manpagez: man pages & more
info coreutils
Home | html | info | man

File: coreutils.info,  Node: runcon invocation,  Prev: chcon invocation,  Up: SELinux context

22.2 ‘runcon’: Run a command in specified SELinux context
=========================================================

‘runcon’ runs file in specified SELinux security context.

   Synopses:
     runcon CONTEXT COMMAND [ARGS]
     runcon [ -c ] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [ARGS]

   Run COMMAND with completely-specified CONTEXT, or with current or
transitioned security context modified by one or more of LEVEL, ROLE,
TYPE and USER.

   If none of ‘-c’, ‘-t’, ‘-u’, ‘-r’, or ‘-l’ is specified, the first
argument is used as the complete context.  Any additional arguments
after COMMAND are interpreted as arguments to the command.

   With neither CONTEXT nor COMMAND, print the current security context.

   Note also the ‘setpriv’ command which can be used to set the
NO_NEW_PRIVS bit using ‘setpriv --no-new-privs runcon ...’, thus
disallowing usage of a security context with more privileges than the
process would normally have.

   ‘runcon’ accepts the following options.  Also see *note Common
options::.

‘-c’
‘--compute’
     Compute process transition context before modifying.

‘-u USER’
‘--user=USER’
     Set user USER in the target security context.

‘-r ROLE’
‘--role=ROLE’
     Set role ROLE in the target security context.

‘-t TYPE’
‘--type=TYPE’
     Set type TYPE in the target security context.

‘-l RANGE’
‘--range=RANGE’
     Set range RANGE in the target security context.

   Exit status:

     125 if ‘runcon’ itself fails
     126 if COMMAND is found but cannot be invoked
     127 if COMMAND cannot be found
     the exit status of COMMAND otherwise

© manpagez.com 2000-2024
Individual documents may contain additional copyright information.