#Bash 的 runcon 命令

runcon [OPTION]... CONTEXT COMMAND [args]...

功能

使用指定的 SELinux 安全上下文运行命令。

类型

可执行文件（/usr/bin/runcon），属于 coreutils。

参数

• OPTION 选项：
  • -c, --compute - 在应用指定的安全上下文之前先计算进程可能的转变安全上下文
  • -t, --type=TYPE - 指定安全上下文的的 TYPE
  • -u, --user=USER - 指定安全上下文的的 USER
  • -r, --role=ROLE - 指定安全上下文的的 ROLE
  • -l, --range=LEVEL - 指定安全上下文的的 LEVEL
  • --help - 显示帮助
  • --version - 显示版本
• CONTEXT - 安全上下文；通常格式为 USER:ROLE:TYPE:LEVEL
• COMMAND - 命令
• args - 命令的参数列表

#示例

$ runcon system_u:system_r:httpd_t:s0 id -Z
system_u:system_r:httpd_t:s0

#推荐阅读

• Run a command in specified SELinux context - GNU Coreutils
• runcon(1) — Linux manual page

#手册

显示
RUNCON(1)                        User Commands                       RUNCON(1)

NAME
       runcon - run command with specified security context

SYNOPSIS
       runcon CONTEXT COMMAND [args]
       runcon [ -c ] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]

DESCRIPTION
       Run COMMAND with completely-specified CONTEXT, or with current or tran‐
       sitioned security context modified by one or more of LEVEL, ROLE, TYPE,
       and USER.

       If  none  of -c, -t, -u, -r, or -l, is specified, the first argument is
       used as the complete context.  Any additional arguments  after  COMMAND
       are interpreted as arguments to the command.

       Note  that  only  carefully-chosen  contexts are likely to successfully
       run.

       Run a program in a different SELinux security  context.   With  neither
       CONTEXT nor COMMAND, print the current security context.

       Mandatory  arguments  to  long  options are mandatory for short options
       too.

       CONTEXT
              Complete security context

       -c, --compute
              compute process transition context before modifying

       -t, --type=TYPE
              type (for same role as parent)

       -u, --user=USER
              user identity

       -r, --role=ROLE
              role

       -l, --range=RANGE
              levelrange

       --help display this help and exit

       --version
              output version information and exit

   Exit status:
       125    if the runcon command itself fails

       126    if COMMAND is found but cannot be invoked

       127    if COMMAND cannot be found

       -      the exit status of COMMAND otherwise

AUTHOR
       Written by Russell Coker.

REPORTING BUGS
       GNU coreutils online help: <https://www.gnu.org/software/coreutils/>
       Report any translation bugs to <https://translationproject.org/team/>

COPYRIGHT
       Copyright © 2023 Free Software Foundation, Inc.   License  GPLv3+:  GNU
       GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
       This  is  free  software:  you  are free to change and redistribute it.
       There is NO WARRANTY, to the extent permitted by law.

SEE ALSO
       Full documentation <https://www.gnu.org/software/coreutils/runcon>
       or available locally via: info '(coreutils) runcon invocation'

GNU coreutils 9.4                 April 2024                         RUNCON(1)