Home : Computers : Linux : Man Pages : restorecon

restorecon



SYNOPSIS

       restorecon [-R] [-n] [-p] [-v] [-e directory] pathname...

       restorecon -f infilename [-e directory] [-R] [-n] [-p] [-v] [-F]


DESCRIPTION

       This manual page describes the restorecon program.

       This  program  is  primarily used to set the security context (extended
       attributes) on one or more files.

       It can also be run at any other time to correct inconsistent labels, to
       add  support  for newly-installed policy or, by using the -n option, to
       passively check whether the file contexts are all set as  specified  by
       the active policy (default behavior).

       If  a  file  object  does not have a context, restorecon will write the
       default context to the file object's extended  attributes.  If  a  file
       object  has  a context, restorecon will only modify the type portion of
       the security context.  The -F option will force a  replacement  of  the
       entire context.

       It  is  the same executable as setfiles but operates in a slightly dif-
       ferent manner depending on its argv[0].


OPTIONS

       -e directory
              exclude a directory (repeat the option to exclude more than  one
              directory, Requires full path).

       -f infilename
              infilename  contains  a list of files to be processed. Use - for
              stdin.

       -F     Force reset of context to match  file_context  for  customizable
              files,  and  the  default file context, changing the user, role,
              range portion as well as the type.

       -h, -? display usage information and exit.

       -i     ignore files that do not exist.

       -n     don't change any file labels (passive check).   To  display  the
              files whose labels would be changed, add -v.

       -o outfilename
              Deprecated, SELinux policy will probably block this access.  Use
              shell redirection to save list of files with  incorrect  context
              in filename.
              backslash  characters are also treated as normal characters that
              can form valid input.  This option finally also disables the end
              of  file string, which is treated like any other argument.  Use-
              ful when input items might contain white space, quote  marks  or
              backslashes.   The  -print0  option  of  GNU find produces input
              suitable for this mode.

       ARGUMENTS
              pathname...  The pathname for the file(s) to be relabeled.


NOTE

       restorecon does not follow symbolic links and by default  it  does  not
       operate recursively on directories.


AUTHOR

       This  man  page  was written by Dan Walsh <dwalsh@redhat.com>.  Some of
       the content of this man page was taken from the setfiles man page writ-
       ten  by  Russell Coker <russell@coker.com.au>.  The program was written
       by Dan Walsh <dwalsh@redhat.com>.


SEE ALSO

       setfiles(8), load_policy(8), checkpolicy(8)

                                  2002031409                     restorecon(8)
Subscribe to us on YouTube