50.2.11. Running a Command in a Specific Security Context
You can use the
runconcommand to run a command in a specific context. This is useful for scripting or for testing policy, but care should be taken to ensure that it is implemented correctly.
For example, you could use the following command to run a script to test for mislabeled content. The arguments that appear after the command are considered to be part of the command. (In this example,
~/bin/contexttestis a user-defined script.)
runcon -t httpd_t ~/bin/contexttest -ARG1 -ARG2
You can also specify the entire context, as follows:
runcon user_u:system_r:httpd_t ~/bin/contexttest