115 lines
3.4 KiB
Groff
115 lines
3.4 KiB
Groff
.TH "fixfiles" "8" "2002031409" "" ""
|
|
.SH "NAME"
|
|
fixfiles \- fix file SELinux security contexts.
|
|
|
|
.SH "SYNOPSIS"
|
|
.na
|
|
|
|
.B fixfiles
|
|
.I [\-v] [\-F] [-M] [\-f] [\-T nthreads] relabel
|
|
|
|
.B fixfiles
|
|
.I [\-v] [\-F] [\-T nthreads] { check | restore | verify } dir/file ...
|
|
|
|
.B fixfiles
|
|
.I [\-v] [\-F] [\-B | \-N time ] [\-T nthreads] { check | restore | verify }
|
|
|
|
.B fixfiles
|
|
.I [\-v] [\-F] [\-T nthreads] \-R rpmpackagename[,rpmpackagename...] { check | restore | verify }
|
|
|
|
.B fixfiles
|
|
.I [\-v] [\-F] [\-T nthreads] \-C PREVIOUS_FILECONTEXT { check | restore | verify }
|
|
|
|
.B fixfiles
|
|
.I [-F] [-M] [-B] [\-T nthreads] onboot
|
|
|
|
.ad
|
|
|
|
.SH "DESCRIPTION"
|
|
This manual page describes the
|
|
.BR fixfiles
|
|
script.
|
|
.P
|
|
This script is primarily used to correct the security context
|
|
database (extended attributes) on filesystems.
|
|
.P
|
|
It can also be run at any time to relabel when adding support for
|
|
new policy, or just check whether the file contexts are all
|
|
as you expect. By default it will relabel all mounted ext2, ext3, ext4, gfs2, xfs,
|
|
jfs and btrfs file systems as long as they do not have a security context mount
|
|
option. You can use the \-R flag to use rpmpackages as an alternative.
|
|
The file /etc/selinux/fixfiles_exclude_dirs can contain a list of directories
|
|
excluded from relabeling.
|
|
.P
|
|
.B fixfiles onboot
|
|
will setup the machine to relabel on the next reboot.
|
|
|
|
.SH "OPTIONS"
|
|
.TP
|
|
.B \-B
|
|
If specified with onboot, this fixfiles will record the current date in the /.autorelabel file, so that it can be used later to speed up labeling. If used with restore, the restore will only affect files that were modified today.
|
|
.TP
|
|
.B \-F
|
|
Force reset of context to match file_context for customizable files
|
|
|
|
.TP
|
|
.B \-f
|
|
Clear /tmp directory with out prompt for removal.
|
|
|
|
.TP
|
|
.B \-R rpmpackagename[,rpmpackagename...]
|
|
Use the rpm database to discover all files within the specified packages and restore the file contexts.
|
|
.TP
|
|
.B \-C PREVIOUS_FILECONTEXT
|
|
Run a diff on the PREVIOUS_FILECONTEXT file to the currently installed one, and restore the context of all affected files.
|
|
|
|
.TP
|
|
.B \-N time
|
|
Only act on files created after the specified date. Date must be specified in
|
|
"YYYY\-MM\-DD HH:MM" format. Date field will be passed to find \-\-newermt command.
|
|
|
|
.TP
|
|
.B \-M
|
|
Bind mount filesystems before relabeling them, this allows fixing the context of files or directories that have been mounted over.
|
|
|
|
.TP
|
|
.B -v
|
|
Modify verbosity from progress to verbose. (Run restorecon with \-v instead of \-p)
|
|
|
|
.TP
|
|
.B \-T nthreads
|
|
Use parallel relabeling, see
|
|
.B setfiles(8)
|
|
|
|
.SH "ARGUMENTS"
|
|
One of:
|
|
.TP
|
|
.B check | verify
|
|
print any incorrect file context labels, showing old and new context, but do not change them.
|
|
.TP
|
|
.B restore
|
|
change any incorrect file context labels.
|
|
.TP
|
|
.B relabel
|
|
Prompt for removal of contents of /tmp directory and then change any incorrect file context labels to match the install file_contexts file.
|
|
.TP
|
|
.B [[dir/file] ... ]
|
|
List of files or directories trees that you wish to check file context on.
|
|
|
|
.SH EXAMPLE
|
|
.nf
|
|
Relabel the whole filesystem, except paths listed in /etc/selinux/fixfiles_exclude_dirs
|
|
# fixfiles relabel
|
|
Schedule the machine to relabel on the next boot and force relabeling of customizable types
|
|
# fixfiles -F onboot
|
|
Check labeling of all files from the samba package (while not changing any labels)
|
|
# fixfiles -R samba check
|
|
|
|
.SH "AUTHOR"
|
|
This man page was written by Richard Hally <rhally@mindspring.com>.
|
|
The script was written by Dan Walsh <dwalsh@redhat.com>
|
|
|
|
.SH "SEE ALSO"
|
|
.BR setfiles (8),
|
|
.BR restorecon (8)
|