runcon

Run commands with specified SELinux context

TLDR

Print current security context

$ runcon

Specify domain to run command in

$ runcon -t domain_t command

Specify context role

$ runcon -r role_r command

Specify full context

$ runcon user_u:role_r:domain_t command

SYNOPSIS

runcon [options] [context] command [args...]

runcon runs a program in a different SELinux security context. It allows executing commands with specific SELinux user, role, and type labels.This is useful for testing SELinux policies and running programs in restricted contexts.

PARAMETERS

-u, --user user

Specify SELinux user identity.

-r, --role role

Specify SELinux role.

-t, --type type

Specify SELinux domain/type (requires the same role and user).

-l, --range range

Specify SELinux MLS/MCS level range.

--compute

Compute the target process security context before modifying.

--help

Display help information.

--version

Output version information.

CAVEATS

Requires SELinux to be enabled. Transitions must be allowed by SELinux policy. Not all context transitions are permitted.

HISTORY

Part of GNU Coreutils, providing SELinux context manipulation for command execution.