restorecon manpage

Search topic Section

restorecon(8)							 restorecon(8)

       restorecon - restore file(s) default SELinux security contexts.

       restorecon  [-o	outfilename  ] [-R] [-n] [-p] [-v] [-e directory ] [-L
       labelprefix ] pathname...

       restorecon -f infilename [-o outfilename ] [-e directory ]  [-L	label-
       prefix ] [-R] [-n] [-p] [-v] [-F]

       This manual page describes the restorecon program.

       This  program  is  primarily  used to reset the security context (type)
       (extended attributes) on one or more files.

       It can be run at any time to correct errors, to	add  support  for  new
       policy,	or  with the -n option it can just check whether the file con-
       texts are all as you expect.

       If a file object does not have a context,  restorecon  will  write  the
       default	context	 to  the  file object's extended attributes. If a file
       object has a context, restorecon will only modify the type  portion  of
       the  security  context.	 The -F option will force a replacement of the
       entire context.

       -i     ignore files that do not exist

       -f infilename
	      infilename contains a list of files to be processed by  applica-
	      tion. Use - for stdin.

       -e directory
	      directory	 to  exclude  (repeat  option for more than one direc-

       -L labelprefix
	      Tells selinux to only use the file context that match this  pre-
	      fix  for	labeling,  -L can be called multiple times.  Can speed
	      up labeling if you are only doing one directory.

	      # restorecon -R -v -L /dev /dev

       -R -r  change files and directories file labels recursively

       -n     don't change any file labels.

       -o outfilename
	      save list of files with incorrect context in outfilename.

       -p     show progress by printing * every 1000 files.

       -v     show changes in file labels.

       -F     Force reset of context to match  file_context  for  customizable
	      files,  and  the	default file context, changing the user, role,
	      range portion as well as the type.

	      pathname...  The pathname for the file(s) to be relabeled.

       restorecon does not follow symbolic links.

       This man page was written by Dan Walsh  <dwalsh@redhat.com>.   Some  of
       the content of this man page was taken from the setfiles man page writ-
       ten by Russell Coker <russell@coker.com.au>.  The program  was  written
       by Dan Walsh <dwalsh@redhat.com>.

       load_policy(8), checkpolicy(8) setfiles(8)

				  2002031409			 restorecon(8)