runcon

v0.0.28

runcon [CONTEXT COMMAND [ARG...]]
runcon [-c] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [ARG...]

Run command with specified security context under SELinux enabled systems.

Options

--compute, -c: Compute process transition context before modifying.
--user=<USER>, -u <USER>: Set user USER in the target security context.
--role=<ROLE>, -r <ROLE>: Set role ROLE in the target security context.
--type=<TYPE>, -t <TYPE>: Set type TYPE in the target security context.
--range=<RANGE>, -l <RANGE>: Set range RANGE in the target security context.

Run COMMAND with completely-specified CONTEXT, or with current or transitioned security context modified by one or more of LEVEL, ROLE, TYPE, and USER.

If none of --compute, --type, --user, --role or --range is specified, then the first argument is used as the complete context.

Note that only carefully-chosen contexts are likely to successfully run.

If neither CONTEXT nor COMMAND is specified, the current security context is printed.

Examples

Print the security context of the current execution context:

runcon

Specify the domain to run a command in:

runcon -t {{domain}}_t {{command}}

Specify the context role to run a command with:

runcon -r {{role}}_r {{command}}

Specify the full context to run a command with:

runcon {{user}}_u:{{role}}_r:{{domain}}_t {{command}}

The examples are provided by the tldr-pages project under the CC BY 4.0 License.

Please note that, as uutils is a work in progress, some examples might fail.

uutils Documentation

runcon

Options

Examples