NAME | SYNOPSIS | DESCRIPTION | OPTIONS | ARGUMENTS | SEE ALSO | COLOPHON

restorecon_xattr(8)         SELinux User Command         restorecon_xattr(8)

NAME         top

       restorecon_xattr - manage security.restorecon_last extended attribute
       entries added by setfiles(8) or restorecon(8).

SYNOPSIS         top

       restorecon_xattr [-d] [-D] [-m] [-n] [-r] [-v] [-e directory] [-f
       specfile] pathname

DESCRIPTION         top

       restorecon_xattr will display the SHA1 digests added to extended
       attributes security.restorecon_last or delete the attribute
       completely. These attributes are set by restorecon(8) or setfiles(8)
       to specified directories when relabeling recursively.

       restorecon_xattr is useful for managing the extended attribute
       entries particularly when users forget what directories they ran
       restorecon(8) or setfiles(8) from.

       RAMFS and TMPFS filesystems do not support the
       security.restorecon_last extended attribute and are automatically
       excluded from searches.

       By default restorecon_xattr will display the SHA1 digests with
       "Match" appended if they match the default specfile set or the
       specfile set used with the -f option. Non-matching SHA1 digests will
       be displayed with "No Match" appended.  This feature can be disabled
       by the -n option.

OPTIONS         top

       -d     delete all non-matching security.restorecon_last directory
              digest entries.

       -D     delete all security.restorecon_last directory digest entries.

       -m     do not read /proc/mounts to obtain a list of non-seclabel
              mounts to be excluded from relabeling checks.
              Setting -m is useful where there is a non-seclabel fs mounted
              with a seclabel fs mounted on a directory below this.

       -n     Do not append "Match" or "No Match" to displayed digests.

       -r     recursively descend directories.

       -v     display SHA1 digest generated by specfile set.

       -e     directory
              directory to exclude (repeat option for more than one
              directory).

       -f     specfile
              an optional specfile containing file context entries as
              described in file_contexts(5).  This will be used by
              selabel_open(3) to retrieve the set of labeling entries, with
              the SHA1 digest being retrieved by selabel_digest(3).  If the
              option is not specified, then the default file_contexts will
              be used.

ARGUMENTS         top

       pathname
              the pathname of the directory tree to be searched.

SEE ALSO         top

       restorecon(8), setfiles(8)

COLOPHON         top

       This page is part of the selinux (Security-Enhanced Linux user-space
       libraries and tools) project.  Information about the project can be
       found at ⟨https://github.com/SELinuxProject/selinux/wiki⟩.  If you
       have a bug report for this manual page, see 
       ⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩.  This
       page was obtained from the project's upstream Git repository 
       ⟨https://github.com/SELinuxProject/selinux⟩ on 2017-05-03.  If you
       discover any rendering problems in this HTML version of the page, or
       you believe there is a better or more up-to-date source for the page,
       or you have corrections or improvements to the information in this
       COLOPHON (which is not part of the original manual page), send a mail
       to man-pages@man7.org

                                24 Sept 2016             restorecon_xattr(8)