1restorecon_xattr(8)          SELinux User Command          restorecon_xattr(8)
2
3
4

NAME

6       restorecon_xattr  -  manage security.restorecon_last extended attribute
7       entries added by setfiles(8) or restorecon(8).
8
9

SYNOPSIS

11       restorecon_xattr [-d] [-D] [-m] [-n] [-r] [-v] [-e directory] [-f spec‐
12       file] pathname
13
14

DESCRIPTION

16       restorecon_xattr  will  display  the  SHA1  digests  added  to extended
17       attributes security.restorecon_last or delete the attribute completely.
18       These  attributes  are set by restorecon(8) or setfiles(8) to specified
19       directories when relabeling recursively.
20
21       restorecon_xattr is useful for managing the extended attribute  entries
22       particularly  when users forget what directories they ran restorecon(8)
23       or setfiles(8) from.
24
25       RAMFS and TMPFS filesystems do not support the security.restorecon_last
26       extended attribute and are automatically excluded from searches.
27
28       By  default restorecon_xattr will display the SHA1 digests with "Match"
29       appended if they match the default specfile set  or  the  specfile  set
30       used  with  the  -f option. Non-matching SHA1 digests will be displayed
31       with "No Match" appended.  This feature  can  be  disabled  by  the  -n
32       option.
33
34

OPTIONS

36       -d     delete   all   non-matching  security.restorecon_last  directory
37              digest entries.
38
39       -D     delete all security.restorecon_last directory digest entries.
40
41       -m     do not read /proc/mounts to obtain a list of non-seclabel mounts
42              to be excluded from relabeling checks.
43              Setting  -m  is  useful where there is a non-seclabel fs mounted
44              with a seclabel fs mounted on a directory below this.
45
46       -n     Do not append "Match" or "No Match" to displayed digests.
47
48       -r     recursively descend directories.
49
50       -v     display SHA1 digest generated by specfile set.
51
52       -e     directory
53              directory to exclude (repeat option for  more  than  one  direc‐
54              tory).
55
56       -f     specfile
57              an   optional   specfile  containing  file  context  entries  as
58              described in file_contexts(5).   This  will  be  used  by  sela‐
59              bel_open(3)  to  retrieve  the set of labeling entries, with the
60              SHA1 digest being retrieved by selabel_digest(3).  If the option
61              is not specified, then the default file_contexts will be used.
62
63

ARGUMENTS

65       pathname
66              the pathname of the directory tree to be searched.
67
68

SEE ALSO

70       restorecon(8), setfiles(8)
71
72
73
74                                 24 Sept 2016              restorecon_xattr(8)
Impressum