attr_get - Linux
Overview
attr_get retrieves or modifies SELinux attributes extended with that of the matchpathcon module. This command is primarily used to enforce access control based on file/directory attributes and to manage the mapping between attributes and SELinux contexts.
Syntax
attr_get [attribute-name]'s value' [path]
Options/Flags
- -h, –help: Displays usage information and exits.
- -v, –version: Shows version information.
- -c, –clear: Clears the specified attribute value.
- -i, –ignore-file: Ignores any file attributes and gets/modifies context based only on directory attributes.
- -n, –numeric: Outputs results in numeric form (hexadecimal).
Examples
Get file attribute:
attr_get security.selinux
Set file attribute:
attr_get security.selinux file:primary low
Clear file attribute:
attr_get -c security.selinux path/to/file
Get directory attribute, ignoring file attributes:
attr_get -i security.selinux directory/path
Common Issues
- Permission denied: Ensure you have the necessary permissions to modify SELinux attributes.
- No such attribute: Verify that the specified attribute exists using attr_list.
- Invalid value: Attribute values must conform to SELinux context syntax.
Integration
- find: Use find to locate files with specific attributes:
find . -exec attr_get security.selinux {} \;
- sed: Parse attribute values using sed:
attr_get security.selinux | sed -n '/value/p'
Related Commands
- attr_list: Lists all available attributes.
- semanage: SELinux policy management tool.
- matchpathcon: SELinux module for attribute-based access control.