context_range_set - Linux

Overview

context_range_set is a utility that manages the set of ranges for which a context is active. It allows users to define a set of ranges within a file or set of files where a specific security context should be applied. This is useful for enforcing security policies or isolating specific parts of a system.

Syntax

context_range_set <command> [options] <file>...

Options/Flags

| Option | Description | Default |
|—|—|—|
| -a | Append the specified range to the existing set. | |
| -d | Delete the specified range from the set. | |
| -e | Edit the specified range. | |
| -l | List the current set of ranges. | |
| -r | Replace the specified range with a new range. | |

Examples

Adding a range to an existing set

context_range_set -a /tmp/file1 0 1000 user_u:object_r:tmp_t

Deleting a range from an existing set

context_range_set -d /tmp/file1 0 1000

Listing the current set of ranges

context_range_set -l /tmp/file1

Common Issues

Overlapping ranges

If you attempt to add a range that overlaps with an existing range, the existing range will be replaced by the new range.

Invalid ranges

If you specify an invalid range (e.g., a negative length), the command will fail with an error message.

Integration

context_range_set can be used with other security tools to enforce a layered security approach. For example, it can be used to define the initial set of security contexts for files created by a specific process, and then used by selinux-policy-auditd to monitor for any changes to the security contexts of those files.

Related Commands

• chcon
• semanage
• selinux-policy-auditd