Previous: chcon invocation, Up: SELinux context [Contents][Index]
runcon
: Run a command in specified SELinux context
runcon
runs file in specified SELinux security context.
Synopses:
runcon context command [args] runcon [ -c ] [-u user] [-r role] [-t type] [-l range] command [args]
Run command
with completely-specified context
, or with
current or transitioned security context modified by one or more of level
,
role
, type
and user
.
If none of -c
, -t
, -u
, -r
, or -l
is specified, the first argument is used as the complete context.
Any additional arguments after command
are interpreted as arguments to the command.
With neither context
nor command
, print the current
security context.
Note also the setpriv
command which can be used to set the
NO_NEW_PRIVS bit using setpriv --no-new-privs runcon ...
,
thus disallowing usage of a security context with more privileges
than the process would normally have.
runcon
accepts the following options. Also see Common options.
-c
’--compute
’
Compute process transition context before modifying.
-u user
’--user=user
’
Set user user
in the target security context.
-r role
’--role=role
’
Set role role
in the target security context.
-t type
’--type=type
’
Set type type
in the target security context.
-l range
’--range=range
’
Set range range
in the target security context.
Exit status:
126 if command is found but cannot be invoked 127 if runcon itself fails or if command cannot be found the exit status of command otherwise
Previous: chcon invocation, Up: SELinux context [Contents][Index]