chcon

change file security context

TLDR

View security context of a file

$ ls -lZ [path/to/file]
copy

Change the security context of a target file, using a reference file

$ chcon --reference=[reference_file] [target_file]
copy

Change the full SELinux security context of a file

$ chcon [user]:[role]:[type]:[range/level] [filename]
copy

Change only the user part of SELinux security context

$ chcon -u [user] [filename]
copy

Change only the role part of SELinux security context

$ chcon -r [role] [filename]
copy

Change only the type part of SELinux security context

$ chcon -t [type] [filename]
copy

Change only the range/level part of SELinux security context

$ chcon -l [range/level] [filename]
copy

SYNOPSIS

chcon [OPTION]... CONTEXT FILE...
chcon [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...
chcon [OPTION]... --reference=RFILE FILE...

DESCRIPTION

Change the SELinux security context of each FILE to CONTEXT. With --reference, change the security context of each FILE to that of RFILE.

Mandatory arguments to long options are mandatory for short options too.

--dereference

affect the referent of each symbolic link (this is the default), rather than the symbolic link itself

-h, --no-dereference

affect symbolic links instead of any referenced file

-u, --user=USER

set user USER in the target security context

-r, --role=ROLE

set role ROLE in the target security context

-t, --type=TYPE

set type TYPE in the target security context

-l, --range=RANGE

set range RANGE in the target security context

--no-preserve-root

do not treat '/' specially (the default)

--preserve-root

fail to operate recursively on '/'

--reference=RFILE

use RFILE's security context rather than specifying a CONTEXT value

-R, --recursive

operate on files and directories recursively

-v, --verbose

output a diagnostic for every file processed

The following options modify how a hierarchy is traversed when the -R option is also specified. If more than one is specified, only the final one takes effect.

-H

if a command line argument is a symbolic link to a directory, traverse it

-L

traverse every symbolic link to a directory encountered

-P

do not traverse any symbolic links (default)

--help

display this help and exit

--version

output version information and exit

REPORTING BUGS

GNU coreutils online help: <https://www.gnu.org/software/coreutils/>
Report any translation bugs to <https://translationproject.org/team/>

COPYRIGHT

Copyright © 2020 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

SEE ALSO

Full documentation <https://www.gnu.org/software/coreutils/chcon> or available locally via: info '(coreutils) chcon invocation'

AUTHOR

Written by Russell Coker and Jim Meyering.

Copied to clipboard
Dodo Farming