LinuxCommandLibrary
GitHubF-DroidGoogle Play Store

chcat

change SELinux security categories

TLDR

List all available categories
$ sudo chcat -L
copy
Add a category to a file
$ sudo chcat +[CategoryName] [path/to/file]
copy
Remove a category from a file
$ sudo chcat -- -[CategoryName] [path/to/file]
copy
Set specific categories for a file
$ sudo chcat [CategoryName1,CategoryName2,...] [path/to/file]
copy
Display categories of a file
$ ls -Z [path/to/file]
copy
Remove all categories from a file
$ sudo chcat -d [path/to/file]
copy

SYNOPSIS

chcat [options] category file...

DESCRIPTION

chcat changes SELinux security categories for files. Categories are part of Multi-Category Security (MCS), providing additional access control beyond traditional SELinux types.MCS categories allow compartmentalization of data, where users or processes can only access files with matching categories.

PARAMETERS

-L, --list

List all available categories
-d, --delete
Remove all categories from file
+category
Add a category
-category
Remove a category (use -- before)

CAVEATS

Requires SELinux to be enabled with MCS policy. Category names must be defined in the policy. Changes affect access control immediately.

SEE ALSO

chcon(1), semanage(8), ls(1)

Copied to clipboard
Kai