mirror of
https://github.com/SELinuxProject/selinux
synced 2025-01-22 21:33:05 +00:00
5f844b6991
One thing that confused me when investigating https://github.com/SELinuxProject/selinux/issues/248 (i.e. https://github.com/coreos/fedora-coreos-tracker/issues/512) was that the manual page for `setfiles` seemed to imply that paths were fully resolved. This was consistent with the issues above where `setfiles` was failing because the target of the symbolic link didn't exist. But in fact, the wording around symbolic links in `setfiles`/`restorecon` refers actually to whether the parent directories are canonicalized via `realpath(3)` before labeling. Clarify the man pages to explain this. Signed-off-by: Jonathan Lebon <jlebon@redhat.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
230 lines
5.7 KiB
Groff
230 lines
5.7 KiB
Groff
.TH "restorecon" "8" "10 June 2016" "" "SELinux User Command"
|
|
.SH "NAME"
|
|
restorecon \- restore file(s) default SELinux security contexts.
|
|
|
|
.SH "SYNOPSIS"
|
|
.B restorecon
|
|
.RB [ \-r | \-R ]
|
|
.RB [ \-m ]
|
|
.RB [ \-n ]
|
|
.RB [ \-p ]
|
|
.RB [ \-v ]
|
|
.RB [ \-i ]
|
|
.RB [ \-F ]
|
|
.RB [ \-W ]
|
|
.RB [ \-I | \-D ]
|
|
.RB [ \-x ]
|
|
.RB [ \-e
|
|
.IR directory ]
|
|
.IR pathname \ ...
|
|
.P
|
|
.B restorecon
|
|
.RB [ \-f
|
|
.IR infilename ]
|
|
.RB [ \-e
|
|
.IR directory ]
|
|
.RB [ \-r | \-R ]
|
|
.RB [ \-m ]
|
|
.RB [ \-n ]
|
|
.RB [ \-p ]
|
|
.RB [ \-v ]
|
|
.RB [ \-i ]
|
|
.RB [ \-F ]
|
|
.RB [ \-W ]
|
|
.RB [ \-I | \-D ]
|
|
.RB [ \-x ]
|
|
|
|
.SH "DESCRIPTION"
|
|
This manual page describes the
|
|
.BR restorecon
|
|
program.
|
|
.P
|
|
This program is primarily used to set the security context
|
|
(extended attributes) on one or more files.
|
|
.P
|
|
It can also be run at any other time to correct inconsistent labels, to add
|
|
support for newly-installed policy or, by using the
|
|
.B \-n
|
|
option, to passively
|
|
check whether the file contexts are all set as specified by the active policy
|
|
(default behavior).
|
|
.P
|
|
If a file object does not have a context,
|
|
.B restorecon
|
|
will write the default
|
|
context to the file object's extended attributes. If a file object has a
|
|
context,
|
|
.B restorecon
|
|
will only modify the type portion of the security context.
|
|
The
|
|
.B \-F
|
|
option will force a replacement of the entire context.
|
|
.P
|
|
If a file is labeled with
|
|
.BR customizable
|
|
SELinux type (for list of customizable
|
|
types see /etc/selinux/{SELINUXTYPE}/contexts/customizable_types), restorecon
|
|
won't reset the label unless the \-F option is used.
|
|
.P
|
|
It is the same executable as
|
|
.BR setfiles
|
|
but operates in a slightly different manner depending on its argv[0].
|
|
|
|
.SH "OPTIONS"
|
|
.TP
|
|
.BI \-e \ directory
|
|
exclude a directory (repeat the option to exclude more than one directory, Requires full path).
|
|
.TP
|
|
.BI \-f \ infilename
|
|
.I infilename
|
|
contains a list of files to be processed. Use
|
|
.RB \*(lq \- \*(rq
|
|
for
|
|
.BR stdin .
|
|
.TP
|
|
.B \-F
|
|
Force reset of context to match file_context for customizable files, and the
|
|
default file context, changing the user, role, range portion as well as the type.
|
|
.TP
|
|
.B \-h, \-?
|
|
display usage information and exit.
|
|
.TP
|
|
.B \-i
|
|
ignore files that do not exist.
|
|
.TP
|
|
.B \-I
|
|
ignore digest to force checking of labels even if the stored SHA1 digest
|
|
matches the specfiles SHA1 digest. The digest will then be updated provided
|
|
there are no errors. See the
|
|
.B NOTES
|
|
section for further details.
|
|
.TP
|
|
.B \-D
|
|
Set or update any directory SHA1 digests. Use this option to
|
|
enable usage of the
|
|
.IR security.sehash
|
|
extended attribute.
|
|
.TP
|
|
.B \-m
|
|
do not read
|
|
.B /proc/mounts
|
|
to obtain a list of non-seclabel mounts to be excluded from relabeling checks.
|
|
Setting this option is useful where there is a non-seclabel fs mounted with a
|
|
seclabel fs mounted on a directory below this.
|
|
.TP
|
|
.B \-n
|
|
don't change any file labels (passive check). To display the files whose labels would be changed, add
|
|
.BR \-v .
|
|
.TP
|
|
.BI \-o \ outfilename
|
|
Deprecated - This option is no longer supported.
|
|
.TP
|
|
.B \-p
|
|
show progress by printing the number of files in 1k blocks unless relabeling the entire
|
|
OS, that will then show the approximate percentage complete. Note that the
|
|
.B \-p
|
|
and
|
|
.B \-v
|
|
options are mutually exclusive.
|
|
.TP
|
|
.B \-R, \-r
|
|
change files and directories file labels recursively (descend directories).
|
|
.br
|
|
.TP
|
|
.B \-v
|
|
show changes in file labels. Multiple -v options increase the verbosity. Note that the
|
|
.B \-v
|
|
and
|
|
.B \-p
|
|
options are mutually exclusive.
|
|
.TP
|
|
.B \-W
|
|
display warnings about entries that had no matching files by outputting the
|
|
.BR selabel_stats (3)
|
|
results.
|
|
.TP
|
|
.B \-0
|
|
the separator for the input items is assumed to be the null character
|
|
(instead of the white space). The quotes and the backslash characters are
|
|
also treated as normal characters that can form valid input.
|
|
This option finally also disables the end of file string, which is treated
|
|
like any other argument. Useful when input items might contain white space,
|
|
quote marks or backslashes. The
|
|
.B \-print0
|
|
option of GNU
|
|
.B find
|
|
produces input suitable for this mode.
|
|
.TP
|
|
.B \-x
|
|
prevent
|
|
.B restorecon
|
|
from crossing file system boundaries.
|
|
.TP
|
|
.SH "ARGUMENTS"
|
|
.IR pathname \ ...
|
|
The pathname for the file(s) to be relabeled.
|
|
.SH "NOTES"
|
|
.IP "1." 4
|
|
.B restorecon
|
|
by default does not operate recursively on directories. Paths leading up the
|
|
final component of the file(s) are canonicalized using
|
|
.BR realpath (3)
|
|
before labeling.
|
|
.IP "2." 4
|
|
If the
|
|
.I pathname
|
|
specifies the root directory and the
|
|
.B \-vR
|
|
or
|
|
.B \-vr
|
|
options are set and the audit system is running, then an audit event is
|
|
automatically logged stating that a "mass relabel" took place using the
|
|
message label
|
|
.BR FS_RELABEL .
|
|
.IP "3." 4
|
|
To improve performance when relabeling file systems recursively (i.e. the
|
|
.B \-R
|
|
or
|
|
.B \-r
|
|
option is set),
|
|
the
|
|
.B \-D
|
|
option to
|
|
.B restorecon
|
|
will cause it to store a SHA1 digest of the default specfiles set in an extended
|
|
attribute named
|
|
.IR security.sehash
|
|
on each directory specified in
|
|
.IR pathname \ ...
|
|
once the relabeling has been completed successfully. These digests will be
|
|
checked should
|
|
.B restorecon
|
|
.B \-D
|
|
be rerun with the same
|
|
.I pathname
|
|
parameters. See
|
|
.BR selinux_restorecon (3)
|
|
for further details.
|
|
.sp
|
|
The
|
|
.B \-I
|
|
option will ignore the SHA1 digest from each directory specified in
|
|
.IR pathname \ ...
|
|
and provided the
|
|
.B \-n
|
|
option is NOT set and recursive mode is set, files will be relabeled as
|
|
required with the digests then being updated provided there are no errors.
|
|
|
|
.SH "AUTHOR"
|
|
This man page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
Some of the content of this man page was taken from the setfiles
|
|
man page written by Russell Coker <russell@coker.com.au>.
|
|
The program was written by Dan Walsh <dwalsh@redhat.com>.
|
|
|
|
.SH "SEE ALSO"
|
|
.BR setfiles (8),
|
|
.BR fixfiles (8),
|
|
.BR load_policy (8),
|
|
.BR checkpolicy (8),
|
|
.BR customizable_types (5)
|