bug-coreutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH]: Basic info documentation for SELinux context related comman


From: Jim Meyering
Subject: Re: [PATCH]: Basic info documentation for SELinux context related commands runcon and chcon
Date: Tue, 07 Oct 2008 23:46:24 +0200

Ondřej Vašík <address@hidden> wrote:
> Thanks for review and suggested/requested changes. Here is amended patch
> with all of your changes(and similar changes for runcon).

Thanks, but your new patch would have actually reverted some of
my changes, so I've adjusted it and made some more.
Here's the result:

>From 42df6d7de2820e67422ca97b4a8708b3aa38f28f Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Ond=C5=99ej=20Va=C5=A1=C3=ADk?= <address@hidden>
Date: Mon, 6 Oct 2008 14:18:53 +0200
Subject: [PATCH] doc: document runcon and chcon in SELinux context section

* doc/coreutils.texi: Document runcon and chcon.
Add minimal SELinux context section.
---
 doc/coreutils.texi |  179 +++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 178 insertions(+), 1 deletions(-)

diff --git a/doc/coreutils.texi b/doc/coreutils.texi
index 67da740..11b9ab9 100644
--- a/doc/coreutils.texi
+++ b/doc/coreutils.texi
@@ -32,7 +32,6 @@
 @c * [: (coreutils)[ invocation.                   File/string tests.
 @c * pinky: (coreutils)pinky invocation.           FIXME.
 @c * mktemp: (coreutils)mktemp invocation.         FIXME.
address@hidden * chcon: (coreutils)chcon invocation.           FIXME.

 @dircategory Individual utilities
 @direntry
@@ -40,6 +39,7 @@
 * base64: (coreutils)base64 invocation.         Base64 encode/decode data.
 * basename: (coreutils)basename invocation.     Strip directory and suffix.
 * cat: (coreutils)cat invocation.               Concatenate and write files.
+* chcon: (coreutils)chcon invocation.           Change SELinux CTX of files.
 * chgrp: (coreutils)chgrp invocation.           Change file groups.
 * chmod: (coreutils)chmod invocation.           Change file permissions.
 * chown: (coreutils)chown invocation.           Change file owners/groups.
@@ -95,6 +95,7 @@
 * readlink: (coreutils)readlink invocation.     Print referent of a symlink.
 * rm: (coreutils)rm invocation.                 Remove files.
 * rmdir: (coreutils)rmdir invocation.           Remove empty directories.
+* runcon: (coreutils)runcon invocation.         Run in specified SELinux CTX.
 * seq: (coreutils)seq invocation.               Print numeric sequences
 * sha1sum: (coreutils)sha1sum invocation.       Print or check SHA-1 digests.
 * sha2: (coreutils)sha2 utilities.              Print or check SHA-2 digests.
@@ -194,6 +195,7 @@ Top
 * Working context::                    pwd stty printenv tty
 * User information::                   id logname whoami groups users who
 * System context::                     date uname hostname hostid uptime
+* SELinux context::                    chcon runcon
 * Modified command invocation::        chroot env nice nohup su timeout
 * Process control::                    kill
 * Delaying::                           sleep
@@ -421,6 +423,10 @@ Top
 * Date input formats::           Specifying date strings.
 * Examples of date::             Examples.

+SELinux context
+* chcon invocation::             Change SELinux context of file
+* runcon invocation::            Run a command in specified SELinux context
+
 Modified command invocation

 * chroot invocation::            Run a command with a different root directory
@@ -12882,6 +12888,177 @@ System context
 * uptime invocation::           Print system uptime and load
 @end menu

address@hidden SELinux context
address@hidden SELinux context
+
address@hidden SELinux context
address@hidden SELinux, context
address@hidden commands for SELinux context
+
+This section describes commands for operations with SELinux
+contexts.
+
address@hidden
+* chcon invocation::            Change SELinux context of file
+* runcon invocation::           Run a command in specified SELinux context
address@hidden menu
+
address@hidden chcon invocation
address@hidden @command{chcon}: Change SELinux context of file.
+
address@hidden chcon
address@hidden changing security context
address@hidden change SELinux context
+
address@hidden changes the SELinux security context of the selected files.
+Synopses:
+
address@hidden
+chcon address@hidden@dots{} @var{context} @address@hidden
+chcon address@hidden@dots{} [-u @var{user}] [-r @var{role}] [-l @var{range}] 
[-t @var{type}] @address@hidden
+chcon address@hidden@dots{} address@hidden @address@hidden
address@hidden smallexample
+
+Change the SELinux security context of each @var{file} to @var{context}.
+With @option{--reference}, change the security context of each @var{file}
+to that of @var{rfile}.
+
+The program accepts the following options.  Also see @ref{Common options}.
+
address@hidden @samp
+
address@hidden -h
address@hidden --no-dereference
address@hidden -h
address@hidden --no-dereference
address@hidden no dereference
+Affect symbolic links instead of any referenced file.
+
address@hidden address@hidden
address@hidden --reference
address@hidden reference file
+Use @var{rfile}'s security context rather than specifying a @var{context} 
value.
+
address@hidden -R
address@hidden --recursive
address@hidden -R
address@hidden --recursive
+Operate on files and directories recursively.
+
address@hidden
address@hidden symlinks}.
+
address@hidden
address@hidden symlinks}.
+
address@hidden
address@hidden symlinks}.
+
address@hidden -v
address@hidden --verbose
address@hidden -v
address@hidden --verbose
address@hidden diagnostic
+Output a diagnostic for every file processed.
+
address@hidden -u @var{user}
address@hidden address@hidden
address@hidden -u
address@hidden --user
+Set user @var{user} in the target security context.
+
address@hidden -r @var{role}
address@hidden address@hidden
address@hidden -r
address@hidden --role
+Set role @var{role} in the target security context.
+
address@hidden -t @var{type}
address@hidden address@hidden
address@hidden -t
address@hidden --type
+Set type @var{type} in the target security context.
+
address@hidden -l @var{range}
address@hidden address@hidden
address@hidden -l
address@hidden --range
+Set range @var{range} in the target security context.
+
address@hidden table
+
address@hidden
+
address@hidden runcon invocation
address@hidden @command{runcon}: Run a command in specified SELinux context
+
address@hidden runcon
address@hidden run with security context
+
+
address@hidden runs file in specified SELinux security context.
+
+Synopses:
address@hidden
+runcon @var{context} @var{command} address@hidden
+runcon [ -c ] [-u @var{user}] [-r @var{role}] [-t @var{type}] [-l @var{range}] 
@var{command} address@hidden
address@hidden smallexample
+
+Run @var{command} with completely-specified @var{context}, or with
+current or transitioned security context modified by one or more of 
@var{level},
address@hidden, @var{type} and @var{user}.
+
+If none of @option{-c}, @option{-t}, @option{-u}, @option{-r}, or @option{-l}
+is specified, the first argument is used as the complete context.
+Any additional arguments after @var{command}
+are interpreted as arguments to the command.
+
+With neither @var{context} nor @var{command}, print the current security 
context.
+
+The program accepts the following options.  Also see @ref{Common options}.
+
address@hidden @samp
+
address@hidden -c
address@hidden --compute
address@hidden -c
address@hidden --compute
+Compute process transition context before modifying.
+
address@hidden -u @var{user}
address@hidden address@hidden
address@hidden -u
address@hidden --user
+Set user @var{user} in the target security context.
+
address@hidden -r @var{role}
address@hidden address@hidden
address@hidden -r
address@hidden --role
+Set role @var{role} in the target security context.
+
address@hidden -t @var{type}
address@hidden address@hidden
address@hidden -t
address@hidden --type
+Set type @var{type} in the target security context.
+
address@hidden -l @var{range}
address@hidden address@hidden
address@hidden -l
address@hidden --range
+Set range @var{range} in the target security context.
+
address@hidden table
+
address@hidden exit status of @command{runcon}
+Exit status:
+
address@hidden
+126 if @var{command} is found but cannot be invoked
+127 if @command{runcon} itself fails or if @var{command} cannot be found
+the exit status of @var{command} otherwise
address@hidden display

 @node date invocation
 @section @command{date}: Print or set system date and time
--
1.6.0.2.307.gc427




reply via email to

[Prev in Thread] Current Thread [Next in Thread]