getpidcon_raw - Linux

Overview

getpidcon_raw is a Linux command used to retrieve the security context of the current process in raw format. It is most commonly used in security contexts to analyze and troubleshoot process-level access control and labeling.

Syntax

getpidcon_raw [OPTION...]

Options/Flags

-c, –canonicalize
Canonicalize the security context. Format the output in the friendly, human-readable format.

-s, –short
Shorten the output format to only display the context.

-e, –enforce
Enforce mode. Check if the process has the specified context.

Examples

Display the current process’s security context in raw format:

$ getpidcon_raw
system_u:system_r:unconfined_t

Canonicalize the security context to human-readable format:

$ getpidcon_raw -c
system_u:system_r:unconfined_t:s0

Check if the process has a specific security context:

$ getpidcon_raw -e 'system_u:system_r:init_t'

Common Issues

• If the binary is not setuid, it will fail with Permission denied.

Integration

Combine with ps to show security contexts for all processes:

$ ps -eo pid,user,command,con=getpidcon_raw

Related Commands

• getenforce – Get the current SELinux enforcement mode.
• chcon – Change the security context of a file or directory.
• sestatus – Show the SELinux status.