chcon

View security context of a file

$ ls -lZ path/to/file

$ chcon --reference reference_file target_file

$ chcon user:role:type:level filename

$ chcon -u user filename

$ chcon -r role filename

$ chcon -t type filename

$ chcon -R -t type path/to/directory

chcon [OPTION]... CONTEXT FILE...
chcon [OPTION]... [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] FILE...
chcon [OPTION]... --reference=RFILE FILE...

chcon changes the SELinux security context of files. An SELinux context consists of four components: user, role, type, and range (level). The context can be specified as a complete string, by individual components, or by copying from a reference file.
Context changes made with chcon are temporary and will be overwritten during a system relabel or by running restorecon. For persistent context changes, use semanage fcontext to define rules and restorecon to apply them. The chcon command is primarily useful for testing and debugging SELinux policies before making permanent changes.

-u, --user=USER

Set the user component of the security context

Set the role component of the security context

Set the type component of the security context

Set the range/level component of the security context

Use security context from RFILE

Operate on files and directories recursively

Affect symbolic links instead of referenced files

Affect the referenced file (default for non-links)

Output a diagnostic for every file processed

Fail to operate recursively on /

If -R, follow symbolic links on command line only

If -R, follow all symbolic links

If -R, never follow symbolic links (default)

Changes made with chcon are temporary and may be reset by restorecon or system relabeling. For permanent changes, use semanage fcontext and restorecon. SELinux must be enabled for this command to function.

chcon is part of GNU coreutils, providing SELinux security context management for files on systems with SELinux enabled.

restorecon(8), semanage(8), ls(1), secon(1)