replcon - SELinux file context replacement tool

NAME

       replcon - SELinux file context replacement tool

SYNOPSIS

       replcon NEW_CONTEXT DIR [OPTIONS] [EXPRESSION]

DESCRIPTION

       replcon   allows   the   user   to  find  and  replace  file  contexts.
       Replacements can be filtered by object class as described below.

REQUIRED ARGUMENTS

       NEW_CONTEXT
              The replacement context  as  expressed  as  a  partial  context,
              described below.

       DIR    Initial  directory  to  begin  searching.  The tool will recurse
              into any subdirectories, so be sure there are no circular mounts
              within it.

EXPRESSION

       The following options allow the user to specify which files to find.  A
       file must meet all specified criteria for its context to  be  replaced.
       If no expression is provided, all files’ contexts are replaced.

       -t TYPE, --type=TYPE
              Search for files with a context containing the type TYPE.

       -u USER, --user=USER
              Search for files with a context containing the user USER.

       -r ROLE, --role=ROLE
              Search for files with a context containing the role ROLE.

       -m RANGE, --mls-range=RANGE
              Search  for  files  with  a context with the MLS range of RANGE.
              Note that replcon ignores the SELinux  translation  library,  if
              present.   In  addition,  this flag is ignored if DIR has no MLS
              information.

       --context=CONTEXT
              Search for files  matching  this  partial  context.   This  flag
              overrides -t, -u, -r, and -m.

       -p PATH, --path=PATH
              Search for files which include PATH.

       -c CLASS, --class=CLASS
              Search only files of object class CLASS.

OPTIONS

       -v, --verbose
              Display context info during replacement.

       -h, --help
              Print help information and exit.

       -V, --version
              Print version information and exit.

PARTIAL CONTEXT

       The  --context flag and NEW_CONTEXT argument specify a partial context,
       which is a a colon separated list of user,  role,  and  type.   If  the
       system supports MLS, the context may have a fourth field that gives the
       range.  With --context if a field is not specified or  is  the  literal
       asterisk, then the query will always match the field.  With NEW_CONTEXT
       if a field is not specified or  is  the  literal  asterisk,  then  that
       portion of the context will not be modified.

OBJECT CLASSES

       Valid object class strings are

       block, char, dir, fifo, file, link, or sock.

NOTE

       The replcon utility always operates on "raw" SELinux file contexts.  If
       the system has an installed  translation  library  (i.e.,  libsetrans),
       those  translations  are  ignored  in  favor  of  reading  the original
       contexts from the filesystem.

EXAMPLES

       replcon ::type_t: .
              Replace every context’s  type  in  the  current  directory  with
              type_t.  The user and role portion remain unchanged.

       replcon -u user_u *:role_r:* .
              Replace  every  context’s  role  with user user_u in the current
              directory  with  role_r.   The  user  and  type  portion  remain
              unchanged.

       replcon --context ::type_t:s0 :::s0:c0 /tmp
              Replace  every context with type type_t and MLS range s0 in /tmp
              with MLS range s0:c0.

AUTHOR

       This manual page was written by Jeremy A. Mowery  <jmowery@tresys.com>.

COPYRIGHT

       Copyright(C) 2003-2007 Tresys Technology, LLC

BUGS

       Please report bugs via an email to setools-bugs@tresys.com.

NAME

SYNOPSIS

DESCRIPTION

REQUIRED ARGUMENTS

EXPRESSION

OPTIONS

PARTIAL CONTEXT

OBJECT CLASSES

NOTE

EXAMPLES

AUTHOR

COPYRIGHT

BUGS

SEE ALSO