getfscreatecon - Linux


getfscreatecon retrieves the SELinux security context of the last opened file system. The purpose of the command is to display the SELinux security context that was in effect at the time the specified file system was mounted. It is commonly used for auditing and security analysis to understand the access permissions and security settings of mounted file systems.


getfscreatecon [-h] [-V]


  • -h, –help: Displays a short help message.
  • -V, –version: Displays the version information.


Simple Example: To retrieve the security context of the root file system:

getfscreatecon /



Advanced Example: Use getfscreatecon to compare the security contexts of two mounted file systems:

getfscreatecon /mnt/usb | diff - <(getfscreatecon /mnt/hdd)

Common Issues

  • Permission Denied: Ensure you have sufficient privileges to read the security context of the file system.
  • File System Not Found: The specified file system may not be mounted or accessible.


  • ls: Combine with ls -Z to display both the file names and security contexts within a directory:
ls -Z /var | getfscreatecon --
  • auditctl: Use getfscreatecon to filter audit logs based on the security context of the file system:
auditctl -e 1 -F mount -a exit,always -F fscreatecon=system_u:object_r:rootfs_t:s0

Related Commands

  • chfscreatecon: Changes the SELinux security context of a file system.
  • semanage: Manage SELinux policies and configurations.