1. Program: usually a binary program, placed in a storage medium and saved in the form of a physical file
2. Process: After the program is started, the permissions and attributes of the executor, the program code and required data of the program will be loaded into the memory, and the operating system will give the memory unit an identifier (PID), It can be said that a process is a running program
3. Processes are related to each other, so there are parent processes and child processes. The parent process of all processes in the Linux system is the process with PID No. 1 init.
4. The process call in Linux is usually called the process of fork-and-exec. The process will generate an identical child process by copying (fork) through the parent process, and then the copied child process will be exec. Execute the actual process to be carried out, and eventually become the existence of a child process
5. The processes resident in memory are usually responsible for some functions provided by the system to serve the tasks of users, so these resident processes are called services (daemons)
6. In job control, the environment where a prompt can appear for you to operate is called the foreground, as for other jobs, you can put it into the background to pause or run
7. Keys and keywords related to job control include & , [ctrl]-z, jobs , fg, bg, kill %n, etc.
8. The viewing commands of process management include ps.top, pstree, etc.
9. The processes can control each other, and the transmitted information (signal) is mainly processed by the kill command
10. The process has priority. This option is Priority, but the PR is dynamically adjusted by the kernel. The user can only use the nice value to fine-tune the PRI.
11. The giving of nice can have commands such as nice, renice, top, etc.
12. vmstat is a very useful system resource usage view command,
13. SELinux was originally designed to avoid misuse of user resources, while SELinux uses MAC delegated access settings.
14. In the operation of SELinux, the focus is on whether the main process (Subject) can access the target file resource (Object), which involves the rules in the policy (Policy) and the actual security context type (Type)
15. The general setting of the security context is "Identify:role:type", of which type is the most important
16. There are three modes of SELinux: enforcing, permissive, and disabled, and the startup policy (Policy) is mainly targeted
17. The configuration file for SELinux startup and shutdown is in /etc/selinux/config
18. There are getenforce, sestatus and other commands to start and view SElinux
19. To reset the security context of SELinux, restorecon and chcon can be used
20. When SELinux starts, the necessary services should at least start the setroubleshoot
21. To manage the default SELinux boolean value, you can use getsebool, setsebool to manage