RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2024-12-11 16:44:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
295abb370b
selinux/policycoreutils/setfiles/restorecon.8
Dan Walsh 36f1ccbb57 policycoreutils: setfiles: print error if no default label found 
If a user requested a label be reset but no default label is specified,
give a useful error message.  Do not print the message if this is a
recursive restore, and that is very common.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:41 -05:00

94 lines
3.1 KiB
Groff
Raw Blame History

.TH "restorecon" "8" "2002031409" "" ""
.SH "NAME"
restorecon \- restore file(s) default SELinux security contexts.
.SH "SYNOPSIS"
.B restorecon
.I [\-o outfilename] [\-R] [\-n] [\-p] [\-v] [\-e directory] pathname...
.P
.B restorecon
.I \-f infilename [\-o outfilename] [\-e directory] [\-R] [\-n] [\-p] [\-v] [\-F]
.SH "DESCRIPTION"
This manual page describes the
.BR restorecon
program.
.P
This program is primarily used to set the security context
(extended attributes) on one or more files.
.P
It can also be run at any other time to correct inconsistent labels, to add
support for newly-installed policy or, by using the \-n option, to passively
check whether the file contexts are all set as specified by the active policy
(default behavior) or by some other policy (see the \-c option).
.P
If a file object does not have a context, restorecon will write the default
context to the file object's extended attributes. If a file object has a
context, restorecon will only modify the type portion of the security context.
The -F option will force a replacement of the entire context.
.SH "OPTIONS"
.TP
.B \-e directory
exclude a directory (repeat the option to exclude more than one directory).
.TP
.B \-f infilename
infilename contains a list of files to be processed. Use \- for stdin.
.TP
.B \-F
Force reset of context to match file_context for customizable files, and the
default file context, changing the user, role, range portion as well as the type.
.TP
.B \-h, \-?
display usage information and exit.
.TP
.B \-i
ignore files that do not exist.
.TP
.B \-n
don't change any file labels (passive check).
.TP
.B \-o outfilename
save list of files with incorrect context in outfilename.
.TP
.B \-p
show progress by printing * every STAR_COUNT files. (If you relabel the entire OS, this will show you the percentage complete.)
.TP
.B \-R, \-r
change files and directories file labels recursively (descend directories).
.br
.B Note: restorecon reports warnings on paths without default labels only if called non-recursively or in verbose mode.
.TP
.B \-v
show changes in file labels, if type or role are going to be changed.
.TP
.B \-0
the separator for the input items is assumed to be the null character
(instead of the white space). The quotes and the backslash characters are
also treated as normal characters that can form valid input.
This option finally also disables the end of file string, which is treated
like any other argument. Useful when input items might contain white space,
quote marks or backslashes. The
.B \-print0
option of GNU
.B find
produces input suitable for this mode.
.TP
.SH "ARGUMENTS"
.B pathname...
The pathname for the file(s) to be relabeled.
.SH NOTE
restorecon does not follow symbolic links and by default it does not
operate recursively on directories.
.SH "AUTHOR"
This man page was written by Dan Walsh <dwalsh@redhat.com>.
Some of the content of this man page was taken from the setfiles
man page written by Russell Coker <russell@coker.com.au>.
The program was written by Dan Walsh <dwalsh@redhat.com>.
.SH "SEE ALSO"
.BR setfiles (8),
.BR load_policy (8),
.BR checkpolicy (8)
Reference in New Issue View Git Blame Copy Permalink