runcon

Examples (TL;DR)

• Determine the current domain: runcon
• Specify the domain to run a command in: runcon -t domain_t command
• Specify the context role to run a command with: runcon -r role_r command
• Specify the full context to run a command with: runcon user_u:role_r:domain_t command

tldr.sh

Synopsis

runcon CONTEXT COMMAND [args]
runcon [ -c ] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]

Description

Run COMMAND with completely-specified CONTEXT, or with current or transitioned security context modified by one or more of LEVEL, ROLE, TYPE, and USER.

If none of -c, -t, -u, -r, or -l, is specified, the first argument is used as the complete context.  Any additional arguments after COMMAND are interpreted as arguments to the command.

Note that only carefully-chosen contexts are likely to successfully run.

Run a program in a different SELinux security context. With neither CONTEXT nor COMMAND, print the current security context.

Mandatory arguments to long options are mandatory for short options too.

CONTEXT

Complete security context

-c, --compute

compute process transition context before modifying

-t, --type=TYPE

type (for same role as parent)

-u, --user=USER

user identity

-r, --role=ROLE

role

-l, --range=RANGE

levelrange

--help

display this help and exit

--version

output version information and exit

Author

Written by Russell Coker.

Reporting Bugs

GNU coreutils online help: <https://www.gnu.org/software/coreutils/>
Report any translation bugs to <https://translationproject.org/team/>

Copyright

Copyright © 2019 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

See Also

Full documentation <https://www.gnu.org/software/coreutils/runcon>
or available locally via: info '(coreutils) runcon invocation'

Referenced By

newrole(1), sandbox(8), setpriv(1), seunshare(8).