runcon invocation (GNU Coreutils 9.0)

From Get docs
Coreutils/docs/latest/runcon-invocation

Previous: chcon invocation, Up: SELinux context   [Contents][Index]


22.2 runcon: Run a command in specified SELinux context

runcon runs file in specified SELinux security context.

Synopses: 

runcon context command [args]
runcon [ -c ] [-u user] [-r role] [-t type] [-l range] command [args]

Run command with completely-specified context, or with current or transitioned security context modified by one or more of level, role, type and user.

If none of -c, -t, -u, -r, or -l is specified, the first argument is used as the complete context. Any additional arguments after command are interpreted as arguments to the command.

With neither context nor command, print the current security context.

Note also the setpriv command which can be used to set the NO_NEW_PRIVS bit using setpriv --no-new-privs runcon ..., thus disallowing usage of a security context with more privileges than the process would normally have.

runcon accepts the following options. Also see Common options.

-c
--compute

Compute process transition context before modifying.

-u user
--user=user

Set user user in the target security context.

-r role
--role=role

Set role role in the target security context.

-t type
--type=type

Set type type in the target security context.

-l range
--range=range

Set range range in the target security context.

Exit status: 

126 if command is found but cannot be invoked
127 if runcon itself fails or if command cannot be found
the exit status of command otherwise

Previous: chcon invocation, Up: SELinux context   [Contents][Index]


Retrieved from "https://getdocs.org/index.php?title=Coreutils/docs/latest/runcon-invocation&oldid=51476"
Powered by MediaWiki