Linux command
matchpathcon 命令
文件
复制后可按需替换文件名、目录或参数。
常用示例
Example
matchpathcon [/path/to/file]
Example
matchpathcon -m [file|dir|pipe|chr_file|blk_file|lnk_file|sock_file] [/path/to/file]
Verify
matchpathcon -V [/path/to/file]
说明
matchpathcon looks up the default SELinux security context for a given file path based on the file context configuration. It shows what context a file should have according to the SELinux policy, regardless of its current context. This is useful for diagnosing SELinux issues—comparing the expected context (from matchpathcon) with the actual context (from ls -Z) reveals whether a file has been mislabeled. The -V (verify) option directly compares the expected and actual contexts, reporting mismatches that may cause SELinux denials.
参数
- -m _type_
- Restrict lookup to a specific file type: file, dir, pipe, chr_file, blk_file, lnk_file, or sock_file
- -V
- Verify that the current context matches the expected persistent context
- -n
- Do not display the path in output
- -N
- Do not look up the context in the policy
- -P _policy_path_
- Use an alternate policy root path
FAQ
What is the matchpathcon command used for?
matchpathcon looks up the default SELinux security context for a given file path based on the file context configuration. It shows what context a file should have according to the SELinux policy, regardless of its current context. This is useful for diagnosing SELinux issues—comparing the expected context (from matchpathcon) with the actual context (from ls -Z) reveals whether a file has been mislabeled. The -V (verify) option directly compares the expected and actual contexts, reporting mismatches that may cause SELinux denials.
How do I run a basic matchpathcon example?
Run `matchpathcon [/path/to/file]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -m _type_ do in matchpathcon?
Restrict lookup to a specific file type: file, dir, pipe, chr_file, blk_file, lnk_file, or sock_file