From cd506e1bd2995fd2c322362a39a6d35b8e474d48 Mon Sep 17 00:00:00 2001 From: =?utf-8?q?Ond=C5=99ej=20Va=C5=A1=C3=ADk?= Date: Mon, 6 Oct 2008 14:18:53 +0200 Subject: [PATCH] Coreutils.texi: Document runcon and chcon in SELinux context section * coreutils.texi: Document commands runcon and chcon, add SELinux context section --- doc/coreutils.texi | 182 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 files changed, 181 insertions(+), 1 deletions(-) diff --git a/doc/coreutils.texi b/doc/coreutils.texi index 67da740..4dfde8a 100644 --- a/doc/coreutils.texi +++ b/doc/coreutils.texi @@ -32,7 +32,6 @@ @c * [: (coreutils)[ invocation. File/string tests. @c * pinky: (coreutils)pinky invocation. FIXME. @c * mktemp: (coreutils)mktemp invocation. FIXME. address@hidden * chcon: (coreutils)chcon invocation. FIXME. @dircategory Individual utilities @direntry @@ -40,6 +39,7 @@ * base64: (coreutils)base64 invocation. Base64 encode/decode data. * basename: (coreutils)basename invocation. Strip directory and suffix. * cat: (coreutils)cat invocation. Concatenate and write files. +* chcon: (coreutils)chcon invocation. Change SELinux CTX of files. * chgrp: (coreutils)chgrp invocation. Change file groups. * chmod: (coreutils)chmod invocation. Change file permissions. * chown: (coreutils)chown invocation. Change file owners/groups. @@ -95,6 +95,7 @@ * readlink: (coreutils)readlink invocation. Print referent of a symlink. * rm: (coreutils)rm invocation. Remove files. * rmdir: (coreutils)rmdir invocation. Remove empty directories. +* runcon: (coreutils)runcon invocation. Run in specified SELinux CTX. * seq: (coreutils)seq invocation. Print numeric sequences * sha1sum: (coreutils)sha1sum invocation. Print or check SHA-1 digests. * sha2: (coreutils)sha2 utilities. Print or check SHA-2 digests. @@ -194,6 +195,7 @@ Free Documentation License''. * Working context:: pwd stty printenv tty * User information:: id logname whoami groups users who * System context:: date uname hostname hostid uptime +* SELinux context:: chcon runcon * Modified command invocation:: chroot env nice nohup su timeout * Process control:: kill * Delaying:: sleep @@ -421,6 +423,10 @@ System context * Date input formats:: Specifying date strings. * Examples of date:: Examples. +SELinux context +* chcon invocation:: Change SELinux context of file +* runcon invocation:: Run a command in specified SELinux context + Modified command invocation * chroot invocation:: Run a command with a different root directory @@ -12882,6 +12888,180 @@ information. * uptime invocation:: Print system uptime and load @end menu address@hidden SELinux context address@hidden SELinux context + address@hidden SELinux context address@hidden SELinux, context address@hidden commands for SELinux context + +This section describes commands for operations with SELinux +contexts. + address@hidden +* chcon invocation:: Change SELinux context of file +* runcon invocation:: Run a command in specified SELinux context address@hidden menu + address@hidden chcon invocation address@hidden @command{chcon}: Change SELinux context of file. + address@hidden chcon address@hidden changing security context address@hidden change SELinux context + + address@hidden changes the SELinux security context of the selected files. +Synopses: + address@hidden +chcon address@hidden@dots{} @var{context} @address@hidden +chcon address@hidden@dots{} [-u @var{user}] [-r @var{role}] [-l @var{range}] [-t @var{type}] @address@hidden +chcon address@hidden@dots{} address@hidden @address@hidden address@hidden smallexample + +Change the SELinux security context of each @var{file} to @var{context}. +With @option{--reference}, change the security context of each @var{file} +to that of @var{rfile}. + +The program accepts the following options. Also see @ref{Common options}. + address@hidden @samp + address@hidden -h address@hidden --no-dereference address@hidden -h address@hidden --no-dereference address@hidden no dereference +Affect symbolic links instead of any referenced file. + address@hidden address@hidden address@hidden --reference address@hidden reference file +Use @var{rfile}’s security context rather than specifying a @var{context} value. + address@hidden -R address@hidden --recursive address@hidden -R address@hidden --recursive +Operate on files and directories recursively. + +Following options to modify how a hierarchy is traversed could also +be specified. If more than one is specified, only the final one takes +effect. address@hidden address@hidden symlinks}. + address@hidden address@hidden symlinks}. + address@hidden address@hidden symlinks}. + address@hidden -v address@hidden --verbose address@hidden -v address@hidden --verbose address@hidden diagnostic +Output a diagnostic for every file processed. + address@hidden -u @var{user} address@hidden address@hidden address@hidden -u address@hidden --user +Set user @var{user} in the target security context. + address@hidden -r @var{role} address@hidden address@hidden address@hidden -r address@hidden --role +Set role @var{role} in the target security context + address@hidden -t @var{type} address@hidden address@hidden address@hidden -t address@hidden --type +Set type @var{type} in the target security context + address@hidden -l @var{range} address@hidden address@hidden address@hidden -l address@hidden --range +Set range @var{range} in the target security context + address@hidden table + address@hidden + address@hidden runcon invocation address@hidden @command{runcon}: Run a command in specified SELinux context + address@hidden runcon address@hidden run with security context + + address@hidden runs file in specified SELinux security context. + +Synopses: address@hidden +runcon @var{context} @var{command} [args] +runcon [ -c ] [-u @var{user}] [-r @var{role}] [-t @var{type}] [-l @var{range}] @var{command} [args] address@hidden smallexample + +Runs @var{command} with completely-specified @var{context}, or with +current or transitioned security context modified by one or more of @var{range}, address@hidden, @var{type} and @var{user}. + +If none of -c, -t, -u, -r, or -l is specified, the first argument is +used as the complete context. Any additional arguments after COMMAND +are interpreted as arguments to the command. + +With neither @var{context} nor @var{command}, print the current security context. + +The program accepts the following options. Also see @ref{Common options}. + address@hidden @samp + address@hidden -c address@hidden --compute address@hidden -c address@hidden --compute +Compute process transition context before modifying. + address@hidden -u @var{user} address@hidden address@hidden address@hidden -u address@hidden --user +Set user @var{user} in the target security context. + address@hidden -r @var{role} address@hidden address@hidden address@hidden -r address@hidden --role +Set role @var{role} in the target security context + address@hidden -t @var{type} address@hidden address@hidden address@hidden -t address@hidden --type +Set type @var{type} in the target security context + address@hidden -l @var{range} address@hidden address@hidden address@hidden -l address@hidden --range +Set range @var{range} in the target security context + address@hidden table + address@hidden exit status of @command{runcon} +Exit status: + address@hidden +126 if @var{command} is found but cannot be invoked +127 if @command{runcon} itself fails or if @var{command} cannot be found +the exit status of @var{command} otherwise address@hidden display @node date invocation @section @command{date}: Print or set system date and time -- 1.5.6.1.156.ge903b