coreutils: runcon invocation
1
1 22.2 ‘runcon’: Run a command in specified SELinux context
1 =========================================================
1
1 ‘runcon’ runs file in specified SELinux security context.
1
1 Synopses:
1 runcon CONTEXT COMMAND [ARGS]
1 runcon [ -c ] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [ARGS]
1
1 Run COMMAND with completely-specified CONTEXT, or with current or
1 transitioned security context modified by one or more of LEVEL, ROLE,
1 TYPE and USER.
1
1 If none of ‘-c’, ‘-t’, ‘-u’, ‘-r’, or ‘-l’ is specified, the first
1 argument is used as the complete context. Any additional arguments
1 after COMMAND are interpreted as arguments to the command.
1
1 With neither CONTEXT nor COMMAND, print the current security context.
1
1 Note also the ‘setpriv’ command which can be used to set the
1 NO_NEW_PRIVS bit using ‘setpriv --no-new-privs runcon ...’, thus
1 disallowing usage of a security context with more privileges than the
1 process would normally have.
1
11 ‘runcon’ accepts the following options. Also see ⇒Common
options.
1
1 ‘-c’
1 ‘--compute’
1 Compute process transition context before modifying.
1
1 ‘-u USER’
1 ‘--user=USER’
1 Set user USER in the target security context.
1
1 ‘-r ROLE’
1 ‘--role=ROLE’
1 Set role ROLE in the target security context.
1
1 ‘-t TYPE’
1 ‘--type=TYPE’
1 Set type TYPE in the target security context.
1
1 ‘-l RANGE’
1 ‘--range=RANGE’
1 Set range RANGE in the target security context.
1
1 Exit status:
1
1 126 if COMMAND is found but cannot be invoked
1 127 if ‘runcon’ itself fails or if COMMAND cannot be found
1 the exit status of COMMAND otherwise
1