|
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | ARGUMENTS | SEE ALSO | COLOPHON |
restorecon_xattr(8) SELinux User Command restorecon_xattr(8)
restorecon_xattr - manage security.restorecon_last extended attribute
entries added by setfiles(8) or restorecon(8).
restorecon_xattr [-d] [-D] [-m] [-n] [-r] [-v] [-e directory] [-f
specfile] pathname
restorecon_xattr will display the SHA1 digests added to extended
attributes security.restorecon_last or delete the attribute
completely. These attributes are set by restorecon(8) or setfiles(8)
to specified directories when relabeling recursively.
restorecon_xattr is useful for managing the extended attribute
entries particularly when users forget what directories they ran
restorecon(8) or setfiles(8) from.
RAMFS and TMPFS filesystems do not support the
security.restorecon_last extended attribute and are automatically
excluded from searches.
By default restorecon_xattr will display the SHA1 digests with
"Match" appended if they match the default specfile set or the
specfile set used with the -f option. Non-matching SHA1 digests will
be displayed with "No Match" appended. This feature can be disabled
by the -n option.
-d delete all non-matching security.restorecon_last directory
digest entries.
-D delete all security.restorecon_last directory digest entries.
-m do not read /proc/mounts to obtain a list of non-seclabel
mounts to be excluded from relabeling checks.
Setting -m is useful where there is a non-seclabel fs mounted
with a seclabel fs mounted on a directory below this.
-n Do not append "Match" or "No Match" to displayed digests.
-r recursively descend directories.
-v display SHA1 digest generated by specfile set.
-e directory
directory to exclude (repeat option for more than one
directory).
-f specfile
an optional specfile containing file context entries as
described in file_contexts(5). This will be used by
selabel_open(3) to retrieve the set of labeling entries, with
the SHA1 digest being retrieved by selabel_digest(3). If the
option is not specified, then the default file_contexts will
be used.
pathname
the pathname of the directory tree to be searched.
restorecon(8), setfiles(8)
This page is part of the selinux (Security-Enhanced Linux user-space
libraries and tools) project. Information about the project can be
found at ⟨https://github.com/SELinuxProject/selinux/wiki⟩. If you
have a bug report for this manual page, see
⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩. This
page was obtained from the project's upstream Git repository
⟨https://github.com/SELinuxProject/selinux⟩ on 2017-07-05. If you
discover any rendering problems in this HTML version of the page, or
you believe there is a better or more up-to-date source for the page,
or you have corrections or improvements to the information in this
COLOPHON (which is not part of the original manual page), send a mail
to man-pages@man7.org
24 Sept 2016 restorecon_xattr(8)