mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-25 07:22:07 +00:00
94 lines
2.9 KiB
Groff
94 lines
2.9 KiB
Groff
.TH "fixfiles" "8" "2002031409" "" ""
|
|
.SH "NAME"
|
|
fixfiles \- fix file SELinux security contexts.
|
|
|
|
.SH "SYNOPSIS"
|
|
|
|
.B fixfiles
|
|
.I [\-v] [\-F] [-B] [ -N time ] [\-l logfile ] { check | restore|[\-f] relabel | verify } [[dir/file] ... ]
|
|
|
|
.B fixfiles
|
|
.I [\-v] [\-F] [ \-R rpmpackagename[,rpmpackagename...] ] [\-l logfile ] { check | restore | verify }
|
|
|
|
.B fixfiles
|
|
.I [\-v] [\-F] \-C PREVIOUS_FILECONTEXT [\-l logfile ] { check | restore | verify }
|
|
|
|
.B fixfiles [-F] [-B]
|
|
.I onboot
|
|
|
|
.SH "DESCRIPTION"
|
|
This manual page describes the
|
|
.BR fixfiles
|
|
script.
|
|
.P
|
|
This script is primarily used to correct the security context
|
|
database (extended attributes) on filesystems.
|
|
.P
|
|
It can also be run at any time to relabel when adding support for
|
|
new policy, or just check whether the file contexts are all
|
|
as you expect. By default it will relabel all mounted ext2, ext3, xfs and
|
|
jfs file systems as long as they do not have a security context mount
|
|
option. You can use the \-R flag to use rpmpackages as an alternative.
|
|
The file /etc/selinux/fixfiles_exclude_dirs can contain a list of directories
|
|
excluded from relabeling.
|
|
.P
|
|
.B fixfiles onboot
|
|
will setup the machine to relabel on the next reboot.
|
|
|
|
.SH "OPTIONS"
|
|
.TP
|
|
.B \-B
|
|
If specified with onboot, this fixfiles will record the current date in the /.autorelabel file, so that it can be used later to speed up labeling. If used with restore, the restore will only affect files that were modified today.
|
|
.TP
|
|
.B \-l logfile
|
|
Save the output to the specified logfile
|
|
.TP
|
|
.B \-F
|
|
Force reset of context to match file_context for customizable files
|
|
|
|
.TP
|
|
.B \-f
|
|
Clear /tmp directory with out prompt for removal.
|
|
|
|
.TP
|
|
.B \-R rpmpackagename[,rpmpackagename...]
|
|
Use the rpm database to discover all files within the specified packages and restore the file contexts. (\-a will get all files in the RPM database).
|
|
.TP
|
|
.B \-C PREVIOUS_FILECONTEXT
|
|
Run a diff on the PREVIOUS_FILECONTEXT file to the currently installed one, and restore the context of all affected files.
|
|
|
|
.TP
|
|
.B \-N time
|
|
Only act on files created after the specified date. Date must be specified in
|
|
"YYYY\-MM\-DD HH:MM" format. Date field will be passed to find \-\-newermt command.
|
|
|
|
.TP
|
|
.B -v
|
|
Modify verbosity from progress to verbose. (Run restorecon with \-v instead of \-p)
|
|
|
|
.SH "ARGUMENTS"
|
|
One of:
|
|
.TP
|
|
.B check
|
|
print any incorrect file context labels, showing old and new context, but do not change them.
|
|
.TP
|
|
.B restore
|
|
change any incorrect file context labels.
|
|
.TP
|
|
.B relabel
|
|
Prompt for removal of contents of /tmp directory and then change any incorrect file context labels to match the install file_contexts file.
|
|
.TP
|
|
.B verify
|
|
List out files with incorrect file context labels, but do not change them.
|
|
.TP
|
|
.B [[dir/file] ... ]
|
|
List of files or directories trees that you wish to check file context on.
|
|
|
|
.SH "AUTHOR"
|
|
This man page was written by Richard Hally <rhally@mindspring.com>.
|
|
The script was written by Dan Walsh <dwalsh@redhat.com>
|
|
|
|
.SH "SEE ALSO"
|
|
.BR setfiles (8), restorecon(8)
|
|
|