runcon

Determine the current domain

$ runcon

Specify the domain to run a command in

$ runcon -t [domain]_t [command]

Specify the context role to run a command with

$ runcon -r [role]_r [command]

Specify the full context to run a command with

$ runcon [user]_u:[role]_r:[domain]_t [command]

runcon CONTEXT COMMAND [ args ]
runcon [ -c ][ -u USER ][ -r ROLE ][ -t TYPE ][ -l RANGE ] COMMAND [ args ]

Run COMMAND with completely-specified CONTEXT, or with current or transitioned security context modified by one or more of LEVEL, ROLE, TYPE, and USER.

If none of -c , -t , -u , -r ,or -l ,is specified, the first argument is used as the complete context. Any additional arguments after COMMAND are interpreted as arguments to the command.

Note that only carefully-chosen contexts are likely to successfully run.

Run a program in a different SELinux security context. With neither CONTEXT nor COMMAND, print the current security context.

Mandatory arguments to long options are mandatory for short options too.

CONTEXT Complete security context

-c , --compute compute process transition context before modifying

-t , --type = TYPE type (for same role as parent)

-u , --user = USER user identity

-r , --role = ROLE role

-l , --range = RANGE levelrange

--help display this help and exit

--version output version information and exit

GNU coreutils online help: <https://www.gnu.org/software/coreutils/>
Report any translation bugs to <https://translationproject.org/team/>

Copyright 2019 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

Full documentation <https://www.gnu.org/software/coreutils/runcon> or available locally via: info runcon invocation

Written by Russell Coker.