1semanage-fcontext(8)                                      semanage-fcontext(8)
2
3
4

NAME

6       semanage-fcontext - SELinux Policy Management file context tool
7
8

SYNOPSIS

10       semanage  fcontext [-h] [-n] [-N] [-S STORE] [ --add ( -t TYPE -f FTYPE
11       -r RANGE -s SEUSER | -e EQUAL ) FILE_SPEC ) | --delete  (  -t  TYPE  -f
12       FTYPE  | -e EQUAL ) FILE_SPEC ) | --deleteall | --extract | --list [-C]
13       | --modify ( -t TYPE -f FTYPE -r RANGE -s SEUSER | -e EQUAL ) FILE_SPEC
14       ) ]
15
16

DESCRIPTION

18       semanage  is used to configure certain elements of SELinux policy with‐
19       out requiring modification to or  recompilation  from  policy  sources.
20       semanage  fcontext  is used to  manage the default file system labeling
21       on an SELinux system.  This  command  maps  file  paths  using  regular
22       expressions to SELinux labels.
23
24

OPTIONS

26       -h, --help
27              show this help message and exit
28
29       -n, --noheading
30              Do not print heading when listing the specified object type
31
32       -N, --noreload
33              Do not reload policy after commit
34
35       -C, --locallist
36              List local customizations
37
38       -S STORE, --store STORE
39              Select an alternate SELinux Policy Store to manage
40
41       -a, --add
42              Add a record of the specified object type
43
44       -d, --delete
45              Delete a record of the specified object type
46
47       -m, --modify
48              Modify a record of the specified object type
49
50       -l, --list
51              List records of the specified object type
52
53       -E, --extract
54              Extract customizable commands, for use within a transaction
55
56       -D, --deleteall
57              Remove all local customizations
58
59       -e EQUAL, --equal EQUAL
60              Substitute  target  path with sourcepath when generating default
61              label. This is used with fcontext. Requires  source  and  target
62              path  arguments.  The context labeling for the target subtree is
63              made equivalent to that defined for the source.
64
65       -f [{a,f,d,c,b,s,l,p}], --ftype [{a,f,d,c,b,s,l,p}]
66              File Type. This is used with fcontext. Requires a file  type  as
67              shown in the mode field by ls, e.g. use 'd' to match only direc‐
68              tories or 'f' to match only regular files.  The  following  file
69              type  options  can  be  passed: f (regular file),d (directory),c
70              (character device),  b  (block  device),s  (socket),l  (symbolic
71              link),p  (named  pipe).   If you do not specify a file type, the
72              file type will default to "all files".
73
74
75       -s SEUSER, --seuser SEUSER
76              SELinux user name
77
78       -t TYPE, --type TYPE
79              SELinux Type for the object
80
81       -r RANGE, --range RANGE
82              MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range  for
83              SELinux login mapping defaults to the SELinux user record range.
84              SELinux Range for SELinux user defaults to s0.
85
86

EXAMPLE

88       remember to run restorecon after you set the file context
89       Add file-context for everything under /web
90       # semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
91       # restorecon -R -v /web
92
93       Substitute /home1 with /home when setting file context
94       # semanage fcontext -a -e /home /home1
95       # restorecon -R -v /home1
96
97       For home directories under top level directory, for example /disk6/home,
98       execute the following commands.
99       # semanage fcontext -a -t home_root_t "/disk6"
100       # semanage fcontext -a -e /home /disk6/home
101       # restorecon -R -v /disk6
102
103

SEE ALSO

105       selinux(8), semanage(8)
106
107

AUTHOR

109       This man page was written by Daniel Walsh <dwalsh@redhat.com>
110
111
112
113                                   20130617               semanage-fcontext(8)
Impressum