From 0b46a52b8f94fcbf145e0def84174cadd06bc4d2 Mon Sep 17 00:00:00 2001 From: =?utf-8?q?Ond=C5=99ej=20Va=C5=A1=C3=ADk?= Date: Mon, 6 Oct 2008 14:18:53 +0200 Subject: [PATCH] Coreutils.texi: Document runcon and chcon in SELinux context section * coreutils.texi: Document commands runcon and chcon, add SELinux context section --- doc/coreutils.texi | 177 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 files changed, 176 insertions(+), 1 deletions(-) diff --git a/doc/coreutils.texi b/doc/coreutils.texi index 67da740..48976ee 100644 --- a/doc/coreutils.texi +++ b/doc/coreutils.texi @@ -32,7 +32,6 @@ @c * [: (coreutils)[ invocation. File/string tests. @c * pinky: (coreutils)pinky invocation. FIXME. @c * mktemp: (coreutils)mktemp invocation. FIXME. address@hidden * chcon: (coreutils)chcon invocation. FIXME. @dircategory Individual utilities @direntry @@ -40,6 +39,7 @@ * base64: (coreutils)base64 invocation. Base64 encode/decode data. * basename: (coreutils)basename invocation. Strip directory and suffix. * cat: (coreutils)cat invocation. Concatenate and write files. +* chcon: (coreutils)chcon invocation. Change SELinux CTX of files. * chgrp: (coreutils)chgrp invocation. Change file groups. * chmod: (coreutils)chmod invocation. Change file permissions. * chown: (coreutils)chown invocation. Change file owners/groups. @@ -95,6 +95,7 @@ * readlink: (coreutils)readlink invocation. Print referent of a symlink. * rm: (coreutils)rm invocation. Remove files. * rmdir: (coreutils)rmdir invocation. Remove empty directories. +* runcon: (coreutils)runcon invocation. Run file in specif. SELinux CTX. * seq: (coreutils)seq invocation. Print numeric sequences * sha1sum: (coreutils)sha1sum invocation. Print or check SHA-1 digests. * sha2: (coreutils)sha2 utilities. Print or check SHA-2 digests. @@ -194,6 +195,7 @@ Free Documentation License''. * Working context:: pwd stty printenv tty * User information:: id logname whoami groups users who * System context:: date uname hostname hostid uptime +* SELinux context:: chcon runcon * Modified command invocation:: chroot env nice nohup su timeout * Process control:: kill * Delaying:: sleep @@ -421,6 +423,10 @@ System context * Date input formats:: Specifying date strings. * Examples of date:: Examples. +SELinux context +* chcon invocation:: Change SELinux context of file +* runcon invocation:: Run file in specified SELinux context + Modified command invocation * chroot invocation:: Run a command with a different root directory @@ -12882,6 +12888,175 @@ information. * uptime invocation:: Print system uptime and load @end menu address@hidden SELinux context address@hidden SELinux context + address@hidden SELinux context address@hidden SELinux, context address@hidden commands for SELinux context + +This section describes commands for operations with SELinux +contexts. + address@hidden +* chcon invocation:: Change SELinux context of file +* runcon invocation:: Run file in specified SELinux context address@hidden menu + address@hidden chcon invocation address@hidden @command{chcon}: Change SELinux context of file. + address@hidden chcon address@hidden changing security context address@hidden change SELinux context + + address@hidden changes SELinux security context of the file. +Synopses: + address@hidden +chcon address@hidden@dots{} CONTEXT @address@hidden +chcon address@hidden@dots{} [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] @address@hidden +chcon address@hidden@dots{} --reference=RFILE @address@hidden address@hidden smallexample + +Change the SELinux security context of each FILE to CONTEXT. With +--reference, change the security context of each FILE to that of RFILE. + +The program accepts the following options. Also see @ref{Common options}. + address@hidden @samp + address@hidden -h address@hidden --no-dereference address@hidden -h address@hidden --no-dereference address@hidden no dereference +Affect symbolic links instead of any referenced file + address@hidden --reference=RFILE address@hidden --reference address@hidden reference file +Use RFILE’s security context rather than specifying a CONTEXT +value + address@hidden -R address@hidden --recursive address@hidden -R address@hidden --recursive +Operate on files and directories recursively. + +Following options to modify how a hierarchy is traversed could also +be specified. If more than one is specified, only the final one takes +effect. address@hidden @samp address@hidden -H +if a command line argument is a symbolic link to a directory, +traverse it address@hidden -L +traverse every symbolic link to a directory encountered address@hidden -P +do not traverse any symbolic links (default) address@hidden table + address@hidden -v address@hidden --verbose address@hidden -v address@hidden --verbose address@hidden diagnostic +Output a diagnostic for every file processed + address@hidden -u USER address@hidden --user=USER address@hidden -u address@hidden --user +Set user USER in the target security context + address@hidden -r ROLE address@hidden --role=ROLE address@hidden -r address@hidden --role +Set role ROLE in the target security context + address@hidden -t TYPE address@hidden --type=type address@hidden -t address@hidden --type +Set type TYPE in the target security context + address@hidden -l RANGE address@hidden --range=RANGE address@hidden -l address@hidden --range +Set range RANGE in the target security context + address@hidden table + address@hidden + address@hidden runcon invocation address@hidden @command{runcon}: Run file in specified SELinux context + address@hidden runcon address@hidden run with security context + + address@hidden runs file in specified SELinux security context. + +Synopses: address@hidden +runcon CONTEXT COMMAND [args] +runcon [ -c ] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args] address@hidden smallexample + +Runs COMMAND with completely-specified CONTEXT, or with +current or transitioned security context modified by one or more of LEVEL, +ROLE, TYPE and USER. + +If none of -c, -t, -u, -r, or -l, is specified, the first argument is +used as the complete context. Any additional arguments after COMMAND +are interpreted as arguments to the command. + +With neither CONTEXT nor COMMAND, print the current security context. + +The program accepts the following options. Also see @ref{Common options}. + address@hidden @samp + address@hidden -c address@hidden --compute address@hidden -c address@hidden --compute +Compute process transition context before modifying + address@hidden -u USER address@hidden --user=USER address@hidden -u address@hidden --user +Set user USER in the target security context + address@hidden -r ROLE address@hidden --role=ROLE address@hidden -r address@hidden --role +Set role ROLE in the target security context + address@hidden -t TYPE address@hidden --type=type address@hidden -t address@hidden --type +Set type TYPE in the target security context + address@hidden -l RANGE address@hidden --range=RANGE address@hidden -l address@hidden --range +Set range RANGE in the target security context + address@hidden table + address@hidden + @node date invocation @section @command{date}: Print or set system date and time -- 1.5.6.1.156.ge903b