Provided by: setools_3.3.8-3ubuntu1_amd64 
NAME
replcon - SELinux file context replacement tool
SYNOPSIS
replcon NEW_CONTEXT DIR [OPTIONS] [EXPRESSION]
DESCRIPTION
replcon allows the user to find and replace file contexts. Replacements can be filtered by object class
as described below.
REQUIRED ARGUMENTS
NEW_CONTEXT
The replacement context as expressed as a partial context, described below.
DIR Initial directory to begin searching. The tool will recurse into any subdirectories, so be sure
there are no circular mounts within it.
EXPRESSION
The following options allow the user to specify which files to find. A file must meet all specified
criteria for its context to be replaced. If no expression is provided, all files' contexts are replaced.
-t TYPE, --type=TYPE
Search for files with a context containing the type TYPE.
-u USER, --user=USER
Search for files with a context containing the user USER.
-r ROLE, --role=ROLE
Search for files with a context containing the role ROLE.
-m RANGE, --mls-range=RANGE
Search for files with a context with the MLS range of RANGE. Note that replcon ignores the
SELinux translation library, if present. In addition, this flag is ignored if DIR has no MLS
information.
--context=CONTEXT
Search for files matching this partial context. This flag overrides -t, -u, -r, and -m.
-p PATH, --path=PATH
Search for files which include PATH.
-c CLASS, --class=CLASS
Search only files of object class CLASS.
OPTIONS
-R, --regex
Enable regular expressions
-v, --verbose
Display context info during replacement.
-h, --help
Print help information and exit.
-V, --version
Print version information and exit.
PARTIAL CONTEXT
The --context flag and NEW_CONTEXT argument specify a partial context, which is a a colon separated list
of user, role, and type. If the system supports MLS, the context may have a fourth field that gives the
range. With --context if a field is not specified or is the literal asterisk, then the query will always
match the field. With NEW_CONTEXT if a field is not specified or is the literal asterisk, then that
portion of the context will not be modified.
OBJECT CLASSES
Valid object class strings are
block, char, dir, fifo, file, link, or sock.
NOTE
The replcon utility always operates on "raw" SELinux file contexts. If the system has an installed
translation library (i.e., libsetrans), those translations are ignored in favor of reading the original
contexts from the filesystem.
EXAMPLES
replcon ::type_t: .
Replace every context's type in the current directory with type_t. The user and role portion
remain unchanged.
replcon -u user_u *:role_r:* .
Replace every context's role with user user_u in the current directory with role_r. The user and
type portion remain unchanged.
replcon --context ::type_t:s0 :::s0:c0 /tmp
Replace every context with type type_t and MLS range s0 in /tmp with MLS range s0:c0.
AUTHOR
This manual page was written by Jeremy A. Mowery <jmowery@tresys.com>.
COPYRIGHT
Copyright(C) 2003-2007 Tresys Technology, LLC
BUGS
Please report bugs via an email to setools-bugs@tresys.com.
SEE ALSO
findcon(1), indexcon(1)
replcon(1)