LinuxCommandLibrary

chcat

change SELinux security categories

TLDR

List all available categories

$ sudo chcat -L
copy
Add a category to a file
$ sudo chcat +[CategoryName] [path/to/file]
copy
Remove a category from a file
$ sudo chcat -- -[CategoryName] [path/to/file]
copy
Set specific categories for a file
$ sudo chcat [CategoryName1,CategoryName2,...] [path/to/file]
copy
Display categories of a file
$ ls -Z [path/to/file]
copy
Remove all categories from a file
$ sudo chcat -d [path/to/file]
copy

SYNOPSIS

chcat [options] category file...

DESCRIPTION

chcat changes SELinux security categories for files. Categories are part of Multi-Category Security (MCS), providing additional access control beyond traditional SELinux types.
MCS categories allow compartmentalization of data, where users or processes can only access files with matching categories.

PARAMETERS

-L, --list

List all available categories
-d, --delete
Remove all categories from file
+category
Add a category
-category
Remove a category (use -- before)

CAVEATS

Requires SELinux to be enabled with MCS policy. Category names must be defined in the policy. Changes affect access control immediately.

SEE ALSO

chcon(1), semanage(8), ls(1)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard

> TERMINAL_GEAR

Curated for the Linux community