime,memory)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,relatime,net_cls)
cgroup on /sys/fs/cgroup/net_prio type cgroup (rw,relatime,net_prio)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,relatime,hugetlb)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,relatime,pids)
cgroup on /sys/fs/cgroup/debug type cgroup (rw,relatime,debug)
cgroups on /sys/fs/cgroup/unified type cgroup2 (rw,relatime)


Thanks ,
Ashish

Re: Selinux context type is same for root & normal user both

[Dominick Grift]

Ashish Mishra <ashishm@mvista.com> writes:

> Hi Dominick ,
> Thanks for your valuable time and inputs .
>
> As a background w.r.t ROOTFS :
> a) We had an custom SDK which is a basic makefile based SDK .
>
> b) The rootfs was RAMFS based .
>      For selinux we switched from RAMFS to TEMPFS
>
> c) It was not having SELINUX , so we added refpolicy & selinux-userland
>      Expectation was we will get working selinux context & policy.
>      I have the policy but the context is being the same for each file
> and folder .

You also have to address labeling. If your filesystem is ram-based
(volatile) then I
suspect you will have to address labeling at runtime (ie run
setfiles/restorecon to label the filesystem). The point is that
your filesystem is currently not labeled according to the reference
policy.

>
> d)  The setup is being evaluated for tempfs ( INITRAMFS-as -TEMPFS +
> SELINUX ) w.r.t output of mount command :
> ~ # mount
> rootfs on / type rootfs (rw,seclabel,size=253620k,nr_inodes=63405)
> sysfs on /sys type sysfs (rw,seclabel,relatime)
> selinuxfs on /sys/fs/selinux type selinuxfs (rw,nosuid,noexec,relatime)
> nodev on /dev type devtmpfs
> (rw,seclabel,relatime,size=253620k,nr_inodes=63405,mode=755)
> none on /proc type proc (rw,relatime)
> none on /dev/shm type tmpfs (rw,seclabel,relatime)
> none on /dev/pts type devpts (rw,seclabel,relatime,mode=600,ptmxmode=000)
> none on /sys/kernel/debug type debugfs (rw,seclabel,relatime)
> none on /mnth type hugetlbfs (rw,seclabel,relatime)
> cgroup on /sys/fs/cgroup type tmpfs (rw,seclabel,relatime,mode=755)
> cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,relatime,cpuset)
> cgroup on /sys/fs/cgroup/cpu type cgroup (rw,relatime,cpu)
> cgroup on /sys/fs/cgroup/cpuacct type cgroup (rw,relatime,cpuacct)
> cgroup on /sys/fs/cgroup/blkio type cgroup (rw,relatime,blkio)
> cgroup on /sys/fs/cgroup/memory type cgroup (rw,relatime,memory)
> cgroup on /sys/fs/cgroup/devices type cgroup (rw,relatime,devices)
> cgroup on /sys/fs/cgroup/freezer type cgroup (rw,relatime,freezer)
> cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,relatime,net_cls)
> cgroup on /sys/fs/cgroup/net_prio type cgroup (rw,relatime,net_prio)
> cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,relatime,hugetlb)
> cgroup on /sys/fs/cgroup/pids type cgroup (rw,relatime,pids)
> cgroup on /sys/fs/cgroup/debug type cgroup (rw,relatime,debug)
> cgroups on /sys/fs/cgroup/unified type cgroup2 (rw,relatime)
>
>
> Thanks ,
> Ashish

-- 
gpg --locate-keys dominick.grift@defensec.nl
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
Dominick Grift

Re: Selinux context type is same for root & normal user both

[Ashish Mishra]

Hi Dominick ,

Will look at the re-labelling as you suggested.
Is there any doc / blog / implementation etc to understand the
sequence and commands to do this.
To understand this step in a better way.

We are working with such a setup freshly so any inputs / guidance will
be helpful.

Thanks for your time & inputs for this long thread .

Thanks ,
Ashish










On Wed, Jan 6, 2021 at 8:34 PM Dominick Grift
<dominick.grift@defensec.nl> wrote:
>
> Ashish Mishra <ashishm@mvista.com> writes:
>
> > Hi Dominick ,
> > Thanks for your valuable time and inputs .
> >
> > As a background w.r.t ROOTFS :
> > a) We had an custom SDK which is a basic makefile based SDK .
> >
> > b) The rootfs was RAMFS based .
> >      For selinux we switched from RAMFS to TEMPFS
> >
> > c) It was not having SELINUX , so we added refpolicy & selinux-userland
> >      Expectation was we will get working selinux context & policy.
> >      I have the policy but the context is being the same for each file
> > and folder .
>
> You also have to address labeling. If your filesystem is ram-based
> (volatile) then I
> suspect you will have to address labeling at runtime (ie run
> setfiles/restorecon to label the filesystem). The point is that
> your filesystem is currently not labeled according to the reference
> policy.
>
> >
> > d)  The setup is being evaluated for tempfs ( INITRAMFS-as -TEMPFS +
> > SELINUX ) w.r.t output of mount command :
> > ~ # mount
> > rootfs on / type rootfs (rw,seclabel,size=253620k,nr_inodes=63405)
> > sysfs on /sys type sysfs (rw,seclabel,relatime)
> > selinuxfs on /sys/fs/selinux type selinuxfs (rw,nosuid,noexec,relatime)
> > nodev on /dev type devtmpfs
> > (rw,seclabel,relatime,size=253620k,nr_inodes=63405,mode=755)
> > none on /proc type proc (rw,relatime)
> > none on /dev/shm type tmpfs (rw,seclabel,relatime)
> > none on /dev/pts type devpts (rw,seclabel,relatime,mode=600,ptmxmode=000)
> > none on /sys/kernel/debug type debugfs (rw,seclabel,relatime)
> > none on /mnth type hugetlbfs (rw,seclabel,relatime)
> > cgroup on /sys/fs/cgroup type tmpfs (rw,seclabel,relatime,mode=755)
> > cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,relatime,cpuset)
> > cgroup on /sys/fs/cgroup/cpu type cgroup (rw,relatime,cpu)
> > cgroup on /sys/fs/cgroup/cpuacct type cgroup (rw,relatime,cpuacct)
> > cgroup on /sys/fs/cgroup/blkio type cgroup (rw,relatime,blkio)
> > cgroup on /sys/fs/cgroup/memory type cgroup (rw,relatime,memory)
> > cgroup on /sys/fs/cgroup/devices type cgroup (rw,relatime,devices)
> > cgroup on /sys/fs/cgroup/freezer type cgroup (rw,relatime,freezer)
> > cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,relatime,net_cls)
> > cgroup on /sys/fs/cgroup/net_prio type cgroup (rw,relatime,net_prio)
> > cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,relatime,hugetlb)
> > cgroup on /sys/fs/cgroup/pids type cgroup (rw,relatime,pids)
> > cgroup on /sys/fs/cgroup/debug type cgroup (rw,relatime,debug)
> > cgroups on /sys/fs/cgroup/unified type cgroup2 (rw,relatime)
> >
> >
> > Thanks ,
> > Ashish
>
> --
> gpg --locate-keys dominick.grift@defensec.nl
> Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
> https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
> Dominick Grift

Re: Selinux context type is same for root & normal user both

[Dominick Grift]

Ashish Mishra <ashishm@mvista.com> writes:

> Hi Dominick ,
>
> Will look at the re-labelling as you suggested.
> Is there any doc / blog / implementation etc to understand the
> sequence and commands to do this.
> To understand this step in a better way.
>
> We are working with such a setup freshly so any inputs / guidance will
> be helpful.
>
> Thanks for your time & inputs for this long thread .

For docs i would suggest selinuxproject.org and
https://github.com/SELinuxProject/selinux-notebook/blob/main/src/toc.md

For implementations i would suggest looking at how OpenWrt implemented
SELinux as this is a very simple implementation and the target seems to
be relatively similar to yours with the exception that OpenWrt does not
use a volatile root but instead uses a read-only squashfs and a overlay.

You can also look at Fedora CoreOS for inspiration, and Googles SEAndroid.

Implementing meaningful SELinux for exotic use cases like yours is not
trivial though IMHO. Using reference policy as a base-policy might not
be optimal for your use-case (to say the least) and it would probably be easier to create a
policy from scratch instead in the longer run.

>
> Thanks ,
> Ashish
>
>
>
>
>
>
>
>
>
>
> On Wed, Jan 6, 2021 at 8:34 PM Dominick Grift
> <dominick.grift@defensec.nl> wrote:
>>
>> Ashish Mishra <ashishm@mvista.com> writes:
>>
>> > Hi Dominick ,
>> > Thanks for your valuable time and inputs .
>> >
>> > As a background w.r.t ROOTFS :
>> > a) We had an custom SDK which is a basic makefile based SDK .
>> >
>> > b) The rootfs was RAMFS based .
>> >      For selinux we switched from RAMFS to TEMPFS
>> >
>> > c) It was not having SELINUX , so we added refpolicy & selinux-userland
>> >      Expectation was we will get working selinux context & policy.
>> >      I have the policy but the context is being the same for each file
>> > and folder .
>>
>> You also have to address labeling. If your filesystem is ram-based
>> (volatile) then I
>> suspect you will have to address labeling at runtime (ie run
>> setfiles/restorecon to label the filesystem). The point is that
>> your filesystem is currently not labeled according to the reference
>> policy.
>>
>> >
>> > d)  The setup is being evaluated for tempfs ( INITRAMFS-as -TEMPFS +
>> > SELINUX ) w.r.t output of mount command :
>> > ~ # mount
>> > rootfs on / type rootfs (rw,seclabel,size=253620k,nr_inodes=63405)
>> > sysfs on /sys type sysfs (rw,seclabel,relatime)
>> > selinuxfs on /sys/fs/selinux type selinuxfs (rw,nosuid,noexec,relatime)
>> > nodev on /dev type devtmpfs
>> > (rw,seclabel,relatime,size=253620k,nr_inodes=63405,mode=755)
>> > none on /proc type proc (rw,relatime)
>> > none on /dev/shm type tmpfs (rw,seclabel,relatime)
>> > none on /dev/pts type devpts (rw,seclabel,relatime,mode=600,ptmxmode=000)
>> > none on /sys/kernel/debug type debugfs (rw,seclabel,relatime)
>> > none on /mnth type hugetlbfs (rw,seclabel,relatime)
>> > cgroup on /sys/fs/cgroup type tmpfs (rw,seclabel,relatime,mode=755)
>> > cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,relatime,cpuset)
>> > cgroup on /sys/fs/cgroup/cpu type cgroup (rw,relatime,cpu)
>> > cgroup on /sys/fs/cgroup/cpuacct type cgroup (rw,relatime,cpuacct)
>> > cgroup on /sys/fs/cgroup/blkio type cgroup (rw,relatime,blkio)
>> > cgroup on /sys/fs/cgroup/memory type cgroup (rw,relatime,memory)
>> > cgroup on /sys/fs/cgroup/devices type cgroup (rw,relatime,devices)
>> > cgroup on /sys/fs/cgroup/freezer type cgroup (rw,relatime,freezer)
>> > cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,relatime,net_cls)
>> > cgroup on /sys/fs/cgroup/net_prio type cgroup (rw,relatime,net_prio)
>> > cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,relatime,hugetlb)
>> > cgroup on /sys/fs/cgroup/pids type cgroup (rw,relatime,pids)
>> > cgroup on /sys/fs/cgroup/debug type cgroup (rw,relatime,debug)
>> > cgroups on /sys/fs/cgroup/unified type cgroup2 (rw,relatime)
>> >
>> >
>> > Thanks ,
>> > Ashish
>>
>> --
>> gpg --locate-keys dominick.grift@defensec.nl
>> Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
>> https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
>> Dominick Grift

-- 
gpg --locate-keys dominick.grift@defensec.nl
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
Dominick Grift

Re: Selinux context type is same for root & normal user both

[Ondrej Mosnacek]

On Wed, Jan 6, 2021 at 4:40 PM Dominick Grift
<dominick.grift@defensec.nl> wrote:
> Ashish Mishra <ashishm@mvista.com> writes:
>
> > Hi Dominick ,
> >
> > Will look at the re-labelling as you suggested.
> > Is there any doc / blog / implementation etc to understand the
> > sequence and commands to do this.
> > To understand this step in a better way.
> >
> > We are working with such a setup freshly so any inputs / guidance will
> > be helpful.
> >
> > Thanks for your time & inputs for this long thread .
>
> For docs i would suggest selinuxproject.org and
> https://github.com/SELinuxProject/selinux-notebook/blob/main/src/toc.md
>
> For implementations i would suggest looking at how OpenWrt implemented
> SELinux as this is a very simple implementation and the target seems to
> be relatively similar to yours with the exception that OpenWrt does not
> use a volatile root but instead uses a read-only squashfs and a overlay.
>
> You can also look at Fedora CoreOS for inspiration, and Googles SEAndroid.
>
> Implementing meaningful SELinux for exotic use cases like yours is not
> trivial though IMHO. Using reference policy as a base-policy might not
> be optimal for your use-case (to say the least) and it would probably be easier to create a
> policy from scratch instead in the longer run.

Well said. I'll just add that you'll at the very least need to remove
the "genfscon" rule for "rootfs" from your policy and replace it with
an appropriate "fs_use_xattr" one to be able to relabel the root
filesystem. (Assuming it uses tmpfs under the hood (or supports
xattrs), otherwise you may need to mount tmpfs somewhere and chroot
into it at the beginning of your init script. Or something like
that...)

-- 
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.

Re: Selinux context type is same for root & normal user both

[Ashish Mishra]

Hi Dominick / Ondrej ,

Thanks for valuable inputs , I will try to evaluate them .

Ashish

On Wed, Jan 6, 2021 at 9:30 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
>
> On Wed, Jan 6, 2021 at 4:40 PM Dominick Grift
> <dominick.grift@defensec.nl> wrote:
> > Ashish Mishra <ashishm@mvista.com> writes:
> >
> > > Hi Dominick ,
> > >
> > > Will look at the re-labelling as you suggested.
> > > Is there any doc / blog / implementation etc to understand the
> > > sequence and commands to do this.
> > > To understand this step in a better way.
> > >
> > > We are working with such a setup freshly so any inputs / guidance will
> > > be helpful.
> > >
> > > Thanks for your time & inputs for this long thread .
> >
> > For docs i would suggest selinuxproject.org and
> > https://github.com/SELinuxProject/selinux-notebook/blob/main/src/toc.md
> >
> > For implementations i would suggest looking at how OpenWrt implemented
> > SELinux as this is a very simple implementation and the target seems to
> > be relatively similar to yours with the exception that OpenWrt does not
> > use a volatile root but instead uses a read-only squashfs and a overlay.
> >
> > You can also look at Fedora CoreOS for inspiration, and Googles SEAndroid.
> >
> > Implementing meaningful SELinux for exotic use cases like yours is not
> > trivial though IMHO. Using reference policy as a base-policy might not
> > be optimal for your use-case (to say the least) and it would probably be easier to create a
> > policy from scratch instead in the longer run.
>
> Well said. I'll just add that you'll at the very least need to remove
> the "genfscon" rule for "rootfs" from your policy and replace it with
> an appropriate "fs_use_xattr" one to be able to relabel the root
> filesystem. (Assuming it uses tmpfs under the hood (or supports
> xattrs), otherwise you may need to mount tmpfs somewhere and chroot
> into it at the beginning of your init script. Or something like
> that...)
>
> --
> Ondrej Mosnacek
> Software Engineer, Platform Security - SELinux kernel
> Red Hat, Inc.
>

Re: Selinux context type is same for root & normal user both

[Dominick Grift]

Ashish Mishra <ashishm@mvista.com> writes:

> Hi Dominick / Ondrej ,
>
> Thanks for valuable inputs , I will try to evaluate them .
>
> Ashish

We have a IRC channel on chat.freenode.net where we can have casual and
more interactive conversations if youre interested in that

https://freenode.net/kb/answer/chat

>
> On Wed, Jan 6, 2021 at 9:30 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
>>
>> On Wed, Jan 6, 2021 at 4:40 PM Dominick Grift
>> <dominick.grift@defensec.nl> wrote:
>> > Ashish Mishra <ashishm@mvista.com> writes:
>> >
>> > > Hi Dominick ,
>> > >
>> > > Will look at the re-labelling as you suggested.
>> > > Is there any doc / blog / implementation etc to understand the
>> > > sequence and commands to do this.
>> > > To understand this step in a better way.
>> > >
>> > > We are working with such a setup freshly so any inputs / guidance will
>> > > be helpful.
>> > >
>> > > Thanks for your time & inputs for this long thread .
>> >
>> > For docs i would suggest selinuxproject.org and
>> > https://github.com/SELinuxProject/selinux-notebook/blob/main/src/toc.md
>> >
>> > For implementations i would suggest looking at how OpenWrt implemented
>> > SELinux as this is a very simple implementation and the target seems to
>> > be relatively similar to yours with the exception that OpenWrt does not
>> > use a volatile root but instead uses a read-only squashfs and a overlay.
>> >
>> > You can also look at Fedora CoreOS for inspiration, and Googles SEAndroid.
>> >
>> > Implementing meaningful SELinux for exotic use cases like yours is not
>> > trivial though IMHO. Using reference policy as a base-policy might not
>> > be optimal for your use-case (to say the least) and it would probably be easier to create a
>> > policy from scratch instead in the longer run.
>>
>> Well said. I'll just add that you'll at the very least need to remove
>> the "genfscon" rule for "rootfs" from your policy and replace it with
>> an appropriate "fs_use_xattr" one to be able to relabel the root
>> filesystem. (Assuming it uses tmpfs under the hood (or supports
>> xattrs), otherwise you may need to mount tmpfs somewhere and chroot
>> into it at the beginning of your init script. Or something like
>> that...)
>>
>> --
>> Ondrej Mosnacek
>> Software Engineer, Platform Security - SELinux kernel
>> Red Hat, Inc.
>>

-- 
gpg --locate-keys dominick.grift@defensec.nl
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
Dominick Grift

Re: Selinux context type is same for root & normal user both

[Ashish Mishra]

Thanks Dominick ,
This will be helpful , i will try to use IRC also

Thanks ,
Ashish

On Wed, Jan 6, 2021 at 10:09 PM Dominick Grift
<dominick.grift@defensec.nl> wrote:
>
> Ashish Mishra <ashishm@mvista.com> writes:
>
> > Hi Dominick / Ondrej ,
> >
> > Thanks for valuable inputs , I will try to evaluate them .
> >
> > Ashish
>
> We have a IRC channel on chat.freenode.net where we can have casual and
> more interactive conversations if youre interested in that
>
> https://freenode.net/kb/answer/chat
>
> >
> > On Wed, Jan 6, 2021 at 9:30 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> >>
> >> On Wed, Jan 6, 2021 at 4:40 PM Dominick Grift
> >> <dominick.grift@defensec.nl> wrote:
> >> > Ashish Mishra <ashishm@mvista.com> writes:
> >> >
> >> > > Hi Dominick ,
> >> > >
> >> > > Will look at the re-labelling as you suggested.
> >> > > Is there any doc / blog / implementation etc to understand the
> >> > > sequence and commands to do this.
> >> > > To understand this step in a better way.
> >> > >
> >> > > We are working with such a setup freshly so any inputs / guidance will
> >> > > be helpful.
> >> > >
> >> > > Thanks for your time & inputs for this long thread .
> >> >
> >> > For docs i would suggest selinuxproject.org and
> >> > https://github.com/SELinuxProject/selinux-notebook/blob/main/src/toc.md
> >> >
> >> > For implementations i would suggest looking at how OpenWrt implemented
> >> > SELinux as this is a very simple implementation and the target seems to
> >> > be relatively similar to yours with the exception that OpenWrt does not
> >> > use a volatile root but instead uses a read-only squashfs and a overlay.
> >> >
> >> > You can also look at Fedora CoreOS for inspiration, and Googles SEAndroid.
> >> >
> >> > Implementing meaningful SELinux for exotic use cases like yours is not
> >> > trivial though IMHO. Using reference policy as a base-policy might not
> >> > be optimal for your use-case (to say the least) and it would probably be easier to create a
> >> > policy from scratch instead in the longer run.
> >>
> >> Well said. I'll just add that you'll at the very least need to remove
> >> the "genfscon" rule for "rootfs" from your policy and replace it with
> >> an appropriate "fs_use_xattr" one to be able to relabel the root
> >> filesystem. (Assuming it uses tmpfs under the hood (or supports
> >> xattrs), otherwise you may need to mount tmpfs somewhere and chroot
> >> into it at the beginning of your init script. Or something like
> >> that...)
> >>
> >> --
> >> Ondrej Mosnacek
> >> Software Engineer, Platform Security - SELinux kernel
> >> Red Hat, Inc.
> >>
>
> --
> gpg --locate-keys dominick.grift@defensec.nl
> Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
> https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
> Dominick Grift

Re: Selinux context type is same for root & normal user both

[Ashish Mishra]

[-- Attachment #1: Type: text/plain, Size: 2925 bytes --]

Hi Dominick ,

1) Thanks for pointers .
     I will look at the suggestion for login programs.

2) The major discrepancy which i am observing is all the folder and files across
     filesystem have same context "system_u:object_r:root_t"
     Like /etc ,  /var , /bin , /root etc all folders & files have
this same context .
     Attached is the context log for the folder.

Any feedback / pointer on point-2 will be helpful .
I will evaluate the point-1 as suggested .

Thanks for sharing valuable info.
Ashish


On Mon, Jan 4, 2021 at 6:21 PM Dominick Grift
<dominick.grift@defensec.nl> wrote:
>
> Ashish Mishra <ashishm@mvista.com> writes:
>
> > Hi Dominick ,
> >
> > Thanks for inputs .
> >
> > a) This is an embedded board which logs in by default as a ROOT user.
> >      Any pointers as to where can i look to debug the cause due to
> > which context is "system_u"
>
> Lack of PAM support or misconfigurated PAM config (pam_selinux needs to
> be present in the appropriate PAM stacks)
>
> >
> > b) Apologies , but can you please help method / approach / debug
> > points by which
> >     -> I can evaluate the expected contexts for root & testuser
> >     -> I can see that the labels are created using ls -alZ .
> >         Is there any other method / debug point to check filesystems
> > are labeled according to the policy.
> >         ( as i am using standard refpolicy to create an default policy
> > on board )
>
> You start by determining the current context of the login user (id -Z
> will print the context of the current shell). Then you determine the
> context of the directory in which the file is created (ls -dZ)
>
> With this information you can query:
>
> sesearch -T -s "type returned by id -Z" | grep "type returned by ls -dZ"
>
> That should return any existing "type_transition" rules where the type
> of the user is the source and the type of the destination directory is a target
>
> >
> >
> > Thanks ,
> > Ashish
>
> The question is whether you want/need IBAC/RBAC on an embedded device
> with only one user (root)
>
> In my policy for OpenWrt (which is a embedded wireless router firmare) i
> do not use IBAC/RBAC either and i just add a rule that say's when the
> login program (sshd) executes a shell then assume that this is a login
> user shell and automatically transition from the sshd context to a specified
> user context)
>
> On embedded devices "modular reference policy" does not make sense to
> use (these devices generally do not have the resources to compile/link
> policy at runtime) IMHO and the "monolithic reference policy" does not work well with
> PAM and users.
>
> But, yes, if you want modular refpolicy on a multi-user system then you
> probably want PAM
>
> --
> gpg --locate-keys dominick.grift@defensec.nl
> Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
> https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
> Dominick Grift

[-- Attachment #2: secontext-for-folders.txt --]
[-- Type: text/plain, Size: 32285 bytes --]

home # ps -Z
  PID CONTEXT                          STAT COMMAND
    1 system_u:system_r:kernel_t       S    init
    2 system_u:system_r:kernel_t       SW   [kthreadd]
    3 system_u:system_r:kernel_t       SW   [ksoftirqd/0]
    4 system_u:system_r:kernel_t       SW   [kworker/0:0]
    5 system_u:system_r:kernel_t       SW<  [kworker/0:0H]
    6 system_u:system_r:kernel_t       SW   [kworker/u8:0]
    7 system_u:system_r:kernel_t       SW   [rcu_sched]
    8 system_u:system_r:kernel_t       SW   [rcu_bh]
    9 system_u:system_r:kernel_t       SW   [migration/0]
   10 system_u:system_r:kernel_t       SW<  [lru-add-drain]
   11 system_u:system_r:kernel_t       SW   [cpuhp/0]
   12 system_u:system_r:kernel_t       SW   [kdevtmpfs]
   13 system_u:system_r:kernel_t       SW<  [netns]
   14 system_u:system_r:kernel_t       SW   [oom_reaper]
   15 system_u:system_r:kernel_t       SW   [kworker/u8:1]
  124 system_u:system_r:kernel_t       SW<  [writeback]
  126 system_u:system_r:kernel_t       SW   [kcompactd0]
  127 system_u:system_r:kernel_t       SW<  [bioset]
  129 system_u:system_r:kernel_t       SW<  [kblockd]
  151 system_u:system_r:kernel_t       SW   [kworker/0:1]
  167 system_u:system_r:kernel_t       SW   [kswapd0]
  168 system_u:system_r:kernel_t       SW<  [vmstat]
  787 system_u:system_r:kernel_t       SW<  [ipv6_addrconf]
  798 system_u:system_r:kernel_t       S    syslogd
  805 system_u:system_r:kernel_t       S<   auditd
  808 system_u:system_r:kernel_t       SW   [kauditd]
  859 system_u:system_r:kernel_t       R    /bin/sm_manager
  861 system_u:system_r:kernel_t       S    /bin/sh
  880 system_u:system_r:kernel_t       R    ps -Z
/home # 
/home # 
/home # 
/home # ls
test      testfile
/home # cd  
~ # ls
bin      etc      lib      lxc      proc     share    usr
dev      home     lib64    mnt      root     sys      var
drivers  init     linuxrc  mnth     sbin     tmp
~ # cd /etc/
/etc # ls
audisp         gshadow        mtab           selinux        udhcpd.conf
audit          host.conf      pam.d          sestatus.conf  xattr.conf
default        hosts          passwd         shadow
environment    inittab        protocols      subgid
fstab          libaudit.conf  rc.d           subuid
group          lxc            security       sysconfig
/etc # cd 
~ # ls
bin      etc      lib      lxc      proc     share    usr
dev      home     lib64    mnt      root     sys      var
drivers  init     linuxrc  mnth     sbin     tmp
~ # 
~ # 
~ # ls -alZ bin/
drwxr-xr-x    2 root     root     system_u:object_r:root_t              1620 Jan  4 23:29 .
drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 arch -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ash -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t           1267040 Jan  4 23:29 bash
-rwxr-xr-x    1 root     root     system_u:object_r:root_t           1593984 Jan  4 23:29 busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cat -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t              7664 Jan  4 23:29 cav_sh
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chattr -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chgrp -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chmod -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chown -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cp -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cttyhack -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 date -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 dd -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t               200 Jan  4 23:29 delete_smapp.sh
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 df -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 dmesg -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 echo -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 egrep -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 false -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fatattr -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fdflush -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fgrep -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fsync -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 getopt -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 grep -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 gunzip -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 gzip -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ionice -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 iostat -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 kill -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 link -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 linux32 -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 linux64 -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ln -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 login -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ls -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t              7736 Jan  4 23:29 lsmod
-rwxr-xr-x    1 root     root     system_u:object_r:root_t            128952 Jan  4 23:29 lspci
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mkdir -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mknod -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mktemp -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 more -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mount -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mountpoint -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mv -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 nice -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 nuke -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 pidof -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 pipe_progress -> /bin/busybox
~ # ls -alZ etc
drwxr-xr-x   11 root     root     system_u:object_r:root_t               560 Jan  6 12:37 .
drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
drwxr-xr-x    3 root     root     system_u:object_r:root_t               100 Jan  4 23:07 audisp
drwxr-xr-x    2 root     root     system_u:object_r:root_t                80 Jan  4 23:07 audit
drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:17 default
-rw-r--r--    1 root     root     system_u:object_r:root_t                97 Jan  4 23:17 environment
-rw-r--r--    1 root     root     system_u:object_r:root_t               330 Jan  4 23:09 fstab
-rw-r--r--    1 root     root     system_u:object_r:root_t                21 Jan  4 23:09 group
-rw-r--r--    1 root     root     system_u:object_r:root_t                 9 Jan  4 23:09 gshadow
-rw-r--r--    1 root     root     system_u:object_r:root_t                17 Jan  4 23:09 host.conf
-rw-r--r--    1 root     root     system_u:object_r:root_t                20 Jan  4 23:09 hosts
-rw-r--r--    1 root     root     system_u:object_r:root_t                55 Jan  4 23:09 inittab
-rw-r-----    1 root     root     system_u:object_r:root_t               191 Jan  4 23:07 libaudit.conf
drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:17 lxc
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mtab -> /proc/mounts
drwxr-xr-x    2 root     root     system_u:object_r:root_t                40 Jan  4 23:08 pam.d
-rw-r--r--    1 root     root     system_u:object_r:root_t                70 Jan  4 23:09 passwd
-rw-r--r--    1 root     root     system_u:object_r:root_t              6108 Jan  4 23:09 protocols
drwxr-xr-x    3 root     root     system_u:object_r:root_t                60 Jan  4 23:07 rc.d
drwxr-xr-x    4 root     root     system_u:object_r:root_t               260 Jan  4 23:18 security
drwxr-xr-x    3 root     root     system_u:object_r:root_t               100 Jan  4 23:29 selinux
-rw-r--r--    1 root     root     system_u:object_r:root_t               216 Jan  4 23:08 sestatus.conf
-rw-r--r--    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 shadow
-rw-r--r--    1 root     root     system_u:object_r:root_t                19 Jan  6 12:37 subgid
-rw-r--r--    1 root     root     system_u:object_r:root_t                19 Jan  6 12:37 subuid
drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:07 sysconfig
-rw-r--r--    1 root     root     system_u:object_r:root_t              3048 Jan  4 23:09 udhcpd.conf
-rw-r--r--    1 root     root     system_u:object_r:root_t               642 Jan  4 23:13 xattr.conf
~ # ls
bin      etc      lib      lxc      proc     share    usr
dev      home     lib64    mnt      root     sys      var
drivers  init     linuxrc  mnth     sbin     tmp
~ # ^C
~ # ls -alZ bin
drwxr-xr-x    2 root     root     system_u:object_r:root_t              1620 Jan  4 23:29 .
drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 arch -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ash -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t           1267040 Jan  4 23:29 bash
-rwxr-xr-x    1 root     root     system_u:object_r:root_t           1593984 Jan  4 23:29 busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cat -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t              7664 Jan  4 23:29 cav_sh
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chattr -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chgrp -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chmod -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chown -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cp -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cttyhack -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 date -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 dd -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t               200 Jan  4 23:29 delete_smapp.sh
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 df -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 dmesg -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 echo -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 egrep -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 false -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fatattr -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fdflush -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fgrep -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fsync -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 getopt -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 grep -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 gunzip -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 gzip -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ionice -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 iostat -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 kill -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 link -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 linux32 -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 linux64 -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ln -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 login -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ls -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t              7736 Jan  4 23:29 lsmod
-rwxr-xr-x    1 root     root     system_u:object_r:root_t            128952 Jan  4 23:29 lspci
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mkdir -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mknod -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mktemp -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 more -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mount -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mountpoint -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mv -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 nice -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 nuke -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 pidof -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 pipe_progress -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t             13397 Jan  4 23:29 pow_test
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 printenv -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ps -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 pwd -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 resume -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 rev -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 rm -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 rmdir -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 sed -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t             61160 Jan  4 23:29 setpci
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 setpriv -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 sh -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 sleep -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t            298279 Jan  4 23:29 sm_manager
-rwxr-xr-x    1 root     root     system_u:object_r:root_t               781 Jan  4 23:29 smapp_manage.sh
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 stat -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 stty -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 su -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 sync -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 tar -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 touch -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 true -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 umount -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 uname -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t              1340 Jan  4 23:29 upgrade_smapp.sh
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 usleep -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 vi -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 watch -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 zcat -> /bin/busybox
~ # ls -alZ etc
drwxr-xr-x   11 root     root     system_u:object_r:root_t               560 Jan  6 12:37 .
drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
drwxr-xr-x    3 root     root     system_u:object_r:root_t               100 Jan  4 23:07 audisp
drwxr-xr-x    2 root     root     system_u:object_r:root_t                80 Jan  4 23:07 audit
drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:17 default
-rw-r--r--    1 root     root     system_u:object_r:root_t                97 Jan  4 23:17 environment
-rw-r--r--    1 root     root     system_u:object_r:root_t               330 Jan  4 23:09 fstab
-rw-r--r--    1 root     root     system_u:object_r:root_t                21 Jan  4 23:09 group
-rw-r--r--    1 root     root     system_u:object_r:root_t                 9 Jan  4 23:09 gshadow
-rw-r--r--    1 root     root     system_u:object_r:root_t                17 Jan  4 23:09 host.conf
-rw-r--r--    1 root     root     system_u:object_r:root_t                20 Jan  4 23:09 hosts
-rw-r--r--    1 root     root     system_u:object_r:root_t                55 Jan  4 23:09 inittab
-rw-r-----    1 root     root     system_u:object_r:root_t               191 Jan  4 23:07 libaudit.conf
drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:17 lxc
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mtab -> /proc/mounts
drwxr-xr-x    2 root     root     system_u:object_r:root_t                40 Jan  4 23:08 pam.d
-rw-r--r--    1 root     root     system_u:object_r:root_t                70 Jan  4 23:09 passwd
-rw-r--r--    1 root     root     system_u:object_r:root_t              6108 Jan  4 23:09 protocols
drwxr-xr-x    3 root     root     system_u:object_r:root_t                60 Jan  4 23:07 rc.d
drwxr-xr-x    4 root     root     system_u:object_r:root_t               260 Jan  4 23:18 security
drwxr-xr-x    3 root     root     system_u:object_r:root_t               100 Jan  4 23:29 selinux
-rw-r--r--    1 root     root     system_u:object_r:root_t               216 Jan  4 23:08 sestatus.conf
-rw-r--r--    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 shadow
-rw-r--r--    1 root     root     system_u:object_r:root_t                19 Jan  6 12:37 subgid
-rw-r--r--    1 root     root     system_u:object_r:root_t                19 Jan  6 12:37 subuid
drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:07 sysconfig
-rw-r--r--    1 root     root     system_u:object_r:root_t              3048 Jan  4 23:09 udhcpd.conf
-rw-r--r--    1 root     root     system_u:object_r:root_t               642 Jan  4 23:13 xattr.conf
~ # ls -alZ lib
drwxr-xr-x    3 root     root     system_u:object_r:root_t                60 Jan  4 23:07 .
drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
drwxr-xr-x    3 root     root     system_u:object_r:root_t                60 Jan  4 23:07 modules
~ # ls -alZ li
lib/     lib64/   linuxrc
~ # ls -alZ li
lib/     lib64/   linuxrc
~ # ls -alZ li64
ls: li64: No such file or directory
~ # ls -alZ lib64
drwxr-xr-x    3 root     root     system_u:object_r:root_t              1320 Jan  4 23:29 .
drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
-r-xr-xr-x    1 root     root     system_u:object_r:root_t            210624 Jan  4 23:29 ld-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                10 Jan  4 23:29 ld.so.1 -> ld-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             67824 Jan  4 23:29 libBrokenLocale-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                23 Jan  4 23:29 libBrokenLocale.so.1 -> libBrokenLocale-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             71182 Jan  4 23:29 libSegFault.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             68768 Jan  4 23:29 libanl-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                14 Jan  4 23:29 libanl.so.1 -> libanl-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                16 Jan  4 23:29 libasan.so.0 -> libasan.so.0.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t            215896 Jan  4 23:29 libasan.so.0.0.0
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                18 Jan  4 23:29 libatomic.so.1 -> libatomic.so.1.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             35056 Jan  4 23:29 libatomic.so.1.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t           1946544 Jan  4 23:29 libc-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:29 libc.so.6 -> libc-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t            200408 Jan  4 23:29 libcidn-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                15 Jan  4 23:29 libcidn.so.1 -> libcidn-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             69416 Jan  4 23:29 libcrypt-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                16 Jan  4 23:29 libcrypt.so.1 -> libcrypt-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             68920 Jan  4 23:29 libdl-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                13 Jan  4 23:29 libdl.so.2 -> libdl-2.16.so
-r--r--r--    1 root     root     system_u:object_r:root_t            161643 Jan  4 23:29 libgcc_s.so.1
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                16 Jan  4 23:29 libgomp.so.1 -> libgomp.so.1.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             87728 Jan  4 23:29 libgomp.so.1.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t           1006288 Jan  4 23:29 libm-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:29 libm.so.6 -> libm-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             73221 Jan  4 23:29 libmemusage.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                19 Jan  4 23:29 libmudflap.so.0 -> libmudflap.so.0.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t            209120 Jan  4 23:29 libmudflap.so.0.0.0
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                21 Jan  4 23:29 libmudflapth.so.0 -> libmudflapth.so.0.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t            209592 Jan  4 23:29 libmudflapth.so.0.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t            140688 Jan  4 23:29 libnsl-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                14 Jan  4 23:29 libnsl.so.1 -> libnsl-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             70352 Jan  4 23:29 libnss_compat-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                21 Jan  4 23:29 libnss_compat.so.2 -> libnss_compat-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             71056 Jan  4 23:29 libnss_db-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                17 Jan  4 23:29 libnss_db.so.2 -> libnss_db-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             68520 Jan  4 23:29 libnss_dns-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                18 Jan  4 23:29 libnss_dns.so.2 -> libnss_dns-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             72024 Jan  4 23:29 libnss_files-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                20 Jan  4 23:29 libnss_files.so.2 -> libnss_files-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             69248 Jan  4 23:29 libnss_hesiod-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                21 Jan  4 23:29 libnss_hesiod.so.2 -> libnss_hesiod-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             70800 Jan  4 23:29 libnss_nis-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                18 Jan  4 23:29 libnss_nis.so.2 -> libnss_nis-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             71040 Jan  4 23:29 libnss_nisplus-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                22 Jan  4 23:29 libnss_nisplus.so.2 -> libnss_nisplus-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             70402 Jan  4 23:29 libpcprofile.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t            143640 Jan  4 23:29 libpthread-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                18 Jan  4 23:29 libpthread.so.0 -> libpthread-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t            138480 Jan  4 23:29 libresolv-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                17 Jan  4 23:29 libresolv.so.2 -> libresolv-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             71296 Jan  4 23:29 librt-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                13 Jan  4 23:29 librt.so.1 -> librt-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                15 Jan  4 23:29 libssp.so.0 -> libssp.so.0.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             11488 Jan  4 23:29 libssp.so.0.0.0
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                19 Jan  4 23:29 libstdc++.so.6 -> libstdc++.so.6.0.17
-r-xr-xr-x    1 root     root     system_u:object_r:root_t           1198520 Jan  4 23:29 libstdc++.so.6.0.17
-rw-r--r--    1 root     root     system_u:object_r:root_t              2436 Jan  4 23:29 libstdc++.so.6.0.17-gdb.py
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             70256 Jan  4 23:29 libthread_db-1.0.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                19 Jan  4 23:29 libthread_db.so.1 -> libthread_db-1.0.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                17 Jan  4 23:29 libubsan.so.0 -> libubsan.so.0.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t            606176 Jan  4 23:29 libubsan.so.0.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             68344 Jan  4 23:29 libutil-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                15 Jan  4 23:29 libutil.so.1 -> libutil-2.16.so
drwxr-xr-x    2 root     root     system_u:object_r:root_t              1440 Jan  4 23:29 octeon2
~ # ls -alZ drivers
drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:29 .
drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
-rw-r--r--    1 root     root     system_u:object_r:root_t             14558 Jan  4 23:29 pow_drv.ko
~ # 
~ # 
~ # ls -alZ tmp
drwxr-xr-x    2 root     root     system_u:object_r:root_t                40 Jan  4 23:09 .
drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
~ # 
~ # 
~ # 
~ # ls /
bin      etc      lib      lxc      proc     share    usr
dev      home     lib64    mnt      root     sys      var
drivers  init     linuxrc  mnth     sbin     tmp
~ # ls -alZ var/
drwxr-xr-x    6 root     root     system_u:object_r:root_t               120 Jan  6 12:37 .
drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
drwxr-xr-x    3 root     root     system_u:object_r:root_t                60 Jan  4 23:17 cache
drwxr-xr-x    4 root     root     system_u:object_r:root_t                80 Jan  4 23:17 lib
drwxr-xr-x    3 root     root     system_u:object_r:root_t                80 Jan  6 12:37 log
drwxr-xr-x    4 root     root     system_u:object_r:root_t               140 Jan  6 12:37 run
~ # 
 CTRL-A Z for help |115200 8N1 | NOR | Minicom 2.6.2  | VT102 |      Offline                                                                  

Re: Selinux context type is same for root & normal user both

[Ashish Mishra]

[-- Attachment #1: Type: text/plain, Size: 512 bytes --]

Hi Dominick ,

1) Thanks for pointers .
     I will look at the suggestion for login programs.

2) The major discrepancy which i am observing is all the folder and files across
     filesystem have same context "system_u:object_r:root_t"
     Like /etc ,  /var , /bin , /root etc all folders & files have
this same context .
     Attached is the context log for the folder.

Any feedback / pointer on point-2 will be helpful .
I will evaluate the point-1 as suggested .

Thanks for sharing valuable info.
Ashish

[-- Attachment #2: secontext-for-folders.txt --]
[-- Type: text/plain, Size: 32285 bytes --]

home # ps -Z
  PID CONTEXT                          STAT COMMAND
    1 system_u:system_r:kernel_t       S    init
    2 system_u:system_r:kernel_t       SW   [kthreadd]
    3 system_u:system_r:kernel_t       SW   [ksoftirqd/0]
    4 system_u:system_r:kernel_t       SW   [kworker/0:0]
    5 system_u:system_r:kernel_t       SW<  [kworker/0:0H]
    6 system_u:system_r:kernel_t       SW   [kworker/u8:0]
    7 system_u:system_r:kernel_t       SW   [rcu_sched]
    8 system_u:system_r:kernel_t       SW   [rcu_bh]
    9 system_u:system_r:kernel_t       SW   [migration/0]
   10 system_u:system_r:kernel_t       SW<  [lru-add-drain]
   11 system_u:system_r:kernel_t       SW   [cpuhp/0]
   12 system_u:system_r:kernel_t       SW   [kdevtmpfs]
   13 system_u:system_r:kernel_t       SW<  [netns]
   14 system_u:system_r:kernel_t       SW   [oom_reaper]
   15 system_u:system_r:kernel_t       SW   [kworker/u8:1]
  124 system_u:system_r:kernel_t       SW<  [writeback]
  126 system_u:system_r:kernel_t       SW   [kcompactd0]
  127 system_u:system_r:kernel_t       SW<  [bioset]
  129 system_u:system_r:kernel_t       SW<  [kblockd]
  151 system_u:system_r:kernel_t       SW   [kworker/0:1]
  167 system_u:system_r:kernel_t       SW   [kswapd0]
  168 system_u:system_r:kernel_t       SW<  [vmstat]
  787 system_u:system_r:kernel_t       SW<  [ipv6_addrconf]
  798 system_u:system_r:kernel_t       S    syslogd
  805 system_u:system_r:kernel_t       S<   auditd
  808 system_u:system_r:kernel_t       SW   [kauditd]
  859 system_u:system_r:kernel_t       R    /bin/sm_manager
  861 system_u:system_r:kernel_t       S    /bin/sh
  880 system_u:system_r:kernel_t       R    ps -Z
/home # 
/home # 
/home # 
/home # ls
test      testfile
/home # cd  
~ # ls
bin      etc      lib      lxc      proc     share    usr
dev      home     lib64    mnt      root     sys      var
drivers  init     linuxrc  mnth     sbin     tmp
~ # cd /etc/
/etc # ls
audisp         gshadow        mtab           selinux        udhcpd.conf
audit          host.conf      pam.d          sestatus.conf  xattr.conf
default        hosts          passwd         shadow
environment    inittab        protocols      subgid
fstab          libaudit.conf  rc.d           subuid
group          lxc            security       sysconfig
/etc # cd 
~ # ls
bin      etc      lib      lxc      proc     share    usr
dev      home     lib64    mnt      root     sys      var
drivers  init     linuxrc  mnth     sbin     tmp
~ # 
~ # 
~ # ls -alZ bin/
drwxr-xr-x    2 root     root     system_u:object_r:root_t              1620 Jan  4 23:29 .
drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 arch -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ash -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t           1267040 Jan  4 23:29 bash
-rwxr-xr-x    1 root     root     system_u:object_r:root_t           1593984 Jan  4 23:29 busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cat -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t              7664 Jan  4 23:29 cav_sh
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chattr -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chgrp -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chmod -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chown -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cp -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cttyhack -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 date -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 dd -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t               200 Jan  4 23:29 delete_smapp.sh
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 df -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 dmesg -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 echo -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 egrep -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 false -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fatattr -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fdflush -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fgrep -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fsync -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 getopt -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 grep -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 gunzip -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 gzip -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ionice -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 iostat -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 kill -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 link -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 linux32 -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 linux64 -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ln -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 login -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ls -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t              7736 Jan  4 23:29 lsmod
-rwxr-xr-x    1 root     root     system_u:object_r:root_t            128952 Jan  4 23:29 lspci
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mkdir -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mknod -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mktemp -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 more -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mount -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mountpoint -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mv -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 nice -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 nuke -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 pidof -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 pipe_progress -> /bin/busybox
~ # ls -alZ etc
drwxr-xr-x   11 root     root     system_u:object_r:root_t               560 Jan  6 12:37 .
drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
drwxr-xr-x    3 root     root     system_u:object_r:root_t               100 Jan  4 23:07 audisp
drwxr-xr-x    2 root     root     system_u:object_r:root_t                80 Jan  4 23:07 audit
drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:17 default
-rw-r--r--    1 root     root     system_u:object_r:root_t                97 Jan  4 23:17 environment
-rw-r--r--    1 root     root     system_u:object_r:root_t               330 Jan  4 23:09 fstab
-rw-r--r--    1 root     root     system_u:object_r:root_t                21 Jan  4 23:09 group
-rw-r--r--    1 root     root     system_u:object_r:root_t                 9 Jan  4 23:09 gshadow
-rw-r--r--    1 root     root     system_u:object_r:root_t                17 Jan  4 23:09 host.conf
-rw-r--r--    1 root     root     system_u:object_r:root_t                20 Jan  4 23:09 hosts
-rw-r--r--    1 root     root     system_u:object_r:root_t                55 Jan  4 23:09 inittab
-rw-r-----    1 root     root     system_u:object_r:root_t               191 Jan  4 23:07 libaudit.conf
drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:17 lxc
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mtab -> /proc/mounts
drwxr-xr-x    2 root     root     system_u:object_r:root_t                40 Jan  4 23:08 pam.d
-rw-r--r--    1 root     root     system_u:object_r:root_t                70 Jan  4 23:09 passwd
-rw-r--r--    1 root     root     system_u:object_r:root_t              6108 Jan  4 23:09 protocols
drwxr-xr-x    3 root     root     system_u:object_r:root_t                60 Jan  4 23:07 rc.d
drwxr-xr-x    4 root     root     system_u:object_r:root_t               260 Jan  4 23:18 security
drwxr-xr-x    3 root     root     system_u:object_r:root_t               100 Jan  4 23:29 selinux
-rw-r--r--    1 root     root     system_u:object_r:root_t               216 Jan  4 23:08 sestatus.conf
-rw-r--r--    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 shadow
-rw-r--r--    1 root     root     system_u:object_r:root_t                19 Jan  6 12:37 subgid
-rw-r--r--    1 root     root     system_u:object_r:root_t                19 Jan  6 12:37 subuid
drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:07 sysconfig
-rw-r--r--    1 root     root     system_u:object_r:root_t              3048 Jan  4 23:09 udhcpd.conf
-rw-r--r--    1 root     root     system_u:object_r:root_t               642 Jan  4 23:13 xattr.conf
~ # ls
bin      etc      lib      lxc      proc     share    usr
dev      home     lib64    mnt      root     sys      var
drivers  init     linuxrc  mnth     sbin     tmp
~ # ^C
~ # ls -alZ bin
drwxr-xr-x    2 root     root     system_u:object_r:root_t              1620 Jan  4 23:29 .
drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 arch -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ash -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t           1267040 Jan  4 23:29 bash
-rwxr-xr-x    1 root     root     system_u:object_r:root_t           1593984 Jan  4 23:29 busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cat -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t              7664 Jan  4 23:29 cav_sh
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chattr -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chgrp -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chmod -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chown -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cp -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cttyhack -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 date -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 dd -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t               200 Jan  4 23:29 delete_smapp.sh
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 df -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 dmesg -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 echo -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 egrep -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 false -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fatattr -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fdflush -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fgrep -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fsync -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 getopt -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 grep -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 gunzip -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 gzip -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ionice -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 iostat -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 kill -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 link -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 linux32 -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 linux64 -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ln -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 login -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ls -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t              7736 Jan  4 23:29 lsmod
-rwxr-xr-x    1 root     root     system_u:object_r:root_t            128952 Jan  4 23:29 lspci
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mkdir -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mknod -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mktemp -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 more -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mount -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mountpoint -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mv -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 nice -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 nuke -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 pidof -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 pipe_progress -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t             13397 Jan  4 23:29 pow_test
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 printenv -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ps -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 pwd -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 resume -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 rev -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 rm -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 rmdir -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 sed -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t             61160 Jan  4 23:29 setpci
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 setpriv -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 sh -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 sleep -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t            298279 Jan  4 23:29 sm_manager
-rwxr-xr-x    1 root     root     system_u:object_r:root_t               781 Jan  4 23:29 smapp_manage.sh
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 stat -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 stty -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 su -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 sync -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 tar -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 touch -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 true -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 umount -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 uname -> /bin/busybox
-rwxr-xr-x    1 root     root     system_u:object_r:root_t              1340 Jan  4 23:29 upgrade_smapp.sh
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 usleep -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 vi -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 watch -> /bin/busybox
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 zcat -> /bin/busybox
~ # ls -alZ etc
drwxr-xr-x   11 root     root     system_u:object_r:root_t               560 Jan  6 12:37 .
drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
drwxr-xr-x    3 root     root     system_u:object_r:root_t               100 Jan  4 23:07 audisp
drwxr-xr-x    2 root     root     system_u:object_r:root_t                80 Jan  4 23:07 audit
drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:17 default
-rw-r--r--    1 root     root     system_u:object_r:root_t                97 Jan  4 23:17 environment
-rw-r--r--    1 root     root     system_u:object_r:root_t               330 Jan  4 23:09 fstab
-rw-r--r--    1 root     root     system_u:object_r:root_t                21 Jan  4 23:09 group
-rw-r--r--    1 root     root     system_u:object_r:root_t                 9 Jan  4 23:09 gshadow
-rw-r--r--    1 root     root     system_u:object_r:root_t                17 Jan  4 23:09 host.conf
-rw-r--r--    1 root     root     system_u:object_r:root_t                20 Jan  4 23:09 hosts
-rw-r--r--    1 root     root     system_u:object_r:root_t                55 Jan  4 23:09 inittab
-rw-r-----    1 root     root     system_u:object_r:root_t               191 Jan  4 23:07 libaudit.conf
drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:17 lxc
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mtab -> /proc/mounts
drwxr-xr-x    2 root     root     system_u:object_r:root_t                40 Jan  4 23:08 pam.d
-rw-r--r--    1 root     root     system_u:object_r:root_t                70 Jan  4 23:09 passwd
-rw-r--r--    1 root     root     system_u:object_r:root_t              6108 Jan  4 23:09 protocols
drwxr-xr-x    3 root     root     system_u:object_r:root_t                60 Jan  4 23:07 rc.d
drwxr-xr-x    4 root     root     system_u:object_r:root_t               260 Jan  4 23:18 security
drwxr-xr-x    3 root     root     system_u:object_r:root_t               100 Jan  4 23:29 selinux
-rw-r--r--    1 root     root     system_u:object_r:root_t               216 Jan  4 23:08 sestatus.conf
-rw-r--r--    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 shadow
-rw-r--r--    1 root     root     system_u:object_r:root_t                19 Jan  6 12:37 subgid
-rw-r--r--    1 root     root     system_u:object_r:root_t                19 Jan  6 12:37 subuid
drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:07 sysconfig
-rw-r--r--    1 root     root     system_u:object_r:root_t              3048 Jan  4 23:09 udhcpd.conf
-rw-r--r--    1 root     root     system_u:object_r:root_t               642 Jan  4 23:13 xattr.conf
~ # ls -alZ lib
drwxr-xr-x    3 root     root     system_u:object_r:root_t                60 Jan  4 23:07 .
drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
drwxr-xr-x    3 root     root     system_u:object_r:root_t                60 Jan  4 23:07 modules
~ # ls -alZ li
lib/     lib64/   linuxrc
~ # ls -alZ li
lib/     lib64/   linuxrc
~ # ls -alZ li64
ls: li64: No such file or directory
~ # ls -alZ lib64
drwxr-xr-x    3 root     root     system_u:object_r:root_t              1320 Jan  4 23:29 .
drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
-r-xr-xr-x    1 root     root     system_u:object_r:root_t            210624 Jan  4 23:29 ld-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                10 Jan  4 23:29 ld.so.1 -> ld-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             67824 Jan  4 23:29 libBrokenLocale-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                23 Jan  4 23:29 libBrokenLocale.so.1 -> libBrokenLocale-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             71182 Jan  4 23:29 libSegFault.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             68768 Jan  4 23:29 libanl-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                14 Jan  4 23:29 libanl.so.1 -> libanl-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                16 Jan  4 23:29 libasan.so.0 -> libasan.so.0.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t            215896 Jan  4 23:29 libasan.so.0.0.0
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                18 Jan  4 23:29 libatomic.so.1 -> libatomic.so.1.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             35056 Jan  4 23:29 libatomic.so.1.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t           1946544 Jan  4 23:29 libc-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:29 libc.so.6 -> libc-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t            200408 Jan  4 23:29 libcidn-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                15 Jan  4 23:29 libcidn.so.1 -> libcidn-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             69416 Jan  4 23:29 libcrypt-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                16 Jan  4 23:29 libcrypt.so.1 -> libcrypt-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             68920 Jan  4 23:29 libdl-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                13 Jan  4 23:29 libdl.so.2 -> libdl-2.16.so
-r--r--r--    1 root     root     system_u:object_r:root_t            161643 Jan  4 23:29 libgcc_s.so.1
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                16 Jan  4 23:29 libgomp.so.1 -> libgomp.so.1.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             87728 Jan  4 23:29 libgomp.so.1.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t           1006288 Jan  4 23:29 libm-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:29 libm.so.6 -> libm-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             73221 Jan  4 23:29 libmemusage.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                19 Jan  4 23:29 libmudflap.so.0 -> libmudflap.so.0.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t            209120 Jan  4 23:29 libmudflap.so.0.0.0
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                21 Jan  4 23:29 libmudflapth.so.0 -> libmudflapth.so.0.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t            209592 Jan  4 23:29 libmudflapth.so.0.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t            140688 Jan  4 23:29 libnsl-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                14 Jan  4 23:29 libnsl.so.1 -> libnsl-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             70352 Jan  4 23:29 libnss_compat-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                21 Jan  4 23:29 libnss_compat.so.2 -> libnss_compat-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             71056 Jan  4 23:29 libnss_db-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                17 Jan  4 23:29 libnss_db.so.2 -> libnss_db-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             68520 Jan  4 23:29 libnss_dns-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                18 Jan  4 23:29 libnss_dns.so.2 -> libnss_dns-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             72024 Jan  4 23:29 libnss_files-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                20 Jan  4 23:29 libnss_files.so.2 -> libnss_files-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             69248 Jan  4 23:29 libnss_hesiod-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                21 Jan  4 23:29 libnss_hesiod.so.2 -> libnss_hesiod-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             70800 Jan  4 23:29 libnss_nis-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                18 Jan  4 23:29 libnss_nis.so.2 -> libnss_nis-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             71040 Jan  4 23:29 libnss_nisplus-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                22 Jan  4 23:29 libnss_nisplus.so.2 -> libnss_nisplus-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             70402 Jan  4 23:29 libpcprofile.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t            143640 Jan  4 23:29 libpthread-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                18 Jan  4 23:29 libpthread.so.0 -> libpthread-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t            138480 Jan  4 23:29 libresolv-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                17 Jan  4 23:29 libresolv.so.2 -> libresolv-2.16.so
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             71296 Jan  4 23:29 librt-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                13 Jan  4 23:29 librt.so.1 -> librt-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                15 Jan  4 23:29 libssp.so.0 -> libssp.so.0.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             11488 Jan  4 23:29 libssp.so.0.0.0
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                19 Jan  4 23:29 libstdc++.so.6 -> libstdc++.so.6.0.17
-r-xr-xr-x    1 root     root     system_u:object_r:root_t           1198520 Jan  4 23:29 libstdc++.so.6.0.17
-rw-r--r--    1 root     root     system_u:object_r:root_t              2436 Jan  4 23:29 libstdc++.so.6.0.17-gdb.py
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             70256 Jan  4 23:29 libthread_db-1.0.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                19 Jan  4 23:29 libthread_db.so.1 -> libthread_db-1.0.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                17 Jan  4 23:29 libubsan.so.0 -> libubsan.so.0.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t            606176 Jan  4 23:29 libubsan.so.0.0.0
-r-xr-xr-x    1 root     root     system_u:object_r:root_t             68344 Jan  4 23:29 libutil-2.16.so
lrwxrwxrwx    1 root     root     system_u:object_r:root_t                15 Jan  4 23:29 libutil.so.1 -> libutil-2.16.so
drwxr-xr-x    2 root     root     system_u:object_r:root_t              1440 Jan  4 23:29 octeon2
~ # ls -alZ drivers
drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:29 .
drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
-rw-r--r--    1 root     root     system_u:object_r:root_t             14558 Jan  4 23:29 pow_drv.ko
~ # 
~ # 
~ # ls -alZ tmp
drwxr-xr-x    2 root     root     system_u:object_r:root_t                40 Jan  4 23:09 .
drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
~ # 
~ # 
~ # 
~ # ls /
bin      etc      lib      lxc      proc     share    usr
dev      home     lib64    mnt      root     sys      var
drivers  init     linuxrc  mnth     sbin     tmp
~ # ls -alZ var/
drwxr-xr-x    6 root     root     system_u:object_r:root_t               120 Jan  6 12:37 .
drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
drwxr-xr-x    3 root     root     system_u:object_r:root_t                60 Jan  4 23:17 cache
drwxr-xr-x    4 root     root     system_u:object_r:root_t                80 Jan  4 23:17 lib
drwxr-xr-x    3 root     root     system_u:object_r:root_t                80 Jan  6 12:37 log
drwxr-xr-x    4 root     root     system_u:object_r:root_t               140 Jan  6 12:37 run
~ # 
 CTRL-A Z for help |115200 8N1 | NOR | Minicom 2.6.2  | VT102 |      Offline                                                                  

Re: Selinux context type is same for root & normal user both

[Dominick Grift]

Ashish Mishra <ashishm@mvista.com> writes:

> Hi Dominick ,
>
> 1) Thanks for pointers .
>      I will look at the suggestion for login programs.
>
> 2) The major discrepancy which i am observing is all the folder and files across
>      filesystem have same context "system_u:object_r:root_t"
>      Like /etc ,  /var , /bin , /root etc all folders & files have
> this same context .
>      Attached is the context log for the folder.

Can you also enclose the output of the `mount` command? It might help to
give us an idea of your filesystem requirements


>
> Any feedback / pointer on point-2 will be helpful .
> I will evaluate the point-1 as suggested .
>
> Thanks for sharing valuable info.
> Ashish
>
> home # ps -Z
>   PID CONTEXT                          STAT COMMAND
>     1 system_u:system_r:kernel_t       S    init
>     2 system_u:system_r:kernel_t       SW   [kthreadd]
>     3 system_u:system_r:kernel_t       SW   [ksoftirqd/0]
>     4 system_u:system_r:kernel_t       SW   [kworker/0:0]
>     5 system_u:system_r:kernel_t       SW<  [kworker/0:0H]
>     6 system_u:system_r:kernel_t       SW   [kworker/u8:0]
>     7 system_u:system_r:kernel_t       SW   [rcu_sched]
>     8 system_u:system_r:kernel_t       SW   [rcu_bh]
>     9 system_u:system_r:kernel_t       SW   [migration/0]
>    10 system_u:system_r:kernel_t       SW<  [lru-add-drain]
>    11 system_u:system_r:kernel_t       SW   [cpuhp/0]
>    12 system_u:system_r:kernel_t       SW   [kdevtmpfs]
>    13 system_u:system_r:kernel_t       SW<  [netns]
>    14 system_u:system_r:kernel_t       SW   [oom_reaper]
>    15 system_u:system_r:kernel_t       SW   [kworker/u8:1]
>   124 system_u:system_r:kernel_t       SW<  [writeback]
>   126 system_u:system_r:kernel_t       SW   [kcompactd0]
>   127 system_u:system_r:kernel_t       SW<  [bioset]
>   129 system_u:system_r:kernel_t       SW<  [kblockd]
>   151 system_u:system_r:kernel_t       SW   [kworker/0:1]
>   167 system_u:system_r:kernel_t       SW   [kswapd0]
>   168 system_u:system_r:kernel_t       SW<  [vmstat]
>   787 system_u:system_r:kernel_t       SW<  [ipv6_addrconf]
>   798 system_u:system_r:kernel_t       S    syslogd
>   805 system_u:system_r:kernel_t       S<   auditd
>   808 system_u:system_r:kernel_t       SW   [kauditd]
>   859 system_u:system_r:kernel_t       R    /bin/sm_manager
>   861 system_u:system_r:kernel_t       S    /bin/sh
>   880 system_u:system_r:kernel_t       R    ps -Z
> /home # 
> /home # 
> /home # 
> /home # ls
> test      testfile
> /home # cd  
> ~ # ls
> bin      etc      lib      lxc      proc     share    usr
> dev      home     lib64    mnt      root     sys      var
> drivers  init     linuxrc  mnth     sbin     tmp
> ~ # cd /etc/
> /etc # ls
> audisp         gshadow        mtab           selinux        udhcpd.conf
> audit          host.conf      pam.d          sestatus.conf  xattr.conf
> default        hosts          passwd         shadow
> environment    inittab        protocols      subgid
> fstab          libaudit.conf  rc.d           subuid
> group          lxc            security       sysconfig
> /etc # cd 
> ~ # ls
> bin      etc      lib      lxc      proc     share    usr
> dev      home     lib64    mnt      root     sys      var
> drivers  init     linuxrc  mnth     sbin     tmp
> ~ # 
> ~ # 
> ~ # ls -alZ bin/
> drwxr-xr-x    2 root     root     system_u:object_r:root_t              1620 Jan  4 23:29 .
> drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 arch -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ash -> /bin/busybox
> -rwxr-xr-x    1 root     root     system_u:object_r:root_t           1267040 Jan  4 23:29 bash
> -rwxr-xr-x    1 root     root     system_u:object_r:root_t           1593984 Jan  4 23:29 busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cat -> /bin/busybox
> -rwxr-xr-x    1 root     root     system_u:object_r:root_t              7664 Jan  4 23:29 cav_sh
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chattr -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chgrp -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chmod -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chown -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cp -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cttyhack -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 date -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 dd -> /bin/busybox
> -rwxr-xr-x    1 root     root     system_u:object_r:root_t               200 Jan  4 23:29 delete_smapp.sh
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 df -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 dmesg -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 echo -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 egrep -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 false -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fatattr -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fdflush -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fgrep -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fsync -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 getopt -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 grep -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 gunzip -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 gzip -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ionice -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 iostat -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 kill -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 link -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 linux32 -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 linux64 -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ln -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 login -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ls -> /bin/busybox
> -rwxr-xr-x    1 root     root     system_u:object_r:root_t              7736 Jan  4 23:29 lsmod
> -rwxr-xr-x    1 root     root     system_u:object_r:root_t            128952 Jan  4 23:29 lspci
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mkdir -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mknod -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mktemp -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 more -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mount -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mountpoint -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mv -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 nice -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 nuke -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 pidof -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 pipe_progress -> /bin/busybox
> ~ # ls -alZ etc
> drwxr-xr-x   11 root     root     system_u:object_r:root_t               560 Jan  6 12:37 .
> drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
> drwxr-xr-x    3 root     root     system_u:object_r:root_t               100 Jan  4 23:07 audisp
> drwxr-xr-x    2 root     root     system_u:object_r:root_t                80 Jan  4 23:07 audit
> drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:17 default
> -rw-r--r--    1 root     root     system_u:object_r:root_t                97 Jan  4 23:17 environment
> -rw-r--r--    1 root     root     system_u:object_r:root_t               330 Jan  4 23:09 fstab
> -rw-r--r--    1 root     root     system_u:object_r:root_t                21 Jan  4 23:09 group
> -rw-r--r--    1 root     root     system_u:object_r:root_t                 9 Jan  4 23:09 gshadow
> -rw-r--r--    1 root     root     system_u:object_r:root_t                17 Jan  4 23:09 host.conf
> -rw-r--r--    1 root     root     system_u:object_r:root_t                20 Jan  4 23:09 hosts
> -rw-r--r--    1 root     root     system_u:object_r:root_t                55 Jan  4 23:09 inittab
> -rw-r-----    1 root     root     system_u:object_r:root_t               191 Jan  4 23:07 libaudit.conf
> drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:17 lxc
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mtab -> /proc/mounts
> drwxr-xr-x    2 root     root     system_u:object_r:root_t                40 Jan  4 23:08 pam.d
> -rw-r--r--    1 root     root     system_u:object_r:root_t                70 Jan  4 23:09 passwd
> -rw-r--r--    1 root     root     system_u:object_r:root_t              6108 Jan  4 23:09 protocols
> drwxr-xr-x    3 root     root     system_u:object_r:root_t                60 Jan  4 23:07 rc.d
> drwxr-xr-x    4 root     root     system_u:object_r:root_t               260 Jan  4 23:18 security
> drwxr-xr-x    3 root     root     system_u:object_r:root_t               100 Jan  4 23:29 selinux
> -rw-r--r--    1 root     root     system_u:object_r:root_t               216 Jan  4 23:08 sestatus.conf
> -rw-r--r--    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 shadow
> -rw-r--r--    1 root     root     system_u:object_r:root_t                19 Jan  6 12:37 subgid
> -rw-r--r--    1 root     root     system_u:object_r:root_t                19 Jan  6 12:37 subuid
> drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:07 sysconfig
> -rw-r--r--    1 root     root     system_u:object_r:root_t              3048 Jan  4 23:09 udhcpd.conf
> -rw-r--r--    1 root     root     system_u:object_r:root_t               642 Jan  4 23:13 xattr.conf
> ~ # ls
> bin      etc      lib      lxc      proc     share    usr
> dev      home     lib64    mnt      root     sys      var
> drivers  init     linuxrc  mnth     sbin     tmp
> ~ # ^C
> ~ # ls -alZ bin
> drwxr-xr-x    2 root     root     system_u:object_r:root_t              1620 Jan  4 23:29 .
> drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 arch -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ash -> /bin/busybox
> -rwxr-xr-x    1 root     root     system_u:object_r:root_t           1267040 Jan  4 23:29 bash
> -rwxr-xr-x    1 root     root     system_u:object_r:root_t           1593984 Jan  4 23:29 busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cat -> /bin/busybox
> -rwxr-xr-x    1 root     root     system_u:object_r:root_t              7664 Jan  4 23:29 cav_sh
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chattr -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chgrp -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chmod -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 chown -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cp -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cttyhack -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 date -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 dd -> /bin/busybox
> -rwxr-xr-x    1 root     root     system_u:object_r:root_t               200 Jan  4 23:29 delete_smapp.sh
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 df -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 dmesg -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 echo -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 egrep -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 false -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fatattr -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fdflush -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fgrep -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 fsync -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 getopt -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 grep -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 gunzip -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 gzip -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ionice -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 iostat -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 kill -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 link -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 linux32 -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 linux64 -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ln -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 login -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ls -> /bin/busybox
> -rwxr-xr-x    1 root     root     system_u:object_r:root_t              7736 Jan  4 23:29 lsmod
> -rwxr-xr-x    1 root     root     system_u:object_r:root_t            128952 Jan  4 23:29 lspci
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mkdir -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mknod -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mktemp -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 more -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mount -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mountpoint -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mv -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 nice -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 nuke -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 pidof -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 pipe_progress -> /bin/busybox
> -rwxr-xr-x    1 root     root     system_u:object_r:root_t             13397 Jan  4 23:29 pow_test
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 printenv -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ps -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 pwd -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 resume -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 rev -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 rm -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 rmdir -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 sed -> /bin/busybox
> -rwxr-xr-x    1 root     root     system_u:object_r:root_t             61160 Jan  4 23:29 setpci
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 setpriv -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 sh -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 sleep -> /bin/busybox
> -rwxr-xr-x    1 root     root     system_u:object_r:root_t            298279 Jan  4 23:29 sm_manager
> -rwxr-xr-x    1 root     root     system_u:object_r:root_t               781 Jan  4 23:29 smapp_manage.sh
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 stat -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 stty -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 su -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 sync -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 tar -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 touch -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 true -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 umount -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 uname -> /bin/busybox
> -rwxr-xr-x    1 root     root     system_u:object_r:root_t              1340 Jan  4 23:29 upgrade_smapp.sh
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 usleep -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 vi -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 watch -> /bin/busybox
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 zcat -> /bin/busybox
> ~ # ls -alZ etc
> drwxr-xr-x   11 root     root     system_u:object_r:root_t               560 Jan  6 12:37 .
> drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
> drwxr-xr-x    3 root     root     system_u:object_r:root_t               100 Jan  4 23:07 audisp
> drwxr-xr-x    2 root     root     system_u:object_r:root_t                80 Jan  4 23:07 audit
> drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:17 default
> -rw-r--r--    1 root     root     system_u:object_r:root_t                97 Jan  4 23:17 environment
> -rw-r--r--    1 root     root     system_u:object_r:root_t               330 Jan  4 23:09 fstab
> -rw-r--r--    1 root     root     system_u:object_r:root_t                21 Jan  4 23:09 group
> -rw-r--r--    1 root     root     system_u:object_r:root_t                 9 Jan  4 23:09 gshadow
> -rw-r--r--    1 root     root     system_u:object_r:root_t                17 Jan  4 23:09 host.conf
> -rw-r--r--    1 root     root     system_u:object_r:root_t                20 Jan  4 23:09 hosts
> -rw-r--r--    1 root     root     system_u:object_r:root_t                55 Jan  4 23:09 inittab
> -rw-r-----    1 root     root     system_u:object_r:root_t               191 Jan  4 23:07 libaudit.conf
> drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:17 lxc
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mtab -> /proc/mounts
> drwxr-xr-x    2 root     root     system_u:object_r:root_t                40 Jan  4 23:08 pam.d
> -rw-r--r--    1 root     root     system_u:object_r:root_t                70 Jan  4 23:09 passwd
> -rw-r--r--    1 root     root     system_u:object_r:root_t              6108 Jan  4 23:09 protocols
> drwxr-xr-x    3 root     root     system_u:object_r:root_t                60 Jan  4 23:07 rc.d
> drwxr-xr-x    4 root     root     system_u:object_r:root_t               260 Jan  4 23:18 security
> drwxr-xr-x    3 root     root     system_u:object_r:root_t               100 Jan  4 23:29 selinux
> -rw-r--r--    1 root     root     system_u:object_r:root_t               216 Jan  4 23:08 sestatus.conf
> -rw-r--r--    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 shadow
> -rw-r--r--    1 root     root     system_u:object_r:root_t                19 Jan  6 12:37 subgid
> -rw-r--r--    1 root     root     system_u:object_r:root_t                19 Jan  6 12:37 subuid
> drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:07 sysconfig
> -rw-r--r--    1 root     root     system_u:object_r:root_t              3048 Jan  4 23:09 udhcpd.conf
> -rw-r--r--    1 root     root     system_u:object_r:root_t               642 Jan  4 23:13 xattr.conf
> ~ # ls -alZ lib
> drwxr-xr-x    3 root     root     system_u:object_r:root_t                60 Jan  4 23:07 .
> drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
> drwxr-xr-x    3 root     root     system_u:object_r:root_t                60 Jan  4 23:07 modules
> ~ # ls -alZ li
> lib/     lib64/   linuxrc
> ~ # ls -alZ li
> lib/     lib64/   linuxrc
> ~ # ls -alZ li64
> ls: li64: No such file or directory
> ~ # ls -alZ lib64
> drwxr-xr-x    3 root     root     system_u:object_r:root_t              1320 Jan  4 23:29 .
> drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t            210624 Jan  4 23:29 ld-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                10 Jan  4 23:29 ld.so.1 -> ld-2.16.so
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             67824 Jan  4 23:29 libBrokenLocale-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                23 Jan  4 23:29 libBrokenLocale.so.1 -> libBrokenLocale-2.16.so
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             71182 Jan  4 23:29 libSegFault.so
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             68768 Jan  4 23:29 libanl-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                14 Jan  4 23:29 libanl.so.1 -> libanl-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                16 Jan  4 23:29 libasan.so.0 -> libasan.so.0.0.0
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t            215896 Jan  4 23:29 libasan.so.0.0.0
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                18 Jan  4 23:29 libatomic.so.1 -> libatomic.so.1.0.0
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             35056 Jan  4 23:29 libatomic.so.1.0.0
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t           1946544 Jan  4 23:29 libc-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:29 libc.so.6 -> libc-2.16.so
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t            200408 Jan  4 23:29 libcidn-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                15 Jan  4 23:29 libcidn.so.1 -> libcidn-2.16.so
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             69416 Jan  4 23:29 libcrypt-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                16 Jan  4 23:29 libcrypt.so.1 -> libcrypt-2.16.so
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             68920 Jan  4 23:29 libdl-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                13 Jan  4 23:29 libdl.so.2 -> libdl-2.16.so
> -r--r--r--    1 root     root     system_u:object_r:root_t            161643 Jan  4 23:29 libgcc_s.so.1
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                16 Jan  4 23:29 libgomp.so.1 -> libgomp.so.1.0.0
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             87728 Jan  4 23:29 libgomp.so.1.0.0
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t           1006288 Jan  4 23:29 libm-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:29 libm.so.6 -> libm-2.16.so
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             73221 Jan  4 23:29 libmemusage.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                19 Jan  4 23:29 libmudflap.so.0 -> libmudflap.so.0.0.0
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t            209120 Jan  4 23:29 libmudflap.so.0.0.0
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                21 Jan  4 23:29 libmudflapth.so.0 -> libmudflapth.so.0.0.0
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t            209592 Jan  4 23:29 libmudflapth.so.0.0.0
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t            140688 Jan  4 23:29 libnsl-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                14 Jan  4 23:29 libnsl.so.1 -> libnsl-2.16.so
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             70352 Jan  4 23:29 libnss_compat-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                21 Jan  4 23:29 libnss_compat.so.2 -> libnss_compat-2.16.so
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             71056 Jan  4 23:29 libnss_db-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                17 Jan  4 23:29 libnss_db.so.2 -> libnss_db-2.16.so
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             68520 Jan  4 23:29 libnss_dns-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                18 Jan  4 23:29 libnss_dns.so.2 -> libnss_dns-2.16.so
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             72024 Jan  4 23:29 libnss_files-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                20 Jan  4 23:29 libnss_files.so.2 -> libnss_files-2.16.so
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             69248 Jan  4 23:29 libnss_hesiod-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                21 Jan  4 23:29 libnss_hesiod.so.2 -> libnss_hesiod-2.16.so
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             70800 Jan  4 23:29 libnss_nis-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                18 Jan  4 23:29 libnss_nis.so.2 -> libnss_nis-2.16.so
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             71040 Jan  4 23:29 libnss_nisplus-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                22 Jan  4 23:29 libnss_nisplus.so.2 -> libnss_nisplus-2.16.so
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             70402 Jan  4 23:29 libpcprofile.so
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t            143640 Jan  4 23:29 libpthread-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                18 Jan  4 23:29 libpthread.so.0 -> libpthread-2.16.so
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t            138480 Jan  4 23:29 libresolv-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                17 Jan  4 23:29 libresolv.so.2 -> libresolv-2.16.so
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             71296 Jan  4 23:29 librt-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                13 Jan  4 23:29 librt.so.1 -> librt-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                15 Jan  4 23:29 libssp.so.0 -> libssp.so.0.0.0
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             11488 Jan  4 23:29 libssp.so.0.0.0
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                19 Jan  4 23:29 libstdc++.so.6 -> libstdc++.so.6.0.17
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t           1198520 Jan  4 23:29 libstdc++.so.6.0.17
> -rw-r--r--    1 root     root     system_u:object_r:root_t              2436 Jan  4 23:29 libstdc++.so.6.0.17-gdb.py
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             70256 Jan  4 23:29 libthread_db-1.0.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                19 Jan  4 23:29 libthread_db.so.1 -> libthread_db-1.0.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                17 Jan  4 23:29 libubsan.so.0 -> libubsan.so.0.0.0
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t            606176 Jan  4 23:29 libubsan.so.0.0.0
> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             68344 Jan  4 23:29 libutil-2.16.so
> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                15 Jan  4 23:29 libutil.so.1 -> libutil-2.16.so
> drwxr-xr-x    2 root     root     system_u:object_r:root_t              1440 Jan  4 23:29 octeon2
> ~ # ls -alZ drivers
> drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:29 .
> drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
> -rw-r--r--    1 root     root     system_u:object_r:root_t             14558 Jan  4 23:29 pow_drv.ko
> ~ # 
> ~ # 
> ~ # ls -alZ tmp
> drwxr-xr-x    2 root     root     system_u:object_r:root_t                40 Jan  4 23:09 .
> drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
> ~ # 
> ~ # 
> ~ # 
> ~ # ls /
> bin      etc      lib      lxc      proc     share    usr
> dev      home     lib64    mnt      root     sys      var
> drivers  init     linuxrc  mnth     sbin     tmp
> ~ # ls -alZ var/
> drwxr-xr-x    6 root     root     system_u:object_r:root_t               120 Jan  6 12:37 .
> drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
> drwxr-xr-x    3 root     root     system_u:object_r:root_t                60 Jan  4 23:17 cache
> drwxr-xr-x    4 root     root     system_u:object_r:root_t                80 Jan  4 23:17 lib
> drwxr-xr-x    3 root     root     system_u:object_r:root_t                80 Jan  6 12:37 log
> drwxr-xr-x    4 root     root     system_u:object_r:root_t               140 Jan  6 12:37 run
> ~ # 
>  CTRL-A Z for help |115200 8N1 | NOR | Minicom 2.6.2  | VT102 |      Offline                                                                  
>
>

-- 
gpg --locate-keys dominick.grift@defensec.nl
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
Dominick Grift

Re: Selinux context type is same for root & normal user both

[Dominick Grift]

Dominick Grift <dominick.grift@defensec.nl> writes:

> Ashish Mishra <ashishm@mvista.com> writes:
>
>> Hi Dominick ,
>>
>> 1) Thanks for pointers .
>>      I will look at the suggestion for login programs.
>>
>> 2) The major discrepancy which i am observing is all the folder and files across
>>      filesystem have same context "system_u:object_r:root_t"
>>      Like /etc ,  /var , /bin , /root etc all folders & files have
>> this same context .
>>      Attached is the context log for the folder.
>
> Can you also enclose the output of the `mount` command? It might help to
> give us an idea of your filesystem requirements

It is probably not a good idea (and not needed) to have auditd on these types of systems
by the way

>
>
>>
>> Any feedback / pointer on point-2 will be helpful .
>> I will evaluate the point-1 as suggested .
>>
>> Thanks for sharing valuable info.
>> Ashish
>>
>> home # ps -Z
>>   PID CONTEXT                          STAT COMMAND
>>     1 system_u:system_r:kernel_t       S    init
>>     2 system_u:system_r:kernel_t       SW   [kthreadd]
>>     3 system_u:system_r:kernel_t       SW   [ksoftirqd/0]
>>     4 system_u:system_r:kernel_t       SW   [kworker/0:0]
>>     5 system_u:system_r:kernel_t       SW<  [kworker/0:0H]
>>     6 system_u:system_r:kernel_t       SW   [kworker/u8:0]
>>     7 system_u:system_r:kernel_t       SW   [rcu_sched]
>>     8 system_u:system_r:kernel_t       SW   [rcu_bh]
>>     9 system_u:system_r:kernel_t       SW   [migration/0]
>>    10 system_u:system_r:kernel_t       SW<  [lru-add-drain]
>>    11 system_u:system_r:kernel_t       SW   [cpuhp/0]
>>    12 system_u:system_r:kernel_t       SW   [kdevtmpfs]
>>    13 system_u:system_r:kernel_t       SW<  [netns]
>>    14 system_u:system_r:kernel_t       SW   [oom_reaper]
>>    15 system_u:system_r:kernel_t       SW   [kworker/u8:1]
>>   124 system_u:system_r:kernel_t       SW<  [writeback]
>>   126 system_u:system_r:kernel_t       SW   [kcompactd0]
>>   127 system_u:system_r:kernel_t       SW<  [bioset]
>>   129 system_u:system_r:kernel_t       SW<  [kblockd]
>>   151 system_u:system_r:kernel_t       SW   [kworker/0:1]
>>   167 system_u:system_r:kernel_t       SW   [kswapd0]
>>   168 system_u:system_r:kernel_t       SW<  [vmstat]
>>   787 system_u:system_r:kernel_t       SW<  [ipv6_addrconf]
>>   798 system_u:system_r:kernel_t       S    syslogd
>>   805 system_u:system_r:kernel_t       S<   auditd
>>   808 system_u:system_r:kernel_t       SW   [kauditd]
>>   859 system_u:system_r:kernel_t       R    /bin/sm_manager
>>   861 system_u:system_r:kernel_t       S    /bin/sh
>>   880 system_u:system_r:kernel_t       R    ps -Z
>> /home # 
>> /home # 
>> /home # 
>> /home # ls
>> test      testfile
>> /home # cd  
>> ~ # ls
>> bin      etc      lib      lxc      proc     share    usr
>> dev      home     lib64    mnt      root     sys      var
>> drivers  init     linuxrc  mnth     sbin     tmp
>> ~ # cd /etc/
>> /etc # ls
>> audisp         gshadow        mtab           selinux        udhcpd.conf
>> audit          host.conf      pam.d          sestatus.conf  xattr.conf
>> default        hosts          passwd         shadow
>> environment    inittab        protocols      subgid
>> fstab          libaudit.conf  rc.d           subuid
>> group          lxc            security       sysconfig
>> /etc # cd 
>> ~ # ls
>> bin      etc      lib      lxc      proc     share    usr
>> dev      home     lib64    mnt      root     sys      var
>> drivers  init     linuxrc  mnth     sbin     tmp
>> ~ # 
>> ~ # 
>> ~ # ls -alZ bin/
>> drwxr-xr-x    2 root     root     system_u:object_r:root_t              1620 Jan  4 23:29 .
>> drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 arch -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ash -> /bin/busybox
>> -rwxr-xr-x    1 root     root     system_u:object_r:root_t           1267040 Jan  4 23:29 bash
>> -rwxr-xr-x    1 root     root     system_u:object_r:root_t           1593984 Jan  4 23:29 busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cat -> /bin/busybox
>> -rwxr-xr-x    1 root     root     system_u:object_r:root_t              7664 Jan  4 23:29 cav_sh
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> chattr -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 chgrp
> -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 chmod
> -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 chown
> -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cp -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> cttyhack -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 date -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 dd -> /bin/busybox
>> -rwxr-xr-x    1 root     root     system_u:object_r:root_t               200 Jan  4 23:29 delete_smapp.sh
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 df -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 dmesg
> -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 echo -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 egrep
> -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 false
> -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> fatattr -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> fdflush -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 fgrep
> -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 fsync
> -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> getopt -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 grep -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> gunzip -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 gzip -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> ionice -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> iostat -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 kill -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 link -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> linux32 -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> linux64 -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ln -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 login
> -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ls -> /bin/busybox
>> -rwxr-xr-x    1 root     root     system_u:object_r:root_t              7736 Jan  4 23:29 lsmod
>> -rwxr-xr-x    1 root     root     system_u:object_r:root_t            128952 Jan  4 23:29 lspci
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 mkdir
> -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 mknod
> -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> mktemp -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 more -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 mount
> -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> mountpoint -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mv -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 nice -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 nuke -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 pidof
> -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> pipe_progress -> /bin/busybox
>> ~ # ls -alZ etc
>> drwxr-xr-x   11 root     root     system_u:object_r:root_t               560 Jan  6 12:37 .
>> drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
>> drwxr-xr-x    3 root     root     system_u:object_r:root_t               100 Jan  4 23:07 audisp
>> drwxr-xr-x    2 root     root     system_u:object_r:root_t                80 Jan  4 23:07 audit
>> drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:17 default
>> -rw-r--r--    1 root     root     system_u:object_r:root_t                97 Jan  4 23:17 environment
>> -rw-r--r--    1 root     root     system_u:object_r:root_t               330 Jan  4 23:09 fstab
>> -rw-r--r--    1 root     root     system_u:object_r:root_t                21 Jan  4 23:09 group
>> -rw-r--r--    1 root     root     system_u:object_r:root_t                 9 Jan  4 23:09 gshadow
>> -rw-r--r--    1 root     root     system_u:object_r:root_t                17 Jan  4 23:09 host.conf
>> -rw-r--r--    1 root     root     system_u:object_r:root_t                20 Jan  4 23:09 hosts
>> -rw-r--r--    1 root     root     system_u:object_r:root_t                55 Jan  4 23:09 inittab
>> -rw-r-----    1 root     root     system_u:object_r:root_t               191 Jan  4 23:07 libaudit.conf
>> drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:17 lxc
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mtab -> /proc/mounts
>> drwxr-xr-x    2 root     root     system_u:object_r:root_t                40 Jan  4 23:08 pam.d
>> -rw-r--r--    1 root     root     system_u:object_r:root_t                70 Jan  4 23:09 passwd
>> -rw-r--r--    1 root     root     system_u:object_r:root_t              6108 Jan  4 23:09 protocols
>> drwxr-xr-x    3 root     root     system_u:object_r:root_t                60 Jan  4 23:07 rc.d
>> drwxr-xr-x    4 root     root     system_u:object_r:root_t               260 Jan  4 23:18 security
>> drwxr-xr-x    3 root     root     system_u:object_r:root_t               100 Jan  4 23:29 selinux
>> -rw-r--r--    1 root     root     system_u:object_r:root_t               216 Jan  4 23:08 sestatus.conf
>> -rw-r--r--    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 shadow
>> -rw-r--r--    1 root     root     system_u:object_r:root_t                19 Jan  6 12:37 subgid
>> -rw-r--r--    1 root     root     system_u:object_r:root_t                19 Jan  6 12:37 subuid
>> drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:07 sysconfig
>> -rw-r--r--    1 root     root     system_u:object_r:root_t              3048 Jan  4 23:09 udhcpd.conf
>> -rw-r--r--    1 root     root     system_u:object_r:root_t               642 Jan  4 23:13 xattr.conf
>> ~ # ls
>> bin      etc      lib      lxc      proc     share    usr
>> dev      home     lib64    mnt      root     sys      var
>> drivers  init     linuxrc  mnth     sbin     tmp
>> ~ # ^C
>> ~ # ls -alZ bin
>> drwxr-xr-x    2 root     root     system_u:object_r:root_t              1620 Jan  4 23:29 .
>> drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 arch -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ash -> /bin/busybox
>> -rwxr-xr-x    1 root     root     system_u:object_r:root_t           1267040 Jan  4 23:29 bash
>> -rwxr-xr-x    1 root     root     system_u:object_r:root_t           1593984 Jan  4 23:29 busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cat -> /bin/busybox
>> -rwxr-xr-x    1 root     root     system_u:object_r:root_t              7664 Jan  4 23:29 cav_sh
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> chattr -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 chgrp
> -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 chmod
> -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 chown
> -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 cp -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> cttyhack -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 date -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 dd -> /bin/busybox
>> -rwxr-xr-x    1 root     root     system_u:object_r:root_t               200 Jan  4 23:29 delete_smapp.sh
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 df -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 dmesg
> -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 echo -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 egrep
> -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 false
> -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> fatattr -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> fdflush -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 fgrep
> -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 fsync
> -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> getopt -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 grep -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> gunzip -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 gzip -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> ionice -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> iostat -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 kill -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 link -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> linux32 -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> linux64 -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ln -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 login
> -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ls -> /bin/busybox
>> -rwxr-xr-x    1 root     root     system_u:object_r:root_t              7736 Jan  4 23:29 lsmod
>> -rwxr-xr-x    1 root     root     system_u:object_r:root_t            128952 Jan  4 23:29 lspci
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 mkdir
> -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 mknod
> -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> mktemp -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 more -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 mount
> -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> mountpoint -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mv -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 nice -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 nuke -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 pidof
> -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> pipe_progress -> /bin/busybox
>> -rwxr-xr-x    1 root     root     system_u:object_r:root_t             13397 Jan  4 23:29 pow_test
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> printenv -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 ps -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 pwd -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> resume -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 rev -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 rm -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 rmdir
> -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 sed -> /bin/busybox
>> -rwxr-xr-x    1 root     root     system_u:object_r:root_t             61160 Jan  4 23:29 setpci
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> setpriv -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 sh -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 sleep
> -> /bin/busybox
>> -rwxr-xr-x    1 root     root     system_u:object_r:root_t            298279 Jan  4 23:29 sm_manager
>> -rwxr-xr-x    1 root     root     system_u:object_r:root_t               781 Jan  4 23:29 smapp_manage.sh
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 stat -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 stty -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 su -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 sync -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 tar -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 touch
> -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 true -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> umount -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 uname
> -> /bin/busybox
>> -rwxr-xr-x    1 root     root     system_u:object_r:root_t              1340 Jan  4 23:29 upgrade_smapp.sh
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09
> usleep -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 vi -> /bin/busybox
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:09 watch
> -> /bin/busybox
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 zcat -> /bin/busybox
>> ~ # ls -alZ etc
>> drwxr-xr-x   11 root     root     system_u:object_r:root_t               560 Jan  6 12:37 .
>> drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
>> drwxr-xr-x    3 root     root     system_u:object_r:root_t               100 Jan  4 23:07 audisp
>> drwxr-xr-x    2 root     root     system_u:object_r:root_t                80 Jan  4 23:07 audit
>> drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:17 default
>> -rw-r--r--    1 root     root     system_u:object_r:root_t                97 Jan  4 23:17 environment
>> -rw-r--r--    1 root     root     system_u:object_r:root_t               330 Jan  4 23:09 fstab
>> -rw-r--r--    1 root     root     system_u:object_r:root_t                21 Jan  4 23:09 group
>> -rw-r--r--    1 root     root     system_u:object_r:root_t                 9 Jan  4 23:09 gshadow
>> -rw-r--r--    1 root     root     system_u:object_r:root_t                17 Jan  4 23:09 host.conf
>> -rw-r--r--    1 root     root     system_u:object_r:root_t                20 Jan  4 23:09 hosts
>> -rw-r--r--    1 root     root     system_u:object_r:root_t                55 Jan  4 23:09 inittab
>> -rw-r-----    1 root     root     system_u:object_r:root_t               191 Jan  4 23:07 libaudit.conf
>> drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:17 lxc
>> lrwxrwxrwx    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 mtab -> /proc/mounts
>> drwxr-xr-x    2 root     root     system_u:object_r:root_t                40 Jan  4 23:08 pam.d
>> -rw-r--r--    1 root     root     system_u:object_r:root_t                70 Jan  4 23:09 passwd
>> -rw-r--r--    1 root     root     system_u:object_r:root_t              6108 Jan  4 23:09 protocols
>> drwxr-xr-x    3 root     root     system_u:object_r:root_t                60 Jan  4 23:07 rc.d
>> drwxr-xr-x    4 root     root     system_u:object_r:root_t               260 Jan  4 23:18 security
>> drwxr-xr-x    3 root     root     system_u:object_r:root_t               100 Jan  4 23:29 selinux
>> -rw-r--r--    1 root     root     system_u:object_r:root_t               216 Jan  4 23:08 sestatus.conf
>> -rw-r--r--    1 root     root     system_u:object_r:root_t                12 Jan  4 23:09 shadow
>> -rw-r--r--    1 root     root     system_u:object_r:root_t                19 Jan  6 12:37 subgid
>> -rw-r--r--    1 root     root     system_u:object_r:root_t                19 Jan  6 12:37 subuid
>> drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:07 sysconfig
>> -rw-r--r--    1 root     root     system_u:object_r:root_t              3048 Jan  4 23:09 udhcpd.conf
>> -rw-r--r--    1 root     root     system_u:object_r:root_t               642 Jan  4 23:13 xattr.conf
>> ~ # ls -alZ lib
>> drwxr-xr-x    3 root     root     system_u:object_r:root_t                60 Jan  4 23:07 .
>> drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
>> drwxr-xr-x    3 root     root     system_u:object_r:root_t                60 Jan  4 23:07 modules
>> ~ # ls -alZ li
>> lib/     lib64/   linuxrc
>> ~ # ls -alZ li
>> lib/     lib64/   linuxrc
>> ~ # ls -alZ li64
>> ls: li64: No such file or directory
>> ~ # ls -alZ lib64
>> drwxr-xr-x    3 root     root     system_u:object_r:root_t              1320 Jan  4 23:29 .
>> drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t            210624 Jan  4 23:29 ld-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 10 Jan 4 23:29
> ld.so.1 -> ld-2.16.so
>> -r-xr-xr-x 1 root root system_u:object_r:root_t 67824 Jan 4 23:29
> libBrokenLocale-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 23 Jan 4 23:29
> libBrokenLocale.so.1 -> libBrokenLocale-2.16.so
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             71182 Jan  4 23:29 libSegFault.so
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             68768 Jan  4 23:29 libanl-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 14 Jan 4 23:29
> libanl.so.1 -> libanl-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 16 Jan 4 23:29
> libasan.so.0 -> libasan.so.0.0.0
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t            215896 Jan  4 23:29 libasan.so.0.0.0
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 18 Jan 4 23:29
> libatomic.so.1 -> libatomic.so.1.0.0
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             35056 Jan  4 23:29 libatomic.so.1.0.0
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t           1946544 Jan  4 23:29 libc-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:29
> libc.so.6 -> libc-2.16.so
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t            200408 Jan  4 23:29 libcidn-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 15 Jan 4 23:29
> libcidn.so.1 -> libcidn-2.16.so
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             69416 Jan  4 23:29 libcrypt-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 16 Jan 4 23:29
> libcrypt.so.1 -> libcrypt-2.16.so
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             68920 Jan  4 23:29 libdl-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 13 Jan 4 23:29
> libdl.so.2 -> libdl-2.16.so
>> -r--r--r--    1 root     root     system_u:object_r:root_t            161643 Jan  4 23:29 libgcc_s.so.1
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 16 Jan 4 23:29
> libgomp.so.1 -> libgomp.so.1.0.0
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             87728 Jan  4 23:29 libgomp.so.1.0.0
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t           1006288 Jan  4 23:29 libm-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 12 Jan 4 23:29
> libm.so.6 -> libm-2.16.so
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             73221 Jan  4 23:29 libmemusage.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 19 Jan 4 23:29
> libmudflap.so.0 -> libmudflap.so.0.0.0
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t            209120 Jan  4 23:29 libmudflap.so.0.0.0
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 21 Jan 4 23:29
> libmudflapth.so.0 -> libmudflapth.so.0.0.0
>> -r-xr-xr-x 1 root root system_u:object_r:root_t 209592 Jan 4 23:29
> libmudflapth.so.0.0.0
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t            140688 Jan  4 23:29 libnsl-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 14 Jan 4 23:29
> libnsl.so.1 -> libnsl-2.16.so
>> -r-xr-xr-x 1 root root system_u:object_r:root_t 70352 Jan 4 23:29
> libnss_compat-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 21 Jan 4 23:29
> libnss_compat.so.2 -> libnss_compat-2.16.so
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             71056 Jan  4 23:29 libnss_db-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 17 Jan 4 23:29
> libnss_db.so.2 -> libnss_db-2.16.so
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             68520 Jan  4 23:29 libnss_dns-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 18 Jan 4 23:29
> libnss_dns.so.2 -> libnss_dns-2.16.so
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             72024 Jan  4 23:29 libnss_files-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 20 Jan 4 23:29
> libnss_files.so.2 -> libnss_files-2.16.so
>> -r-xr-xr-x 1 root root system_u:object_r:root_t 69248 Jan 4 23:29
> libnss_hesiod-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 21 Jan 4 23:29
> libnss_hesiod.so.2 -> libnss_hesiod-2.16.so
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             70800 Jan  4 23:29 libnss_nis-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 18 Jan 4 23:29
> libnss_nis.so.2 -> libnss_nis-2.16.so
>> -r-xr-xr-x 1 root root system_u:object_r:root_t 71040 Jan 4 23:29
> libnss_nisplus-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 22 Jan 4 23:29
> libnss_nisplus.so.2 -> libnss_nisplus-2.16.so
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             70402 Jan  4 23:29 libpcprofile.so
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t            143640 Jan  4 23:29 libpthread-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 18 Jan 4 23:29
> libpthread.so.0 -> libpthread-2.16.so
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t            138480 Jan  4 23:29 libresolv-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 17 Jan 4 23:29
> libresolv.so.2 -> libresolv-2.16.so
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             71296 Jan  4 23:29 librt-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 13 Jan 4 23:29
> librt.so.1 -> librt-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 15 Jan 4 23:29
> libssp.so.0 -> libssp.so.0.0.0
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             11488 Jan  4 23:29 libssp.so.0.0.0
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 19 Jan 4 23:29
> libstdc++.so.6 -> libstdc++.so.6.0.17
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t           1198520 Jan  4 23:29 libstdc++.so.6.0.17
>> -rw-r--r-- 1 root root system_u:object_r:root_t 2436 Jan 4 23:29
> libstdc++.so.6.0.17-gdb.py
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             70256 Jan  4 23:29 libthread_db-1.0.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 19 Jan 4 23:29
> libthread_db.so.1 -> libthread_db-1.0.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 17 Jan 4 23:29
> libubsan.so.0 -> libubsan.so.0.0.0
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t            606176 Jan  4 23:29 libubsan.so.0.0.0
>> -r-xr-xr-x    1 root     root     system_u:object_r:root_t             68344 Jan  4 23:29 libutil-2.16.so
>> lrwxrwxrwx 1 root root system_u:object_r:root_t 15 Jan 4 23:29
> libutil.so.1 -> libutil-2.16.so
>> drwxr-xr-x    2 root     root     system_u:object_r:root_t              1440 Jan  4 23:29 octeon2
>> ~ # ls -alZ drivers
>> drwxr-xr-x    2 root     root     system_u:object_r:root_t                60 Jan  4 23:29 .
>> drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
>> -rw-r--r--    1 root     root     system_u:object_r:root_t             14558 Jan  4 23:29 pow_drv.ko
>> ~ # 
>> ~ # 
>> ~ # ls -alZ tmp
>> drwxr-xr-x    2 root     root     system_u:object_r:root_t                40 Jan  4 23:09 .
>> drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
>> ~ # 
>> ~ # 
>> ~ # 
>> ~ # ls /
>> bin      etc      lib      lxc      proc     share    usr
>> dev      home     lib64    mnt      root     sys      var
>> drivers  init     linuxrc  mnth     sbin     tmp
>> ~ # ls -alZ var/
>> drwxr-xr-x    6 root     root     system_u:object_r:root_t               120 Jan  6 12:37 .
>> drwxr-xr-x   20 root     root     system_u:object_r:root_t               460 Jan  6 12:38 ..
>> drwxr-xr-x    3 root     root     system_u:object_r:root_t                60 Jan  4 23:17 cache
>> drwxr-xr-x    4 root     root     system_u:object_r:root_t                80 Jan  4 23:17 lib
>> drwxr-xr-x    3 root     root     system_u:object_r:root_t                80 Jan  6 12:37 log
>> drwxr-xr-x    4 root     root     system_u:object_r:root_t               140 Jan  6 12:37 run
>> ~ # 
>> CTRL-A Z for help |115200 8N1 | NOR | Minicom 2.6.2 | VT102 |
> Offline
>>
>>

-- 
gpg --locate-keys dominick.grift@defensec.nl
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
Dominick Grift