1setfiles(8) setfiles(8)
2
6 setfiles - set file SELinux security contexts.
7
10 setfiles
11 [-dnpqvW] [-o filename] [-r alt_root_path ] spec_file pathname...
13 -c policyfile spec_file
15 -s [-dnpqvW] [-o filename ] spec_file
17
19 This manual page describes the setfiles program.
20 This program is primarily used to initialize the security context data‐
22 base (extended attributes) on one or more filesystems. This program is
23 initially run as part of the SE Linux installation process.
24 It can also be run at any time to correct errors, to add support for
26 new policy, or with the -n option it can just check whether the file
27 contexts are all as you expect.
28 If a file object does not have a context, setfiles will write the
30 default context to the file object's extended attributes. If a file
31 object has a context, setfiles will only modify the type portion of the
32 security context. The -F option will force a replacement of the entire
33 context.
34
37 -c check the validity of the contexts against the specified binary
38 policy.
39 -d show what specification matched each file.
41 -l log changes in file labels to syslog.
43 -n don't change any file labels.
45 -p show progress by printing * every 1000 files.
47 -q suppress non-error output.
49 -r rootpath
51 use an alternate root path
52 -e directory
54 directory to exclude (repeat option for more than one direc‐
55 tory.)
56 -F Force reset of context to match file_context for customizable
58 files, and the default file context, changing the user, role,
59 range portion as well as the type.
60 -o filename
62 save list of files with incorrect context in filename.
63 -s take a list of files from standard input instead of using a
65 pathname on the command line.
66 -v show changes in file labels.
68 -W display warnings about entries that had no matching files.
70 -0 Input items are terminated by a null character instead of by
72 whitespace, and the quotes and backslash are not special (every
73 character is taken literally). Disables the end of file string,
74 which is treated like any other argument. Useful when input
75 items might contain white space, quote marks, or back‐
76 slashes.The GNU find -print0 option produces input suitable
77 for this mode.
78
81 spec_file The specification file which contains lines of the following
82 form
83 regexp [ -type ] ( context | <<none>> )
84 The regular expression is anchored at both ends. The optional type
85 field specifies the file type as shown in the mode field by the ls(1)
86 program, e.g. -- to match only regular files or -d to match only direc‐
87 tories. The context can be an ordinary security context or the string
88 <<none>> to specify that the file is not to have its context changed.
89 The last matching specification is used. If there are multiple hard
90 links to a file that match different specifications and those specifi‐
91 cations indicate different security contexts, then a warning is dis‐
92 played but the file is still labeled based on the last matching speci‐
93 fication other than <<none>>.
94 pathname...
96 The pathname for the root directory of each file system to be
97 relabeled. Not used if the -s option is used.
98
101 This man page was written by Russell Coker <russell@coker.com.au>. The
102 program was written by Stephen Smalley <sds@epoch.ncsc.mil>
103
106 load_policy(8), checkpolicy(8)
107 2002031409 setfiles(8)