attr_get - Linux


attr_get retrieves or modifies SELinux attributes extended with that of the matchpathcon module. This command is primarily used to enforce access control based on file/directory attributes and to manage the mapping between attributes and SELinux contexts.


attr_get [attribute-name]'s value' [path]


  • -h, –help: Displays usage information and exits.
  • -v, –version: Shows version information.
  • -c, –clear: Clears the specified attribute value.
  • -i, –ignore-file: Ignores any file attributes and gets/modifies context based only on directory attributes.
  • -n, –numeric: Outputs results in numeric form (hexadecimal).


Get file attribute:

attr_get security.selinux

Set file attribute:

attr_get security.selinux file:primary low

Clear file attribute:

attr_get -c security.selinux path/to/file

Get directory attribute, ignoring file attributes:

attr_get -i security.selinux directory/path

Common Issues

  • Permission denied: Ensure you have the necessary permissions to modify SELinux attributes.
  • No such attribute: Verify that the specified attribute exists using attr_list.
  • Invalid value: Attribute values must conform to SELinux context syntax.


  • find: Use find to locate files with specific attributes:
find . -exec attr_get security.selinux {} \;
  • sed: Parse attribute values using sed:
attr_get security.selinux | sed -n '/value/p'

Related Commands

  • attr_list: Lists all available attributes.
  • semanage: SELinux policy management tool.
  • matchpathcon: SELinux module for attribute-based access control.