Provided by: policycoreutils_1.28-3_i386
setfiles - set file security contexts.
setfiles [-c policy ] [-d] [-l] [-n] [-e directory ] [-o filename ]
[-q] [-s] [-v] [-vv] [-W] [-F] spec_file pathname...
This manual page describes the setfiles program.
This program is primarily used to initialise the security context
database (extended attributes) on one or more filesystems. This
program is initially run as part of the SE Linux installation process.
It can also be run at any time to correct errors, to add support for
new policy, or with the -n option it can just check whether the file
contexts are all as you expect.
-c check the validity of the contexts against the specified binary
-d show what specification matched each file.
-l log changes in file labels to syslog.
-n don’t change any file labels.
-q suppress non-error output.
use an alternate root path
directory to exclude (repeat option for more than one
-F Force reset of context to match file_context for customizable
save list of files with incorrect context in filename.
-s take a list of files from standard input instead of using a
pathname on the command line.
-v show changes in file labels, if type or role are changing.
-vv show changes in file labels, if type, role, or user are
-W display warnings about entries that had no matching files.
spec_file The specification file which contains lines of the following
regexp [ -type ] ( context | <<none>> )
The regular expression is anchored at both ends. The optional type
field specifies the file type as shown in the mode field by the ls(1)
program, e.g. -- to match only regular files or -d to match only
directories. The context can be an ordinary security context or the
string <<none>> to specify that the file is not to have its context
The last matching specification is used. If there are multiple hard
links to a file that match different specifications and those
specifications indicate different security contexts, then a warning is
displayed but the file is still labeled based on the last matching
specification other than <<none>>.
The pathname for the root directory of each file system to be
relabeled. Not used if the -s option is used.
This man page was written by Russell Coker <email@example.com>. The
program was written by Stephen Smalley <firstname.lastname@example.org>