restorecon_xattr(8) — Linux manual page


restorecon_xattr(8)       SELinux User Command       restorecon_xattr(8)

NAME         top

       restorecon_xattr - manage security.sehash extended attribute
       entries added by setfiles(8) or restorecon(8).

SYNOPSIS         top

       restorecon_xattr [-d] [-D] [-m] [-n] [-r] [-v] [-e directory] [-f
       specfile] pathname

DESCRIPTION         top

       restorecon_xattr will display the SHA1 digests added to extended
       attributes security.sehash or delete the attribute completely.
       These attributes are set by restorecon(8) or setfiles(8) to
       specified directories when relabeling recursively.

       restorecon_xattr is useful for managing the extended attribute
       entries particularly when users forget what directories they ran
       restorecon(8) or setfiles(8) from.

       RAMFS and TMPFS filesystems do not support the security.sehash
       extended attribute and are automatically excluded from searches.

       By default restorecon_xattr will display the SHA1 digests with
       "Match" appended if they match the default specfile set or the
       specfile set used with the -f option. Non-matching SHA1 digests
       will be displayed with "No Match" appended.  This feature can be
       disabled by the -n option.

OPTIONS         top

       -d     delete all non-matching security.sehash directory digest

       -D     delete all security.sehash directory digest entries.

       -m     do not read /proc/mounts to obtain a list of non-seclabel
              mounts to be excluded from relabeling checks.
              Setting -m is useful where there is a non-seclabel fs
              mounted with a seclabel fs mounted on a directory below

       -n     Do not append "Match" or "No Match" to displayed digests.

       -r     recursively descend directories.

       -v     display SHA1 digest generated by specfile set (Note that
              this digest is not used to match the security.sehash
              directory digest entries, and is shown for reference

       -e     directory
              directory to exclude (repeat option for more than one

       -f     specfile
              an optional specfile containing file context entries as
              described in file_contexts(5).  If the option is not
              specified, then the default file_contexts will be used.

ARGUMENTS         top

              the pathname of the directory tree to be searched.

SEE ALSO         top

       restorecon(8), setfiles(8)

COLOPHON         top

       This page is part of the selinux (Security-Enhanced Linux user-
       space libraries and tools) project.  Information about the
       project can be found at 
       ⟨⟩.  If you have a
       bug report for this manual page, see
       This page was obtained from the project's upstream Git repository
       ⟨⟩ on 2023-12-22.  (At
       that time, the date of the most recent commit that was found in
       the repository was 2023-05-11.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to

                              24 Sept 2016           restorecon_xattr(8)