Open Source Software

restorecon(8)



NAME

   restorecon - restore file(s) default SELinux security contexts.

SYNOPSIS

   restorecon [-R] [-n] [-p] [-v] [-e directory] pathname...

   restorecon -f infilename [-e directory] [-R] [-n] [-p] [-v] [-F]

DESCRIPTION

   This manual page describes the restorecon program.

   This  program  is  primarily used to set the security context (extended
   attributes) on one or more files.

   It can also be run at any other time to correct inconsistent labels, to
   add  support  for newly-installed policy or, by using the -n option, to
   passively check whether the file contexts are all set as  specified  by
   the active policy (default behavior).

   If  a  file  object  does not have a context, restorecon will write the
   default context to the file object's extended  attributes.  If  a  file
   object  has  a context, restorecon will only modify the type portion of
   the security context.  The -F option will force a  replacement  of  the
   entire context.

   It  is  the  same  executable  as  setfiles  but operates in a slightly
   different manner depending on its argv[0].

OPTIONS

   -e directory
          exclude a directory (repeat the option to exclude more than  one
          directory, Requires full path).

   -f infilename
          infilename  contains  a list of files to be processed. Use - for
          stdin.

   -F     Force reset of context to match  file_context  for  customizable
          files,  and  the  default file context, changing the user, role,
          range portion as well as the type.

   -h, -? display usage information and exit.

   -i     ignore files that do not exist.

   -n     don't change any file labels (passive check).   To  display  the
          files whose labels would be changed, add -v.

   -o outfilename
          Deprecated, SELinux policy will probably block this access.  Use
          shell redirection to save list of files with  incorrect  context
          in filename.

   -p     show  progress  by printing * every 1024 files.  (If you relabel
          the entire OS, this will show you the percentage complete.)

   -R, -r change files and directories file  labels  recursively  (descend
          directories).
          Note:  restorecon  reports  warnings  on  paths  without default
          labels only if called non-recursively or in verbose mode.

   -v     show changes in file labels, if type or role  are  going  to  be
          changed.

   -0     the  separator  for  the  input  items is assumed to be the null
          character (instead of the white  space).   The  quotes  and  the
          backslash  characters are also treated as normal characters that
          can form valid input.  This option finally also disables the end
          of  file  string,  which  is  treated  like  any other argument.
          Useful when input items might contain white space,  quote  marks
          or  backslashes.   The -print0 option of GNU find produces input
          suitable for this mode.

   ARGUMENTS
          pathname...  The pathname for the file(s) to be relabeled.

NOTE

   restorecon does not follow symbolic links and by default  it  does  not
   operate recursively on directories.

AUTHOR

   This  man  page  was written by Dan Walsh <dwalsh@redhat.com>.  Some of
   the content of this man page was  taken  from  the  setfiles  man  page
   written  by  Russell  Coker  <russell@coker.com.au>.   The  program was
   written by Dan Walsh <dwalsh@redhat.com>.

SEE ALSO

   setfiles(8), load_policy(8), checkpolicy(8)

                              2002031409                     restorecon(8)



Free and Open Source Software


Free Software Video

Useful Programs

Free Online Courses

Open Opportunity

Open Business