Provided by: policycoreutils_2.2.5-1_amd64 bug


       semanage-fcontext - SELinux Policy Management file context tool


       semanage  fcontext [-h] [-n] [-N] [-s STORE] [ --add ( -t TYPE -f FTYPE -r RANGE -s SEUSER
       | -e EQUAL ) FILE_SPEC ) | --delete ( -t TYPE  -f  FTYPE  |  -e  EQUAL  )  FILE_SPEC  )  |
       --deleteall  |  --extract | --list [-C] | --modify ( -t TYPE -f FTYPE -r RANGE -s SEUSER |
       -e EQUAL ) FILE_SPEC ) ]


       semanage is used to  configure  certain  elements  of  SELinux  policy  without  requiring
       modification  to  or  recompilation  from  policy  sources.   semanage fcontext is used to
       manage the default file system labeling on an SELinux  system.   This  command  maps  file
       paths using regular expressions to SELinux labels.


       -h, --help
              show this help message and exit

       -n, --noheading
              Do not print heading when listing the specified object type

       -N, --noreload
              Do not reload policy after commit

       -C, --locallist
              List local customizations

       -S STORE, --store STORE
              Select an alternate SELinux Policy Store to manage

       -a, --add
              Add a record of the specified object type

       -d, --delete
              Delete a record of the specified object type

       -m, --modify
              Modify a record of the specified object type

       -l, --list
              List records of the specified object type

       -E, --extract
              Extract customizable commands, for use within a transaction

       -D, --deleteall
              Remove all local customizations

       -e EQUAL, --equal EQUAL
              Substitute  target path with sourcepath when generating default label. This is used
              with fcontext. Requires source and target path arguments. The context labeling  for
              the target subtree is made equivalent to that defined for the source.

       -f [{a,f,d,c,b,s,l,p}], --ftype [{a,f,d,c,b,s,l,p}]
              File  Type.  This  is used with fcontext. Requires a file type as shown in the mode
              field by ls, e.g. use 'd' to match only directories or 'f' to  match  only  regular
              files.  The  following  file  type  options  can  be  passed:  f  (regular  file),d
              (directory),c (character device), b (block device),s (socket),l  (symbolic  link),p
              (named  pipe).   If  you  do not specify a file type, the file type will default to
              "all files".

       -s SEUSER, --seuser SEUSER
              SELinux user name

       -t TYPE, --type TYPE
              SELinux Type for the object

       -r RANGE, --range RANGE
              MLS/MCS Security Range (MLS/MCS Systems  only)  SELinux  Range  for  SELinux  login
              mapping  defaults  to the SELinux user record range. SELinux Range for SELinux user
              defaults to s0.


       remember to run restorecon after you set the file context
       Add file-context for everything under /web
       # semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
       # restorecon -R -v /web

       Substitute /home1 with /home when setting file context
       # semanage fcontext -a -e /home /home1
       # restorecon -R -v /home1

       For home directories under top level directory, for example /disk6/home,
       execute the following commands.
       # semanage fcontext -a -t home_root_t "/disk6"
       # semanage fcontext -a -e /home /disk6/home
       # restorecon -R -v /disk6


       selinux (8), semanage (8)


       This man page was written by Daniel Walsh <>

                                             20130617                        semanage-fcontext(8)