From 2f3a08f8c0454613f86b8a5ed6a068ae9949ae67 Mon Sep 17 00:00:00 2001
From: cyqsimon <28627918+cyqsimon@users.noreply.github.com>
Date: Mon, 27 May 2024 20:00:22 +0800
Subject: [PATCH] matchpathcon, secon: add page (#12841)

* matchpathcon: add page

* secon: add page

* Explicitly state "absolute path"

Co-authored-by: Juri Dispan <juri.dispan@posteo.net>

---------

Co-authored-by: Juri Dispan <juri.dispan@posteo.net>
---
 pages/linux/matchpathcon.md | 17 +++++++++++++++++
 pages/linux/secon.md        | 25 +++++++++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 pages/linux/matchpathcon.md
 create mode 100644 pages/linux/secon.md

diff --git a/pages/linux/matchpathcon.md b/pages/linux/matchpathcon.md
new file mode 100644
index 000000000..ed451678d
--- /dev/null
+++ b/pages/linux/matchpathcon.md
@@ -0,0 +1,17 @@
+# matchpathcon
+
+> Lookup the persistent SELinux security context setting of a path.
+> See also: `semanage-fcontext`, `secon`, `chcon`, `restorecon`.
+> More information: <https://manned.org/man/matchpathcon.8>.
+
+- Lookup the persistent security context setting of an absolute path:
+
+`matchpathcon {{/path/to/file}}`
+
+- Restrict lookup to settings on a specific file type:
+
+`matchpathcon -m {{file|dir|pipe|chr_file|blk_file|lnk_file|sock_file}} {{/path/to/file}}`
+
+- [V]erify that the persistent and current security context of a path agree:
+
+`matchpathcon -V {{/path/to/file}}`
diff --git a/pages/linux/secon.md b/pages/linux/secon.md
new file mode 100644
index 000000000..db979b826
--- /dev/null
+++ b/pages/linux/secon.md
@@ -0,0 +1,25 @@
+# secon
+
+> Get the SELinux security context of a file, pid, current execution context, or a context specification.
+> See also: `semanage`, `runcon`, `chcon`.
+> More information: <https://manned.org/man/secon>.
+
+- Get the security context of the current execution context:
+
+`secon`
+
+- Get the current security context of a process:
+
+`secon --pid {{1}}`
+
+- Get the current security context of a file, resolving all intermediate symlinks:
+
+`secon --file {{path/to/file_or_directory}}`
+
+- Get the current security context of a symlink itself (i.e. do not resolve):
+
+`secon --link {{path/to/symlink}}`
+
+- Parse and explain a context specification:
+
+`secon {{system_u:system_r:container_t:s0:c899,c900}}`