50.2.11. Running a Command in a Specific Security Context

You can use the runcon command to run a command in a specific context. This is useful for scripting or for testing policy, but care should be taken to ensure that it is implemented correctly.

For example, you could use the following command to run a script to test for mislabeled content. The arguments that appear after the command are considered to be part of the command. (In this example, ~/bin/contexttest is a user-defined script.)

runcon -t httpd_t ~/bin/contexttest -ARG1 -ARG2

You can also specify the entire context, as follows:

runcon user_u:system_r:httpd_t ~/bin/contexttest