On Apache
Under GNU General Public License
2024-04-27 02:07 @3.147.65.65 CrawledBy Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
semanage-fcontext(8) semanage-fcontext(8)
NAME
semanage-fcontext - SELinux Policy Management file context tool
SYNOPSIS
semanage fcontext [-h] [-n] [-N] [-S STORE] [ --add ( -t TYPE -f FTYPE -r RANGE -s SEUSER
| -e EQUAL ) FILE_SPEC ) | --delete ( -t TYPE -f FTYPE | -e EQUAL ) FILE_SPEC ) |
--deleteall | --extract | --list [-C] | --modify ( -t TYPE -f FTYPE -r RANGE -s SEUSER |
-e EQUAL ) FILE_SPEC ) ]
DESCRIPTION
semanage is used to configure certain elements of SELinux policy without requiring modifi-
cation to or recompilation from policy sources. semanage fcontext is used to manage the
default file system labeling on an SELinux system. This command maps file paths using
regular expressions to SELinux labels.
OPTIONS
-h, --help
show this help message and exit
-n, --noheading
Do not print heading when listing the specified object type
-N, --noreload
Do not reload policy after commit
-C, --locallist
List local customizations
-S STORE, --store STORE
Select an alternate SELinux Policy Store to manage
-a, --add
Add a record of the specified object type
-d, --delete
Delete a record of the specified object type
-m, --modify
Modify a record of the specified object type
-l, --list
List records of the specified object type
-E, --extract
Extract customizable commands, for use within a transaction
-D, --deleteall
Remove all local customizations
-e EQUAL, --equal EQUAL
Substitute target path with sourcepath when generating default label. This is used
with fcontext. Requires source and target path arguments. The context labeling for
the target subtree is made equivalent to that defined for the source.
-f [{a,f,d,c,b,s,l,p}], --ftype [{a,f,d,c,b,s,l,p}]
File Type. This is used with fcontext. Requires a file type as shown in the mode
field by ls, e.g. use 'd' to match only directories or 'f' to match only regular
files. The following file type options can be passed: f (regular file),d (direc-
tory),c (character device), b (block device),s (socket),l (symbolic link),p (named
pipe). If you do not specify a file type, the file type will default to "all
files".
-s SEUSER, --seuser SEUSER
SELinux user name
-t TYPE, --type TYPE
SELinux Type for the object
-r RANGE, --range RANGE
MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login map-
ping defaults to the SELinux user record range. SELinux Range for SELinux user
defaults to s0.
EXAMPLE
remember to run restorecon after you set the file context
Add file-context for everything under /web
# semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
# restorecon -R -v /web
Substitute /home1 with /home when setting file context
# semanage fcontext -a -e /home /home1
# restorecon -R -v /home1
For home directories under top level directory, for example /disk6/home,
execute the following commands.
# semanage fcontext -a -t home_root_t "/disk6"
# semanage fcontext -a -e /home /disk6/home
# restorecon -R -v /disk6
SEE ALSO
selinux (8), semanage (8)
AUTHOR
This man page was written by Daniel Walsh <dwalsh AT redhat.com>
20130617 semanage-fcontext(8)
Generated by $Id: phpMan.php,v 4.55 2007/09/05 04:42:51 chedong Exp $ Author: Che Dong
On Apache
Under GNU General Public License
2024-04-27 02:07 @3.147.65.65 CrawledBy Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)