Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

findcon(1) [centos man page]

findcon(1)						      General Commands Manual							findcon(1)

NAME

       findcon - SELinux file context search tool

SYNOPSIS

       findcon FCLIST [OPTIONS] [EXPRESSION]

DESCRIPTION

       findcon allows the user to search for files with a specified context.  Results can be filtered by object class as described below.

FCLIST

       The findcon tool operates upon a file context list source.  There are three valid file context lists.

       directory
	      If  FCLIST  is  a  name of a directory then begin the search at that directory and recurse within it.  Be sure there are no circular
	      mounts within it.

       file_contexts
	      If FCLIST is the name of a file_contexts file (e.g., /etc/selinux/strict/contexts/files/file_contexts) then open that file and  find
	      matching entries.

       database
	      If FCLIST is the name of a database as created by a previous run of indexcon or apol then open the database and execute queries into
	      it.

EXPRESSION

       The following options allow the user to specify which files to print.  A file must meet all specified criteria.	If no expression  is  pro-
       vided, all files are printed.

       -t TYPE, --type=TYPE
	      Search for files with a context containing the type TYPE.

       -u USER, --user=USER
	      Search for files with a context containing the user USER.

       -r ROLE, --role=ROLE
	      Search for files with a context containing the role ROLE.

       -m RANGE, --mls-range=RANGE
	      Search for files with a context with the MLS range of RANGE.  Note that findcon ignores the SELinux translation library, if present.
	      In addition, this flag is ignored if the FCLIST has no MLS information.

       --context=CONTEXT
	      Search for files matching this partial context.  This flag overrides -t, -u, -r, and -m.

       -p PATH, --path=PATH
	      Search for files which include PATH.

       -c CLASS, --class=CLASS
	      Search only files of object class CLASS.

OPTIONS

       The following additional options are available.

       -R, --regex
	      Search using regular expressions instead of exact string matching.  This option does not affect the --class flag.

       -h, --help
	      Print help information and exit.

       -V, --version
	      Print version information and exit.

PARTIAL CONTEXT

       The --context flag specifies a partial context, which is a a colon separated list of user, role, and type.  If the system supports MLS, the
       context	may  have a fourth field that gives the range.	If a field is not specified or is the literal asterisk, then the query will always
       match the field.

OBJECT CLASSES

       Valid object class strings are

       block, char, dir, fifo, file, link, or sock.

NOTE

       The findcon utility always operates on "raw" SELinux file contexts.  If the system has an installed translation library (i.e., libsetrans),
       those translations are ignored in favor of reading the original contexts from the filesystem (if FCFILE is a directory).

EXAMPLES

       findcon .
	      Find every context in the current directory and all of its subdirectories.

       findcon -u user_u .
	      Find every context whose user is user_u in the current directory and all subdirectories.

       findcon -u system_u -t bin_t file_contexts
	      Find entries user system_u and type bin_t within a file_contexts file, assuming that file_contexts is a file contexts file.

       findcon --context=system_u::bin_t file_contexts
	      This is equivalent to the previous example.

       findcon --context=system_u:*:bin_t:* file_contexts
	      This is also equivalent to the above example.

AUTHOR

       This manual page was written by Jeremy A. Mowery <jmowery@tresys.com>.

COPYRIGHT

       Copyright(C) 2003-2007 Tresys Technology, LLC

BUGS

       Please report bugs via an email to setools-bugs@tresys.com.

SEE ALSO

       replcon(1), indexcon(1)

																	findcon(1)

Check Out this Related Man Page

replcon(1)                                                    General Commands Manual                                                   replcon(1)

NAME

       replcon - SELinux file context replacement tool

SYNOPSIS

       replcon NEW_CONTEXT DIR [OPTIONS] [EXPRESSION]

DESCRIPTION

       replcon allows the user to find and replace file contexts.  Replacements can be filtered by object class as described below.

REQUIRED ARGUMENTS

       NEW_CONTEXT
              The replacement context as expressed as a partial context, described below.

       DIR    Initial directory to begin searching.  The tool will recurse into any subdirectories, so be sure there are no circular mounts within
              it.

EXPRESSION

       The following options allow the user to specify which files to find.  A file must meet  all  specified  criteria  for  its  context  to  be
       replaced.  If no expression is provided, all files' contexts are replaced.

       -t TYPE, --type=TYPE
              Search for files with a context containing the type TYPE.

       -u USER, --user=USER
              Search for files with a context containing the user USER.

       -r ROLE, --role=ROLE
              Search for files with a context containing the role ROLE.

       -m RANGE, --mls-range=RANGE
              Search for files with a context with the MLS range of RANGE.  Note that replcon ignores the SELinux translation library, if present.
              In addition, this flag is ignored if DIR has no MLS information.

       --context=CONTEXT
              Search for files matching this partial context.  This flag overrides -t, -u, -r, and -m.

       -p PATH, --path=PATH
              Search for files which include PATH.

       -c CLASS, --class=CLASS
              Search only files of object class CLASS.

OPTIONS

       -v, --verbose
              Display context info during replacement.

       -h, --help
              Print help information and exit.

       -V, --version
              Print version information and exit.

PARTIAL CONTEXT

       The --context flag and NEW_CONTEXT argument specify a partial context, which is a a colon separated list of user, role, and type.   If  the
       system  supports  MLS, the context may have a fourth field that gives the range.  With --context if a field is not specified or is the lit-
       eral asterisk, then the query will always match the field.  With NEW_CONTEXT if a field is not specified or is the literal  asterisk,  then
       that portion of the context will not be modified.

OBJECT CLASSES

       Valid object class strings are

       block, char, dir, fifo, file, link, or sock.

NOTE

       The replcon utility always operates on "raw" SELinux file contexts.  If the system has an installed translation library (i.e., libsetrans),
       those translations are ignored in favor of reading the original contexts from the filesystem.

EXAMPLES

       replcon ::type_t: .
              Replace every context's type in the current directory with type_t.  The user and role portion remain unchanged.

       replcon -u user_u *:role_r:* .
              Replace every context's role with user user_u in the current directory with role_r.  The user and type portion remain unchanged.

       replcon --context ::type_t:s0 :::s0:c0 /tmp
              Replace every context with type type_t and MLS range s0 in /tmp with MLS range s0:c0.

AUTHOR

       This manual page was written by Jeremy A. Mowery <jmowery@tresys.com>.

COPYRIGHT

       Copyright(C) 2003-2007 Tresys Technology, LLC

BUGS

       Please report bugs via an email to setools-bugs@tresys.com.

SEE ALSO

       findcon(1), indexcon(1)

                                                                                                                                        replcon(1)
Man Page