2008-08-19 19:30:36 +00:00
|
|
|
.TH SECON "1" "April 2006" "Security Enhanced Linux" NSA
|
|
|
|
.SH NAME
|
|
|
|
secon \- See an SELinux context, from a file, program or user input.
|
|
|
|
.SH SYNOPSIS
|
|
|
|
.B secon
|
|
|
|
[\fB-hVurtscmPRfLp\fR]
|
|
|
|
[\fICONTEXT\fR]
|
|
|
|
.br
|
|
|
|
[\fB--file\fR]
|
|
|
|
\fIFILE\fR
|
|
|
|
.br
|
|
|
|
[\fB--link\fR]
|
|
|
|
\fIFILE\fR
|
|
|
|
.br
|
|
|
|
[\fB--pid\fR]
|
|
|
|
\fIPID\fR
|
|
|
|
.SH DESCRIPTION
|
|
|
|
.PP
|
|
|
|
See a part of a context. The context is taken from a file, pid, user input or
|
|
|
|
the context in which
|
|
|
|
.B secon
|
|
|
|
is originally executed.
|
|
|
|
.TP
|
|
|
|
\fB\-V\fR, \fB\-\-version\fR
|
|
|
|
shows the current version of secon
|
|
|
|
.TP
|
|
|
|
\fB\-h\fR, \fB\-\-help\fR
|
|
|
|
shows the usage information for secon
|
|
|
|
.TP
|
|
|
|
\fB\-P\fR, \fB\-\-prompt\fR
|
|
|
|
outputs data in a format suitable for a prompt
|
|
|
|
.TP
|
2013-01-02 20:24:55 +00:00
|
|
|
\fB\-C\fR, \fB\-\-color\fR
|
2013-11-06 12:24:01 +00:00
|
|
|
outputs data with the associated ANSI color codes (requires \-P)
|
2013-01-02 20:24:55 +00:00
|
|
|
.TP
|
2008-08-19 19:30:36 +00:00
|
|
|
\fB\-u\fR, \fB\-\-user\fR
|
|
|
|
show the user of the security context
|
|
|
|
.TP
|
|
|
|
\fB\-r\fR, \fB\-\-role\fR
|
|
|
|
show the role of the security context
|
|
|
|
.TP
|
|
|
|
\fB\-t\fR, \fB\-\-type\fR
|
|
|
|
show the type of the security context
|
|
|
|
.TP
|
|
|
|
\fB\-s\fR, \fB\-\-sensitivity\fR
|
|
|
|
show the sensitivity level of the security context
|
|
|
|
.TP
|
|
|
|
\fB\-c\fR, \fB\-\-clearance\fR
|
|
|
|
show the clearance level of the security context
|
|
|
|
.TP
|
|
|
|
\fB\-m\fR, \fB\-\-mls-range\fR
|
|
|
|
show the sensitivity level and clearance, as a range, of the security context
|
|
|
|
.TP
|
|
|
|
\fB\-R\fR, \fB\-\-raw\fR
|
|
|
|
outputs the sensitivity level and clearance in an untranslated format.
|
|
|
|
.TP
|
|
|
|
\fB\-f\fR, \fB\-\-file\fR
|
|
|
|
gets the context from the specified file FILE
|
|
|
|
.TP
|
|
|
|
\fB\-L\fR, \fB\-\-link\fR
|
|
|
|
gets the context from the specified file FILE (doesn't follow symlinks)
|
|
|
|
.TP
|
|
|
|
\fB\-p\fR, \fB\-\-pid\fR
|
|
|
|
gets the context from the specified process PID
|
|
|
|
.TP
|
|
|
|
\fB\-\-pid\-exec\fR
|
|
|
|
gets the exec context from the specified process PID
|
|
|
|
.TP
|
|
|
|
\fB\-\-pid\-fs\fR
|
|
|
|
gets the fscreate context from the specified process PID
|
|
|
|
.TP
|
2016-01-11 09:30:41 +00:00
|
|
|
\fB\-\-pid\-key\fR
|
|
|
|
gets the key context from the specified process PID
|
|
|
|
.TP
|
2008-08-19 19:30:36 +00:00
|
|
|
\fB\-\-current\fR, \fB\-\-self\fR
|
|
|
|
gets the context from the current process
|
|
|
|
.TP
|
|
|
|
\fB\-\-current\-exec\fR, \fB\-\-self\-exec\fR
|
|
|
|
gets the exec context from the current process
|
|
|
|
.TP
|
|
|
|
\fB\-\-current\-fs\fR, \fB\-\-self\-fs\fR
|
|
|
|
gets the fscreate context from the current process
|
|
|
|
.TP
|
2016-01-11 09:30:41 +00:00
|
|
|
\fB\-\-current\-key\fR, \fB\-\-self\-key\fR
|
|
|
|
gets the key context from the current process
|
|
|
|
.TP
|
2008-08-19 19:30:36 +00:00
|
|
|
\fB\-\-parent\fR
|
|
|
|
gets the context from the parent of the current process
|
|
|
|
.TP
|
|
|
|
\fB\-\-parent\-exec\fR
|
|
|
|
gets the exec context from the parent of the current process
|
|
|
|
.TP
|
|
|
|
\fB\-\-parent\-fs\fR
|
|
|
|
gets the fscreate context from the parent of the current process
|
2016-01-11 09:30:41 +00:00
|
|
|
.TP
|
|
|
|
\fB\-\-parent\-key\fR
|
|
|
|
gets the key context from the parent of the current process
|
2008-08-19 19:30:36 +00:00
|
|
|
.PP
|
|
|
|
Additional argument
|
|
|
|
.I CONTEXT
|
|
|
|
may be provided and will be used if no options have been specified to make
|
|
|
|
.B secon
|
2013-10-09 21:52:27 +00:00
|
|
|
get its context from another source.
|
2008-08-19 19:30:36 +00:00
|
|
|
If that argument is
|
|
|
|
.I -
|
|
|
|
then the context will be read from stdin.
|
|
|
|
.br
|
2013-10-09 21:52:27 +00:00
|
|
|
If there is no argument,
|
2008-08-19 19:30:36 +00:00
|
|
|
.B secon
|
|
|
|
will try reading a context from stdin, if that is not a tty, otherwise
|
|
|
|
.B secon
|
|
|
|
will act as though \fB\-\-self\fR had been passed.
|
|
|
|
.PP
|
|
|
|
If none of \fB\-\-user\fR, \fB\-\-role\fR, \fB\-\-type\fR, \fB\-\-level\fR or
|
|
|
|
\fB\-\-mls\-range\fR is passed.
|
|
|
|
Then all of them will be output.
|
|
|
|
.PP
|
|
|
|
.SH SEE ALSO
|
|
|
|
.B chcon
|
|
|
|
(1)
|
|
|
|
.SH AUTHORS
|
|
|
|
.nf
|
|
|
|
James Antill (james.antill@redhat.com)
|