How can I use docker without sudo?

Question

Syfer Polski

Asked: 2020-03-27 07:55:28 +0800 CST2020-03-27 07:55:28 +0800 CST 2020-03-27 07:55:28 +0800 CST

How to view SELinux context of a file?

772

I've extracted the userdata partition(ext4 format) from my Android phone and mounted it on Kubuntu 19.10. I was trying to figure out what the . in ls -l output stood for and eventually discovered it represents an SELinux context. However, I'm not sure how to view these SELinux ACLs. What's the SELinux equivalent of getfacl?

pshem@computer:~/research_android/data_partition$ ls -l
total 352
drwx------.   2 root  root   4096 Jan  1  2010 adb
drwxrwxr-x.   2 root  root   4096 Mar 20 09:07 aee_exp
drwxrwxr-x.   3 pshem pshem  4096 Feb  6 02:01 anr
drwxrwxrwx.   2 root  root   4096 Jan  1  2010 APN
drwxrwx--x.  36 pshem pshem  4096 Mar 20 11:36 app
drwx------.   2 root  root   4096 Jan  1  2010 app-asec
drwxrwx--x.   2 pshem pshem  4096 Jan  1  2010 app-ephemeral
drwxrwx--x.   2 pshem pshem  4096 Jan  1  2010 app-lib
drwxrwx--x.   2 pshem pshem  4096 Jan  1  2010 app-private
drwx------.   6 pshem pshem  4096 Mar 20 11:36 backup
drwxr-xr-x.   2  2000  2000  4096 Jan  1  2010 bootchart
drwxrwx---.   5 pshem  2001  4096 Jan  1  2010 cache
drwxrwxrwx.   2 root  root   4096 Jan  1  2010 Carrier
drwxrwxrwx.   2 root  root  16384 Jan  1  2010 CarrierConfig
drwxrwxr-x.   3  2000 pshem  4096 Jan  1  2010 connsyslog
drwxrwxr-x.   2 pshem pshem  4096 Jan  1  2010 core
drwxrwx--x.   4 root  root   4096 Feb  6 04:46 dalvik-cache
drwxrwx--x. 137 pshem pshem 12288 Mar 20 11:36 data
drwxrwx---.   2  1019  1019  4096 Jan  1  2010 drm
drwxrwxr-x.   2 pshem pshem  4096 Jan  1  2010 dumpsys
drwxrwx--x.   3 pshem pshem  4096 Jan  1  2010 faceunlock
drwxr-x--x.   4 root  root   4096 Jan  1  2010 local
drwxr-xr-x.   2 pshem pshem  4096 Jan  1  2010 log_temp
drwxrwx---.   2 root  root  16384 Jan  1  2010 lost+found
drwxrwxr-x.   3  2000 pshem  4096 Jan  1  2010 mdlog
drwxrwx---.   4  1023  1023  4096 Jan  1  2010 media
drwxrwx---.   2  1031  1031  4096 Jan  1  2010 mediadrm
drwxrwx--t.  43 pshem  9998  4096 Jan  1  2010 misc
drwxrwx--t.   3 pshem  9998  4096 Jan  1  2010 misc_ce
drwxrwx--t.   3 pshem  9998  4096 Jan  1  2010 misc_de
drwxrwx---.   3  1027  1027  4096 Jan  1  2010 nfc
drwxrwx--x.   2 root  root   4096 Feb  6 04:46 ota
drwxrwx---.   2 pshem  2001  4096 Feb  6 04:49 ota_package
drwxrwxr-x.   5 pshem pshem  4096 Jan  1  2010 preloads
drwx------.   2 root  root   4096 Mar 20 11:46 property
drwxrwx--x.   2 pshem pshem  4096 Jan  1  2010 resource-cache
drwx------.   2 pshem pshem  4096 Jan  1  2010 ss
drwxrwxr-x.  19 pshem pshem  4096 Mar 20 11:40 system
drwxrwx---.   3 pshem pshem  4096 Jan  1  2010 system_ce
drwxrwx---.   3 pshem pshem  4096 Feb 21 04:34 system_de
drwxrwx--x.   2 pshem pshem  4096 Jan  1  2010 tombstones
drwx------.   3 root  root   4096 Jan  1  2010 unencrypted
drwx--x--x.   2 pshem pshem  4096 Jan  1  2010 user
drwx--x--x.   3 pshem pshem  4096 Jan  1  2010 user_de
drwxrwx--x.  25 root  root   4096 Jan  1  2010 vendor
drwxrwx--x.   3 root  root   4096 Jan  1  2010 vendor_ce
drwxrwx--x.   3 root  root   4096 Jan  1  2010 vendor_de

Based on it's manual entry, secon --file should work, but it only outputs secon: SELinux is not enabled

SELinux ACL source

1 Answers

Voted

Syfer Polski · Answer 1 · 2020-03-27T07:55:28+08:00

ls -Z is able to parse SELinux ACLs and display them in a readable format:

pshem@computer:~/research_android/data_partition$ ls -Z
          u:object_r:adb_data_file:s0 adb                    u:object_r:mdlog_data_file:s0 mdlog
      u:object_r:aee_exp_data_file:s0 aee_exp             u:object_r:media_rw_data_file:s0 media
          u:object_r:anr_data_file:s0 anr                    u:object_r:media_data_file:s0 mediadrm
       u:object_r:system_data_file:s0 APN                   u:object_r:system_data_file:s0 misc
          u:object_r:apk_data_file:s0 app                   u:object_r:system_data_file:s0 misc_ce
        u:object_r:asec_image_file:s0 app-asec              u:object_r:system_data_file:s0 misc_de
       u:object_r:system_data_file:s0 app-ephemeral         u:object_r:system_data_file:s0 nfc
       u:object_r:system_data_file:s0 app-lib                  u:object_r:ota_data_file:s0 ota
  u:object_r:apk_private_data_file:s0 app-private           u:object_r:ota_package_file:s0 ota_package
       u:object_r:backup_data_file:s0 backup              u:object_r:preloads_data_file:s0 preloads
    u:object_r:bootchart_data_file:s0 bootchart           u:object_r:property_data_file:s0 property
             u:object_r:cache_file:s0 cache          u:object_r:resourcecache_data_file:s0 resource-cache
       u:object_r:system_data_file:s0 Carrier               u:object_r:system_data_file:s0 ss
       u:object_r:system_data_file:s0 CarrierConfig         u:object_r:system_data_file:s0 system
    u:object_r:consyslog_data_file:s0 connsyslog            u:object_r:system_data_file:s0 system_ce
     u:object_r:aee_core_data_file:s0 core                  u:object_r:system_data_file:s0 system_de
  u:object_r:dalvikcache_data_file:s0 dalvik-cache       u:object_r:tombstone_data_file:s0 tombstones
       u:object_r:system_data_file:s0 data             u:object_r:unencrypted_data_file:s0 unencrypted
          u:object_r:drm_data_file:s0 drm                   u:object_r:system_data_file:s0 user
  u:object_r:aee_dumpsys_data_file:s0 dumpsys               u:object_r:system_data_file:s0 user_de
        u:object_r:faceunlock_file:s0 faceunlock            u:object_r:vendor_data_file:s0 vendor
       u:object_r:system_data_file:s0 local                 u:object_r:vendor_data_file:s0 vendor_ce
      u:object_r:logtemp_data_file:s0 log_temp              u:object_r:vendor_data_file:s0 vendor_de
       u:object_r:system_data_file:s0 lost+found

PS. I was only able to answer my own question because the similar questions StackOverflow suggested contained a few hints about the . in drwxrwxrwx..

How to view SELinux context of a file?

How to install Google Chrome

Is there a command to list all users? Also to add, delete, modify users, in the terminal?

How to delete a non-empty directory in Terminal?

How to unzip a zip file from the Terminal?

How can I copy the contents of a folder to another folder in a different directory using terminal?

How do I install a .deb file via the command line?

How do I run .sh scripts?

How do I install a .tar.gz (or .tar.bz2) file?

How to list all installed packages

Unable to lock the administration directory (/var/lib/dpkg/) is another process using it?