semanage-fcontext
Manage SELinux file context labeling rules
TLDR
SYNOPSIS
semanage fcontext [-l|-a|-d|-m|-D] [options] filespec_
DESCRIPTION
semanage fcontext manages persistent file context labeling rules in SELinux. File contexts determine what SELinux type label files receive, which controls what confined domains can access them.Rules use PCRE regular expressions to match file paths. After adding or modifying rules, run restorecon on the affected directories to apply the new labels.
PARAMETERS
-l, --list
List all file context rules.-a, --add
Add a new file context rule.-d, --delete
Delete a file context rule.-m, --modify
Modify an existing rule.-D, --deleteall
Remove all local customizations.-t TYPE, --type TYPE
SELinux type to assign to matching files.-f TYPE, --ftype TYPE
File type to match: f (regular file), d (directory), c (character device), b (block device), s (socket), l (symbolic link), p (named pipe). Default is all file types.-s SEUSER, --seuser SEUSER
SELinux user name for the context.-r RANGE, --range RANGE
MLS/MCS security range (for MLS/MCS systems only).-e PATH, --equal PATH
Create equivalency rule: substitute target path with the given reference path when generating default labels.-C, --locallist
Show only locally customized rules.-n, --noheading
Omit column headings from output.-N, --noreload
Do not reload policy after commit.-E, --extract
Extract customizable commands for use within a transaction.-S STORE, --store STORE
Select an alternate SELinux policy store.
CAVEATS
Requires root privileges. Rules are persistent but not applied automatically; use restorecon -Rv to apply. Equivalency rules (-e) are useful when a directory should have the same contexts as a reference path. The -f file type option defaults to all files if not specified.
SEE ALSO
semanage(8), restorecon(8), matchpathcon(8), chcon(1), semanage-boolean(8), semanage-port(8)
