restorecon_xattr(8)         SELinux User Command         restorecon_xattr(8)

NAME         top

       restorecon_xattr - manage security.restorecon_last extended attribute
       entries added by setfiles(8) or restorecon(8).

SYNOPSIS         top

       restorecon_xattr [-d] [-D] [-m] [-n] [-r] [-v] [-e directory] [-f
       specfile] pathname

DESCRIPTION         top

       restorecon_xattr will display the SHA1 digests added to extended
       attributes security.restorecon_last or delete the attribute
       completely. These attributes are set by restorecon(8) or setfiles(8)
       to specified directories when relabeling recursively.

       restorecon_xattr is useful for managing the extended attribute
       entries particularly when users forget what directories they ran
       restorecon(8) or setfiles(8) from.

       RAMFS and TMPFS filesystems do not support the
       security.restorecon_last extended attribute and are automatically
       excluded from searches.

       By default restorecon_xattr will display the SHA1 digests with
       "Match" appended if they match the default specfile set or the
       specfile set used with the -f option. Non-matching SHA1 digests will
       be displayed with "No Match" appended.  This feature can be disabled
       by the -n option.

OPTIONS         top

       -d     delete all non-matching security.restorecon_last directory
              digest entries.

       -D     delete all security.restorecon_last directory digest entries.

       -m     do not read /proc/mounts to obtain a list of non-seclabel
              mounts to be excluded from relabeling checks.
              Setting -m is useful where there is a non-seclabel fs mounted
              with a seclabel fs mounted on a directory below this.

       -n     Do not append "Match" or "No Match" to displayed digests.

       -r     recursively descend directories.

       -v     display SHA1 digest generated by specfile set.

       -e     directory
              directory to exclude (repeat option for more than one

       -f     specfile
              an optional specfile containing file context entries as
              described in file_contexts(5).  This will be used by
              selabel_open(3) to retrieve the set of labeling entries, with
              the SHA1 digest being retrieved by selabel_digest(3).  If the
              option is not specified, then the default file_contexts will
              be used.

ARGUMENTS         top

              the pathname of the directory tree to be searched.

SEE ALSO         top

       restorecon(8), setfiles(8)

COLOPHON         top

       This page is part of the selinux (Security-Enhanced Linux user-space
       libraries and tools) project.  Information about the project can be
       found at ⟨⟩.  If you
       have a bug report for this manual page, see 
       ⟨⟩.  This
       page was obtained from the project's upstream Git repository 
       ⟨⟩ on 2017-03-13.  If you
       discover any rendering problems in this HTML version of the page, or
       you believe there is a better or more up-to-date source for the page,
       or you have corrections or improvements to the information in this
       COLOPHON (which is not part of the original manual page), send a mail

                                24 Sept 2016             restorecon_xattr(8)