1restorecon(8) restorecon(8)
2
6 restorecon - restore file(s) default SELinux security contexts.
7
10 restorecon [-R] [-n] [-p] [-v] [-e directory] pathname...
11 restorecon -f infilename [-e directory] [-R] [-n] [-p] [-v] [-F]
13
16 This manual page describes the restorecon program.
17 This program is primarily used to set the security context (extended
19 attributes) on one or more files.
20 It can also be run at any other time to correct inconsistent labels, to
22 add support for newly-installed policy or, by using the -n option, to
23 passively check whether the file contexts are all set as specified by
24 the active policy (default behavior).
25 If a file object does not have a context, restorecon will write the
27 default context to the file object's extended attributes. If a file
28 object has a context, restorecon will only modify the type portion of
29 the security context. The -F option will force a replacement of the
30 entire context.
31 If a file is labeled with customizable SELinux type (for list of cus‐
33 tomizable types see /etc/selinux/{SELINUXTYPE}/contexts/customiza‐
34 ble_types), restorecon won't reset the label unless the -F option is
35 used.
36 It is the same executable as setfiles but operates in a slightly dif‐
38 ferent manner depending on its argv[0].
39
42 -e directory
43 exclude a directory (repeat the option to exclude more than one
44 directory, Requires full path).
45 -f infilename
47 infilename contains a list of files to be processed. Use - for
48 stdin.
49 -F Force reset of context to match file_context for customizable
51 files, and the default file context, changing the user, role,
52 range portion as well as the type.
53 -h, -? display usage information and exit.
55 -i ignore files that do not exist.
57 -n don't change any file labels (passive check). To display the
59 files whose labels would be changed, add -v.
60 -o outfilename
62 Deprecated, SELinux policy will probably block this access. Use
63 shell redirection to save list of files with incorrect context
64 in filename.
65 -p show progress by printing * every 1024 files. (If you relabel
67 the entire OS, this will show you the percentage complete.)
68 -R, -r change files and directories file labels recursively (descend
70 directories).
71 Note: restorecon reports warnings on paths without default
72 labels only if called non-recursively or in verbose mode.
73 -v show changes in file labels, if type or role are going to be
75 changed. Multiple -v options increase the verbosity. Note that
76 the -v and -p options are mutually exclusive.
77 -0 the separator for the input items is assumed to be the null
79 character (instead of the white space). The quotes and the
80 backslash characters are also treated as normal characters that
81 can form valid input. This option finally also disables the end
82 of file string, which is treated like any other argument. Use‐
83 ful when input items might contain white space, quote marks or
84 backslashes. The -print0 option of GNU find produces input
85 suitable for this mode.
86 ARGUMENTS
89 pathname... The pathname for the file(s) to be relabeled.
90
92 restorecon does not follow symbolic links and by default it does not
93 operate recursively on directories.
94
97 This man page was written by Dan Walsh <dwalsh@redhat.com>. Some of
98 the content of this man page was taken from the setfiles man page writ‐
99 ten by Russell Coker <russell@coker.com.au>. The program was written
100 by Dan Walsh <dwalsh@redhat.com>.
101
104 setfiles(8), load_policy(8), checkpolicy(8), customizable_types(5)
105 2002031409 restorecon(8)