Provided by: policycoreutils_1.28-3_i386 bug


       setfiles - set file security contexts.


       setfiles  [-c  policy  ]  [-d] [-l] [-n] [-e directory ] [-o filename ]
       [-q] [-s] [-v] [-vv] [-W] [-F] spec_file pathname...


       This manual page describes the setfiles program.

       This program is primarily  used  to  initialise  the  security  context
       database  (extended  attributes)  on  one  or  more  filesystems.  This
       program is initially run as part of the SE Linux installation  process.

       It  can  also  be run at any time to correct errors, to add support for
       new policy, or with the -n option it can just check  whether  the  file
       contexts are all as you expect.


       -c     check  the validity of the contexts against the specified binary

       -d     show what specification matched each file.

       -l     log changes in file labels to syslog.

       -n     don’t change any file labels.

       -q     suppress non-error output.

       -r rootpath
              use an alternate root path

       -e directory
              directory  to  exclude  (repeat  option  for   more   than   one

       -F     Force  reset  of  context to match file_context for customizable

       -o filename
              save list of files with incorrect context in filename.

       -s     take a list of files from standard  input  instead  of  using  a
              pathname on the command line.

       -v     show changes in file labels, if type or role are changing.

       -vv    show  changes  in  file  labels,  if  type,  role,  or  user are

       -W     display warnings about entries that had no matching files.


       spec_file The specification file which contains lines of the  following
       regexp [ -type ] ( context | <<none>> )
       The  regular  expression  is  anchored at both ends.  The optional type
       field specifies the file type as shown in the mode field by  the  ls(1)
       program,  e.g.  --  to  match  only  regular  files or -d to match only
       directories.  The context can be an ordinary security  context  or  the
       string  <<none>>  to  specify  that the file is not to have its context
       The last matching specification is used. If  there  are  multiple  hard
       links   to  a  file  that  match  different  specifications  and  those
       specifications indicate different security contexts, then a warning  is
       displayed  but  the  file  is  still labeled based on the last matching
       specification other than <<none>>.

              The pathname for the root directory of each file  system  to  be
              relabeled.  Not used if the -s option is used.


       This man page was written by Russell Coker <>.  The
       program was written by Stephen Smalley <>


       load_policy(8), checkpolicy(8)

                                  2002031409                       setfiles(8)