semanage-fcontext(category17-virtuelle-server.html) - phpMan

semanage-fcontext(8)                                      semanage-fcontext(8)
NAME
       semanage-fcontext - SELinux Policy Management file context tool
SYNOPSIS
       semanage  fcontext [-h] [-n] [-N] [-S STORE] [ --add ( -t TYPE -f FTYPE
       -r RANGE -s SEUSER | -e EQUAL ) FILE_SPEC ) | --delete  (  -t  TYPE  -f
       FTYPE  | -e EQUAL ) FILE_SPEC ) | --deleteall | --extract | --list [-C]
       | --modify ( -t TYPE -f FTYPE -r RANGE -s SEUSER | -e EQUAL ) FILE_SPEC
       ) ]
DESCRIPTION
       semanage  is used to configure certain elements of SELinux policy with-
       out requiring modification to or  recompilation  from  policy  sources.
       semanage  fcontext  is used to  manage the default file system labeling
       on an SELinux system.  This  command  maps  file  paths  using  regular
       expressions to SELinux labels.
       FILE_SPEC may contain either a fully qualified path, or a Perl compati-
       ble regular expression (PCRE), describing fully qualified path(s).  The
       only  PCRE  flag in use is PCRE2_DOTALL, which causes a wildcard '.' to
       match anything, including a new line.  Strings representing  paths  are
       processed  as  bytes  (as  opposed  to Unicode), meaning that non-ASCII
       characters are not matched by a single wildcard.
       Note, that file context definitions specified using 'semanage fcontext'
       (i.e.  local  file context modifications stored in file_contexts.local)
       have higher priority than those  specified  in  policy  modules.   This
       means  that  whenever a match for given file path is found in file_con-
       texts.local, no other file context definitions are considered.  Entries
       in  file_contexts.local  are processed from most recent one to the old-
       est, with first match being used  (as  opposed  to  the  most  specific
       match,  which  is  used  when matching other file context definitions).
       All regular expressions should therefore be as specific as possible, to
       avoid unintentionally impacting other parts of the filesystem.
OPTIONS
       -h, --help
              show this help message and exit
       -n, --noheading
              Do not print heading when listing the specified object type
       -N, --noreload
              Do not reload policy after commit
       -C, --locallist
              List local customizations
       -S STORE, --store STORE
              Select an alternate SELinux Policy Store to manage
       -a, --add
              Add a record of the specified object type
       -d, --delete
              Delete a record of the specified object type
       -m, --modify
              Modify a record of the specified object type
       -l, --list
              List records of the specified object type
       -E, --extract
              Extract customizable commands, for use within a transaction
       -D, --deleteall
              Remove all local customizations
       -e EQUAL, --equal EQUAL
              Substitute  target  path with sourcepath when generating default
              label. This is used with fcontext. Requires  source  and  target
              path  arguments.  The context labeling for the target subtree is
              made equivalent to that defined for the source.
       -f [{a,f,d,c,b,s,l,p}], --ftype [{a,f,d,c,b,s,l,p}]
              File Type. This is used with fcontext. Requires a file  type  as
              shown in the mode field by ls, e.g. use 'd' to match only direc-
              tories or 'f' to match only regular files.  The  following  file
              type  options  can  be  passed: f (regular file),d (directory),c
              (character device),  b  (block  device),s  (socket),l  (symbolic
              link),p  (named  pipe).   If you do not specify a file type, the
              file type will default to "all files".
       -s SEUSER, --seuser SEUSER
              SELinux user name
       -t TYPE, --type TYPE
              SELinux Type for the object
       -r RANGE, --range RANGE
              MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range  for
              SELinux login mapping defaults to the SELinux user record range.
              SELinux Range for SELinux user defaults to s0.
EXAMPLE
       remember to run restorecon after you set the file context
       Add file-context for everything under /web
       # semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
       # restorecon -R -v /web
       Substitute /home1 with /home when setting file context
       # semanage fcontext -a -e /home /home1
       # restorecon -R -v /home1
       For home directories under top level directory, for example /disk6/home,
       execute the following commands.
       # semanage fcontext -a -t home_root_t "/disk6"
       # semanage fcontext -a -e /home /disk6/home
       # restorecon -R -v /disk6
SEE ALSO
       selinux(8), semanage(8)
AUTHOR
       This man page was written by Daniel Walsh <dwalsh AT redhat.com>
                                   20130617               semanage-fcontext(8)