chcon [OPTION]... CONTEXT FILE...
!subtitle:功能
修改文件的 SELinux 安全上下文。
!subtitle:类型
可执行文件(/usr/bin/chcon),属于 coreutils。
!subtitle:参数
OPTION 选项:
--dereference - 影响符号链接引用的源文件,而非符号链接本身(默认)
-h, --no-dereference - 影响符号链接本身,而不是其引用的源文件
-u, --user=USER - 在目标安全上下文中设置用户为 USER
-r, --role=ROLE - 在目标安全上下文中设置角色为 ROLE
-t, --type=TYPE - 在目标安全上下文中设置类型为 TYPE
-l, --range=RANGE - 在目标安全上下文中设置范围为 RANGE
--no-preserve-root - 不保护 / 目录
--preserve-root - 保护 / 目录
--reference=RFILE - 引用 RFILE 的安全上下文
-R, --recursive - 对目录进行递归操作
-v, --verbose - 打印详细信息
-H - 使用 -R 选项进行递归操作时,指向目录的符号链接只有作为命令行参数时才遍历
-L - 使用 -R 选项进行递归操作时,遍历所有指向目录的符号链接
-P - 使用 -R 选项进行递归操作时,不遍历任何符号链接(默认)
--help - 显示帮助
--version - 显示版本
CONTEXT - 安全上下文;通常格式为 USER:ROLE:TYPE:LEVEL
FILE - 文件路径
$ sudo chcon USER:ROLE:TYPE:RANGE 1.txt # 设置安全上下文
$ ls -Z 1.txt # 查看安全上下文
USER:ROLE:TYPE:RANGE 1.txt
$ sudo chcon --reference=1.txt 2.txt # 将 2.txt 的安全上下文设为和 1.txt 一样
$ ls -Z 2.txt
USER:ROLE:TYPE:RANGE 2.txt
CHCON(1) User Commands CHCON(1)
NAME
chcon - change file security context
SYNOPSIS
chcon [OPTION]... CONTEXT FILE...
chcon [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...
chcon [OPTION]... --reference=RFILE FILE...
DESCRIPTION
Change the SELinux security context of each FILE to CONTEXT. With
--reference, change the security context of each FILE to that of RFILE.
Mandatory arguments to long options are mandatory for short options
too.
--dereference
affect the referent of each symbolic link (this is the default),
rather than the symbolic link itself
-h, --no-dereference
affect symbolic links instead of any referenced file
-u, --user=USER
set user USER in the target security context
-r, --role=ROLE
set role ROLE in the target security context
-t, --type=TYPE
set type TYPE in the target security context
-l, --range=RANGE
set range RANGE in the target security context
--no-preserve-root
do not treat '/' specially (the default)
--preserve-root
fail to operate recursively on '/'
--reference=RFILE
use RFILE's security context rather than specifying a CONTEXT
value
-R, --recursive
operate on files and directories recursively
-v, --verbose
output a diagnostic for every file processed
The following options modify how a hierarchy is traversed when the -R
option is also specified. If more than one is specified, only the fi‐
nal one takes effect.
-H if a command line argument is a symbolic link to a directory,
traverse it
-L traverse every symbolic link to a directory encountered
-P do not traverse any symbolic links (default)
--help display this help and exit
--version
output version information and exit
AUTHOR
Written by Russell Coker and Jim Meyering.
REPORTING BUGS
GNU coreutils online help: <https://www.gnu.org/software/coreutils/>
Report any translation bugs to <https://translationproject.org/team/>
COPYRIGHT
Copyright © 2023 Free Software Foundation, Inc. License GPLv3+: GNU
GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
SEE ALSO
Full documentation <https://www.gnu.org/software/coreutils/chcon>
or available locally via: info '(coreutils) chcon invocation'
GNU coreutils 9.4 April 2024 CHCON(1)