1setfiles(8)                                                        setfiles(8)
2
3
4

NAME

6       setfiles - set file SELinux security contexts.
7
8

SYNOPSIS

10       setfiles
11
12       [-dnpqvW] [-o filename] [-r alt_root_path ] spec_file pathname...
13
14       -c policyfile spec_file
15
16       -s [-dnpqvW] [-o filename ] spec_file
17

DESCRIPTION

19       This manual page describes the setfiles program.
20
21       This program is primarily used to initialize the security context data‐
22       base (extended attributes) on one or more filesystems.  This program is
23       initially run as part of the SE Linux installation process.
24
25       It  can  also  be run at any time to correct errors, to add support for
26       new policy, or with the -n option it can just check  whether  the  file
27       contexts are all as you expect.
28
29       If  a  file  object  does  not  have a context, setfiles will write the
30       default context to the file object's extended  attributes.  If  a  file
31       object has a context, setfiles will only modify the type portion of the
32       security context.  The -F option will force a replacement of the entire
33       context.
34
35

OPTIONS

37       -c     check  the validity of the contexts against the specified binary
38              policy.
39
40       -d     show what specification matched each file.
41
42       -l     log changes in file labels to syslog.
43
44       -n     don't change any file labels.
45
46       -p     show progress by printing * every 1000 files.
47
48       -q     suppress non-error output.
49
50       -r rootpath
51              use an alternate root path
52
53       -e directory
54              directory to exclude (repeat option for  more  than  one  direc‐
55              tory.)
56
57       -F     Force  reset  of  context to match file_context for customizable
58              files, and the default file context, changing  the  user,  role,
59              range portion as well as the type.
60
61       -o filename
62              save list of files with incorrect context in filename.
63
64       -s     take  a  list  of  files  from standard input instead of using a
65              pathname on the command line.
66
67       -v     show changes in file labels.
68
69       -W     display warnings about entries that had no matching files.
70
71       -0     Input items are terminated by a null  character  instead  of  by
72              whitespace,  and the quotes and backslash are not special (every
73              character is taken literally).  Disables the end of file string,
74              which  is  treated  like  any other argument.  Useful when input
75              items might  contain  white  space,  quote   marks,   or   back‐
76              slashes.The   GNU  find  -print0  option produces input suitable
77              for this mode.
78
79

ARGUMENTS

81       spec_file The specification file which contains lines of the  following
82       form
83       regexp [ -type ] ( context | <<none>> )
84       The  regular  expression  is  anchored at both ends.  The optional type
85       field specifies the file type as shown in the mode field by  the  ls(1)
86       program, e.g. -- to match only regular files or -d to match only direc‐
87       tories.  The context can be an ordinary security context or the  string
88       <<none>> to specify that the file is not to have its context changed.
89       The  last  matching  specification  is used. If there are multiple hard
90       links to a file that match different specifications and those  specifi‐
91       cations  indicate  different  security contexts, then a warning is dis‐
92       played but the file is still labeled based on the last matching  speci‐
93       fication other than <<none>>.
94
95       pathname...
96              The  pathname  for  the root directory of each file system to be
97              relabeled.  Not used if the -s option is used.
98
99

AUTHOR

101       This man page was written by Russell Coker <russell@coker.com.au>.  The
102       program was written by Stephen Smalley <sds@epoch.ncsc.mil>
103
104

SEE ALSO

106       load_policy(8), checkpolicy(8)
107
108
109
110                                  2002031409                       setfiles(8)
Impressum