mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-09 07:39:07 +00:00
f1352e7399
This patch adds restorecon_xattr(8) to find and/or remove security.restorecon_last entries added by setfiles(8) or restorecon(8). Uses the services of selinux_restorecon_xattr(3). Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
120 lines
2.4 KiB
Groff
120 lines
2.4 KiB
Groff
.TH "restorecon_xattr" "8" "24 Sept 2016" "" "SELinux User Command"
|
|
.SH "NAME"
|
|
restorecon_xattr \- manage
|
|
.I security.restorecon_last
|
|
extended attribute entries added by
|
|
.BR setfiles (8)
|
|
or
|
|
.BR restorecon (8).
|
|
|
|
.SH "SYNOPSIS"
|
|
.B restorecon_xattr
|
|
.RB [ \-d ]
|
|
.RB [ \-D ]
|
|
.RB [ \-m ]
|
|
.RB [ \-n ]
|
|
.RB [ \-r ]
|
|
.RB [ \-v ]
|
|
.RB [ \-e
|
|
.IR directory ]
|
|
.RB [ \-f
|
|
.IR specfile ]
|
|
.I pathname
|
|
|
|
.SH "DESCRIPTION"
|
|
.B restorecon_xattr
|
|
will display the SHA1 digests added to extended attributes
|
|
.I security.restorecon_last
|
|
or delete the attribute completely. These attributes are set by
|
|
.BR restorecon (8)
|
|
or
|
|
.BR setfiles (8)
|
|
to specified directories when relabeling recursively.
|
|
.sp
|
|
.B restorecon_xattr
|
|
is useful for managing the extended attribute entries particularly when
|
|
users forget what directories they ran
|
|
.BR restorecon (8)
|
|
or
|
|
.BR setfiles (8)
|
|
from.
|
|
.sp
|
|
.B RAMFS
|
|
and
|
|
.B TMPFS
|
|
filesystems do not support the
|
|
.I security.restorecon_last
|
|
extended attribute and are automatically excluded from searches.
|
|
.sp
|
|
By default
|
|
.B restorecon_xattr
|
|
will display the SHA1 digests with "Match" appended if they match the default
|
|
specfile set or the
|
|
.I specfile
|
|
set used with the
|
|
.B \-f
|
|
option. Non-matching SHA1 digests will be displayed with "No Match" appended.
|
|
This feature can be disabled by the
|
|
.B \-n
|
|
option.
|
|
|
|
.SH "OPTIONS"
|
|
.TP
|
|
.B \-d
|
|
delete all non-matching
|
|
.I security.restorecon_last
|
|
directory digest entries.
|
|
.TP
|
|
.B \-D
|
|
delete all
|
|
.I security.restorecon_last
|
|
directory digest entries.
|
|
.TP
|
|
.B \-m
|
|
do not read
|
|
.B /proc/mounts
|
|
to obtain a list of non-seclabel mounts to be excluded from relabeling checks.
|
|
.br
|
|
Setting
|
|
.B \-m
|
|
is useful where there is a non-seclabel fs mounted with a seclabel fs mounted
|
|
on a directory below this.
|
|
.TP
|
|
.B \-n
|
|
Do not append "Match" or "No Match" to displayed digests.
|
|
.TP
|
|
.B \-r
|
|
recursively descend directories.
|
|
.TP
|
|
.B \-v
|
|
display SHA1 digest generated by specfile set.
|
|
.TP
|
|
.B \-e
|
|
.I directory
|
|
.br
|
|
directory to exclude (repeat option for more than one directory).
|
|
.TP
|
|
.B \-f
|
|
.I specfile
|
|
.br
|
|
an optional
|
|
.I specfile
|
|
containing file context entries as described in
|
|
.BR file_contexts (5).
|
|
This will be used by
|
|
.BR selabel_open (3)
|
|
to retrieve the set of labeling entries, with the SHA1 digest being
|
|
retrieved by
|
|
.BR selabel_digest (3).
|
|
If the option is not specified, then the default file_contexts will be used.
|
|
|
|
.SH "ARGUMENTS"
|
|
.TP
|
|
.I pathname
|
|
.br
|
|
the pathname of the directory tree to be searched.
|
|
|
|
.SH "SEE ALSO"
|
|
.BR restorecon (8),
|
|
.BR setfiles (8)
|