SECON(1)
NAME
secon - See an SELinux context, from a file, program or user input.
SYNOPSIS
secon [-hVurtscmPRfLp] [CONTEXT] [--file] FILE [--link] FILE [--pid] PID
DESCRIPTION
See a part of a context. The context is taken from a file, pid, user
input or the context in which secon is originally executed.
- -V, --version
- shows the current version of secon
- -h, --help
- shows the usage information for secon
- -P, --prompt
- outputs data in a format suitable for a prompt
- -u, --user
- show the user of the security context
- -r, --role
- show the role of the security context
- -t, --type
- show the type of the security context
- -s, --sensitivity
- show the sensitivity level of the security context
- -c, --clearance
- show the clearance level of the security context
- -m, --mls-range
- show the sensitivity level and clearance, as a range, of the security context
- -R, --raw
- outputs the sensitivity level and clearance in an untranslated format.
- -f, --file
- gets the context from the specified file FILE
- -L, --link
- gets the context from the specified file FILE (doesn't follow symlinks)
- -p, --pid
- gets the context from the specified process PID
- --pid-exec
- gets the exec context from the specified process PID
- --pid-fs
- gets the fscreate context from the specified process PID
- --current, --self
- gets the context from the current process
- --current-exec, --self-exec
- gets the exec context from the current process
- --current-fs, --self-fs
- gets the fscreate context from the current process
- --parent
- gets the context from the parent of the current process
- --parent-exec
- gets the exec context from the parent of the current process
- --parent-fs
- gets the fscreate context from the parent of the current process
- Additional argument CONTEXT may be provided and will be used if no
options have been specified to make secon get it's context from another
source. If that argument is - then the context will be read from
stdin.
If there is no arugment, secon will try reading a context from stdin, if that is not a tty, otherwise secon will act as though --self had been passed. - If none of --user, --role, --type, --level or --mls-range is passed. Then all of them will be output.
SEE ALSO
chcon (1)
AUTHORS
- James Antill (james.antill@redhat.com)