1findcon(1) General Commands Manual findcon(1)
2
6 findcon - SELinux file context search tool
7
9 findcon FCLIST [OPTIONS] [EXPRESSION]
10
12 findcon allows the user to search for files with a specified context.
13 Results can be filtered by object class as described below.
14
16 The findcon tool operates upon a file context list source. There are
17 three valid file context lists.
18 directory
20 If FCLIST is a name of a directory then begin the search at that
21 directory and recurse within it. Be sure there are no circular
22 mounts within it.
23 file_contexts
25 If FCLIST is the name of a file_contexts file (e.g.,
26 /etc/selinux/strict/contexts/files/file_contexts) then open that
27 file and find matching entries.
28 database
30 If FCLIST is the name of a database as created by a previous run
31 of indexcon or apol then open the database and execute queries
32 into it.
33
35 The following options allow the user to specify which files to print.
36 A file must meet all specified criteria. If no expression is provided,
37 all files are printed.
38 -t TYPE, --type=TYPE
40 Search for files with a context containing the type TYPE.
41 -u USER, --user=USER
43 Search for files with a context containing the user USER.
44 -r ROLE, --role=ROLE
46 Search for files with a context containing the role ROLE.
47 -m RANGE, --mls-range=RANGE
49 Search for files with a context with the MLS range of RANGE.
50 Note that findcon ignores the SELinux translation library, if
51 present. In addition, this flag is ignored if the FCLIST has no
52 MLS information.
53 --context=CONTEXT
55 Search for files matching this partial context. This flag over‐
56 rides -t, -u, -r, and -m.
57 -p PATH, --path=PATH
59 Search for files which include PATH.
60 -c CLASS, --class=CLASS
62 Search only files of object class CLASS.
63
65 The following additional options are available.
66 -R, --regex
68 Search using regular expressions instead of exact string match‐
69 ing. This option does not affect the --class flag.
70 -h, --help
72 Print help information and exit.
73 -V, --version
75 Print version information and exit.
76
78 The --context flag specifies a partial context, which is a a colon sep‐
79 arated list of user, role, and type. If the system supports MLS, the
80 context may have a fourth field that gives the range. If a field is
81 not specified or is the literal asterisk, then the query will always
82 match the field.
83
85 Valid object class strings are
86 block, char, dir, fifo, file, link, or sock.
88
90 The findcon utility always operates on "raw" SELinux file contexts. If
91 the system has an installed translation library (i.e., libsetrans),
92 those translations are ignored in favor of reading the original con‐
93 texts from the filesystem (if FCFILE is a directory).
94
96 findcon .
97 Find every context in the current directory and all of its sub‐
98 directories.
99 findcon -u user_u .
101 Find every context whose user is user_u in the current directory
102 and all subdirectories.
103 findcon -u system_u -t bin_t file_contexts
105 Find entries user system_u and type bin_t within a file_contexts
106 file, assuming that file_contexts is a file contexts file.
107 findcon --context=system_u::bin_t file_contexts
109 This is equivalent to the previous example.
110 findcon --context=system_u:*:bin_t:* file_contexts
112 This is also equivalent to the above example.
113
115 This manual page was written by Jeremy A. Mowery <jmowery@tresys.com>.
116
118 Copyright(C) 2003-2007 Tresys Technology, LLC
119
121 Please report bugs via an email to setools-bugs@tresys.com.
122
124 replcon(1), indexcon(1)
125 findcon(1)