mirror of
https://github.com/SELinuxProject/selinux
synced 2025-01-25 06:43:40 +00:00
0faee34ebd
This patch adds support for displaying SELinux context information in colors defined by mcstrans(8)/secolor.conf(5). The new behavior is enabled through the use of the "-C/--color" option and requires the "-P" option also be specified. The reason for this addition is that in some situations, notably MLS, users find it helpful to add SELinux context information to their prompt: # example taken from the RHEL6 CC certification bash scripts SEROLE=`secon -rP 2>/dev/null` SEMLS=`secon -lP 2>/dev/null` PS1="[\u/$SEROLE/$SEMLS@\h \W]\\$ " export PS1 With the added functionality provided by this patch we can also display the associated color information (note the addition of the "C" option): SEROLE=`secon -rP 2>/dev/null` SEMLS=`secon -lPC 2>/dev/null` PS1="[\u/$SEROLE/$SEMLS@\h \W]\\$ " export PS1 Note that in the example above only the MLS range is colored, but the patch does provide support for all of the color information provided by mcstransd/secolor.conf (user,role,type,range). Finally, one quick word on the colors themselves; the secolor.conf configuration file allows 32-bit colors but the ANSI color coding only allows 8-bit colors so the colors displayed by secon using the "-C" option will be a bit lossy. Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
115 lines
2.8 KiB
Groff
115 lines
2.8 KiB
Groff
.TH SECON "1" "April 2006" "Security Enhanced Linux" NSA
|
|
.SH NAME
|
|
secon \- See an SELinux context, from a file, program or user input.
|
|
.SH SYNOPSIS
|
|
.B secon
|
|
[\fB-hVurtscmPRfLp\fR]
|
|
[\fICONTEXT\fR]
|
|
.br
|
|
[\fB--file\fR]
|
|
\fIFILE\fR
|
|
.br
|
|
[\fB--link\fR]
|
|
\fIFILE\fR
|
|
.br
|
|
[\fB--pid\fR]
|
|
\fIPID\fR
|
|
.SH DESCRIPTION
|
|
.PP
|
|
See a part of a context. The context is taken from a file, pid, user input or
|
|
the context in which
|
|
.B secon
|
|
is originally executed.
|
|
.TP
|
|
\fB\-V\fR, \fB\-\-version\fR
|
|
shows the current version of secon
|
|
.TP
|
|
\fB\-h\fR, \fB\-\-help\fR
|
|
shows the usage information for secon
|
|
.TP
|
|
\fB\-P\fR, \fB\-\-prompt\fR
|
|
outputs data in a format suitable for a prompt
|
|
.TP
|
|
\fB\-C\fR, \fB\-\-color\fR
|
|
outputs data with the associated ANSI color codes (requires -P)
|
|
.TP
|
|
\fB\-u\fR, \fB\-\-user\fR
|
|
show the user of the security context
|
|
.TP
|
|
\fB\-r\fR, \fB\-\-role\fR
|
|
show the role of the security context
|
|
.TP
|
|
\fB\-t\fR, \fB\-\-type\fR
|
|
show the type of the security context
|
|
.TP
|
|
\fB\-s\fR, \fB\-\-sensitivity\fR
|
|
show the sensitivity level of the security context
|
|
.TP
|
|
\fB\-c\fR, \fB\-\-clearance\fR
|
|
show the clearance level of the security context
|
|
.TP
|
|
\fB\-m\fR, \fB\-\-mls-range\fR
|
|
show the sensitivity level and clearance, as a range, of the security context
|
|
.TP
|
|
\fB\-R\fR, \fB\-\-raw\fR
|
|
outputs the sensitivity level and clearance in an untranslated format.
|
|
.TP
|
|
\fB\-f\fR, \fB\-\-file\fR
|
|
gets the context from the specified file FILE
|
|
.TP
|
|
\fB\-L\fR, \fB\-\-link\fR
|
|
gets the context from the specified file FILE (doesn't follow symlinks)
|
|
.TP
|
|
\fB\-p\fR, \fB\-\-pid\fR
|
|
gets the context from the specified process PID
|
|
.TP
|
|
\fB\-\-pid\-exec\fR
|
|
gets the exec context from the specified process PID
|
|
.TP
|
|
\fB\-\-pid\-fs\fR
|
|
gets the fscreate context from the specified process PID
|
|
.TP
|
|
\fB\-\-current\fR, \fB\-\-self\fR
|
|
gets the context from the current process
|
|
.TP
|
|
\fB\-\-current\-exec\fR, \fB\-\-self\-exec\fR
|
|
gets the exec context from the current process
|
|
.TP
|
|
\fB\-\-current\-fs\fR, \fB\-\-self\-fs\fR
|
|
gets the fscreate context from the current process
|
|
.TP
|
|
\fB\-\-parent\fR
|
|
gets the context from the parent of the current process
|
|
.TP
|
|
\fB\-\-parent\-exec\fR
|
|
gets the exec context from the parent of the current process
|
|
.TP
|
|
\fB\-\-parent\-fs\fR
|
|
gets the fscreate context from the parent of the current process
|
|
.PP
|
|
Additional argument
|
|
.I CONTEXT
|
|
may be provided and will be used if no options have been specified to make
|
|
.B secon
|
|
get it's context from another source.
|
|
If that argument is
|
|
.I -
|
|
then the context will be read from stdin.
|
|
.br
|
|
If there is no arugment,
|
|
.B secon
|
|
will try reading a context from stdin, if that is not a tty, otherwise
|
|
.B secon
|
|
will act as though \fB\-\-self\fR had been passed.
|
|
.PP
|
|
If none of \fB\-\-user\fR, \fB\-\-role\fR, \fB\-\-type\fR, \fB\-\-level\fR or
|
|
\fB\-\-mls\-range\fR is passed.
|
|
Then all of them will be output.
|
|
.PP
|
|
.SH SEE ALSO
|
|
.B chcon
|
|
(1)
|
|
.SH AUTHORS
|
|
.nf
|
|
James Antill (james.antill@redhat.com)
|