[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

22. SELinux context

This section describes commands for operations with SELinux contexts.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

22.1 chcon: Change SELinux context of file

chcon changes the SELinux security context of the selected files. Synopses:

 
chcon [option]… context file…
chcon [option]… [-u user] [-r role] [-l range] [-t type] file…
chcon [option]… --reference=rfile file

Change the SELinux security context of each file to context. With `--reference', change the security context of each file to that of rfile.

The program accepts the following options. Also see Common options.

`-h'
`--no-dereference'

Affect symbolic links instead of any referenced file.

`--reference=rfile'

Use rfile's security context rather than specifying a context value.

`-R'
`--recursive'

Operate on files and directories recursively.

`-H'

If `--recursive' (`-R') is specified and a command line argument is a symbolic link to a directory, traverse it. See section Traversing symlinks.

`-L'

In a recursive traversal, traverse every symbolic link to a directory that is encountered. See section Traversing symlinks.

`-P'

Do not traverse any symbolic links. This is the default if none of `-H', `-L', or `-P' is specified. See section Traversing symlinks.

`-v'
`--verbose'

Output a diagnostic for every file processed.

`-u user'
`--user=user'

Set user user in the target security context.

`-r role'
`--role=role'

Set role role in the target security context.

`-t type'
`--type=type'

Set type type in the target security context.

`-l range'
`--range=range'

Set range range in the target security context.

An exit status of zero indicates success, and a nonzero value indicates failure.


[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

22.2 runcon: Run a command in specified SELinux context

runcon runs file in specified SELinux security context.

Synopses:

 
runcon context command [args]
runcon [ -c ] [-u user] [-r role] [-t type] [-l range] command [args]

Run command with completely-specified context, or with current or transitioned security context modified by one or more of level, role, type and user.

If none of `-c', `-t', `-u', `-r', or `-l' is specified, the first argument is used as the complete context. Any additional arguments after command are interpreted as arguments to the command.

With neither context nor command, print the current security context.

The program accepts the following options. Also see Common options.

`-c'
`--compute'

Compute process transition context before modifying.

`-u user'
`--user=user'

Set user user in the target security context.

`-r role'
`--role=role'

Set role role in the target security context.

`-t type'
`--type=type'

Set type type in the target security context.

`-l range'
`--range=range'

Set range range in the target security context.

Exit status:

 
126 if command is found but cannot be invoked
127 if runcon itself fails or if command cannot be found
the exit status of command otherwise

[ << ] [ >> ]           [Top] [Contents] [Index] [ ? ]

This document was generated on January, 20 2010 using texi2html 1.76.