Linux pstree
May 20th, 2008 — maxwell#pstree –help
I didn’t realize this before, but you can get an SELinux security context listing based on running processes with the Linux pstree command.
# pstree -n -p -Z
init(1,`system_u:system_r:init_t')
├─httpd(5396,`user_u:system_r:initrc_t')
│ ├─httpd(5398,`user_u:system_r:initrc_t')
│ ├─httpd(5399,`user_u:system_r:initrc_t')
│ ├─httpd(5400,`user_u:system_r:initrc_t')
│ ├─httpd(5401,`user_u:system_r:initrc_t')
│ ├─httpd(5402,`user_u:system_r:initrc_t')
│ ├─httpd(5403,`user_u:system_r:initrc_t')
│ ├─httpd(5404,`user_u:system_r:initrc_t')
│ └─httpd(5405,`user_u:system_r:initrc_t')
├─sunbird(7502,`user_u:system_r:unconfined_t')
│ └─run-mozilla.sh(7516,`user_u:system_r:unconfined_t')
│ └─sunbird-bin(7521,`user_u:system_r:unconfined_t')
│ ├─{sunbird-bin}(7524,`user_u:system_r:unconfined_t')
│ ├─{sunbird-bin}(7525,`user_u:system_r:unconfined_t')
│ ├─{sunbird-bin}(7526,`user_u:system_r:unconfined_t')
│ ├─{sunbird-bin}(7530,`user_u:system_r:unconfined_t')
│ └─{sunbird-bin}(7531,`user_u:system_r:unconfined_t')
Obviously I snipped a ton output, but in that last command you’d get output sorted by PID, displayed with the process ID, and then the SELinux security context applied. Sweet. SELinux still makes me scratch my head sometimes.