attr_get - Linux

Overview

attr_get retrieves or modifies SELinux attributes extended with that of the matchpathcon module. This command is primarily used to enforce access control based on file/directory attributes and to manage the mapping between attributes and SELinux contexts.

Syntax

attr_get [attribute-name]'s value' [path]

Options/Flags

• -h, –help: Displays usage information and exits.
• -v, –version: Shows version information.
• -c, –clear: Clears the specified attribute value.
• -i, –ignore-file: Ignores any file attributes and gets/modifies context based only on directory attributes.
• -n, –numeric: Outputs results in numeric form (hexadecimal).

Examples

Get file attribute:

attr_get security.selinux

Set file attribute:

attr_get security.selinux file:primary low

Clear file attribute:

attr_get -c security.selinux path/to/file

Get directory attribute, ignoring file attributes:

attr_get -i security.selinux directory/path

Common Issues

• Permission denied: Ensure you have the necessary permissions to modify SELinux attributes.
• No such attribute: Verify that the specified attribute exists using attr_list.
• Invalid value: Attribute values must conform to SELinux context syntax.

Integration

• find: Use find to locate files with specific attributes:

find . -exec attr_get security.selinux {} \;

• sed: Parse attribute values using sed:

attr_get security.selinux | sed -n '/value/p'

Related Commands

• attr_list: Lists all available attributes.
• semanage: SELinux policy management tool.
• matchpathcon: SELinux module for attribute-based access control.