runcon is a command-line utility that allows you to run a program in a different SELinux (Security-Enhanced Linux) security context than the one currently active. SELinux is a security mechanism used in Linux systems to provide a more fine-grained access control for processes and resources.
When run with neither context nor command, runcon prints the current security context, which represents the current security attributes for the current process. The security context includes the security label, which contains the security attributes for the process, such as the SELinux user, role, and type.
To use runcon to run a program in a different SELinux security context, you need to provide the new security context as the first argument, followed by the command to run in that context.
If you encounter the below error while running the command runcon:
runcon: command not found
you may try installing the below package as per your choice of distribution:
| Distribution | Command |
|---|---|
| Debian | apt-get install coreutils |
| Ubuntu | apt-get install coreutils |
| Alpine | apk add coreutils |
| Arch Linux | pacman -S coreutils |
| Kali Linux | apt-get install coreutils |
| CentOS | yum install coreutils |
| Fedora | dnf install coreutils |
| OS X | brew install coreutils |
| Raspbian | apt-get install coreutils |
runcon Command Examples
1. Determine the current domain:
# runcon
2. Specify the domain to run a command in:
# runcon -t domain_t command
3. Specify the context role to run a command with:
# runcon -r role_r command
4. Specify the full context to run a command with:
# runcon user_u:role_r:domain_t command
Note that to use runcon, your system must have SELinux enabled and properly configured, and you need to have the appropriate permissions to run processes in different security contexts. For more information on runcon and SELinux, refer to the GNU Coreutils documentation or the SELinux documentation.