| .TH "restorecon" "8" "2002031409" "" "" |
| .SH "NAME" |
| restorecon \- restore file(s) default SELinux security contexts. |
| |
| .SH "SYNOPSIS" |
| .B restorecon |
| .I [\-R] [\-n] [\-p] [\-v] [\-e directory] pathname... |
| .P |
| .B restorecon |
| .I \-f infilename [\-e directory] [\-R] [\-n] [\-p] [\-v] [\-F] |
| |
| .SH "DESCRIPTION" |
| This manual page describes the |
| .BR restorecon |
| program. |
| .P |
| This program is primarily used to set the security context |
| (extended attributes) on one or more files. |
| .P |
| It can also be run at any other time to correct inconsistent labels, to add |
| support for newly-installed policy or, by using the \-n option, to passively |
| check whether the file contexts are all set as specified by the active policy |
| (default behavior). |
| .P |
| If a file object does not have a context, restorecon will write the default |
| context to the file object's extended attributes. If a file object has a |
| context, restorecon will only modify the type portion of the security context. |
| The \-F option will force a replacement of the entire context. |
| .P |
| It is the same executable as |
| .BR setfiles |
| but operates in a slightly different manner depending on its argv[0]. |
| |
| .SH "OPTIONS" |
| .TP |
| .B \-e directory |
| exclude a directory (repeat the option to exclude more than one directory, Requires full path). |
| .TP |
| .B \-f infilename |
| infilename contains a list of files to be processed. Use \- for stdin. |
| .TP |
| .B \-F |
| Force reset of context to match file_context for customizable files, and the |
| default file context, changing the user, role, range portion as well as the type. |
| .TP |
| .B \-h, \-? |
| display usage information and exit. |
| .TP |
| .B \-i |
| ignore files that do not exist. |
| .TP |
| .B \-n |
| don't change any file labels (passive check). To display the files whose labels would be changed, add \-v. |
| .TP |
| .B \-o outfilename |
| Deprecated, SELinux policy will probably block this access. Use shell redirection to save list of files with incorrect context in filename. |
| .TP |
| .B \-p |
| show progress by printing * every STAR_COUNT files. (If you relabel the entire OS, this will show you the percentage complete.) |
| .TP |
| .B \-R, \-r |
| change files and directories file labels recursively (descend directories). |
| .br |
| .B Note: restorecon reports warnings on paths without default labels only if called non-recursively or in verbose mode. |
| .TP |
| .B \-v |
| show changes in file labels, if type or role are going to be changed. |
| .TP |
| .B \-0 |
| the separator for the input items is assumed to be the null character |
| (instead of the white space). The quotes and the backslash characters are |
| also treated as normal characters that can form valid input. |
| This option finally also disables the end of file string, which is treated |
| like any other argument. Useful when input items might contain white space, |
| quote marks or backslashes. The |
| .B \-print0 |
| option of GNU |
| .B find |
| produces input suitable for this mode. |
| .TP |
| .SH "ARGUMENTS" |
| .B pathname... |
| The pathname for the file(s) to be relabeled. |
| .SH NOTE |
| restorecon does not follow symbolic links and by default it does not |
| operate recursively on directories. |
| |
| .SH "AUTHOR" |
| This man page was written by Dan Walsh <dwalsh@redhat.com>. |
| Some of the content of this man page was taken from the setfiles |
| man page written by Russell Coker <russell@coker.com.au>. |
| The program was written by Dan Walsh <dwalsh@redhat.com>. |
| |
| .SH "SEE ALSO" |
| .BR setfiles (8), |
| .BR load_policy (8), |
| .BR checkpolicy (8) |