NAME

       restorecon_xattr  -  manage  security.restorecon_last  extended attribute entries added by
       setfiles(8) or restorecon(8).

SYNOPSIS

       restorecon_xattr [-d] [-D] [-m] [-n] [-r] [-v] [-e directory] [-f specfile] pathname

DESCRIPTION

       restorecon_xattr  will  display  the   SHA1   digests   added   to   extended   attributes
       security.restorecon_last  or  delete the attribute completely. These attributes are set by
       restorecon(8) or setfiles(8) to specified directories when relabeling recursively.

       restorecon_xattr is useful for managing the extended attribute entries  particularly  when
       users forget what directories they ran restorecon(8) or setfiles(8) from.

       RAMFS and TMPFS filesystems do not support the security.restorecon_last extended attribute
       and are automatically excluded from searches.

       By default restorecon_xattr will display the SHA1 digests with "Match"  appended  if  they
       match  the  default specfile set or the specfile set used with the -f option. Non-matching
       SHA1 digests will be displayed with "No Match" appended.  This feature can be disabled  by
       the -n option.

OPTIONS

       -d     delete all non-matching security.restorecon_last directory digest entries.

       -D     delete all security.restorecon_last directory digest entries.

       -m     do  not  read  /proc/mounts  to obtain a list of non-seclabel mounts to be excluded
              from relabeling checks.
              Setting -m is useful where there is a non-seclabel fs mounted with  a  seclabel  fs
              mounted on a directory below this.

       -n     Do not append "Match" or "No Match" to displayed digests.

       -r     recursively descend directories.

       -v     display SHA1 digest generated by specfile set.

       -e     directory
              directory to exclude (repeat option for more than one directory).

       -f     specfile
              an   optional   specfile   containing   file   context   entries  as  described  in
              file_contexts(5).  This will be used by selabel_open(3)  to  retrieve  the  set  of
              labeling  entries,  with  the SHA1 digest being retrieved by selabel_digest(3).  If
              the option is not specified, then the default file_contexts will be used.

ARGUMENTS

       pathname
              the pathname of the directory tree to be searched.

SEE ALSO

       restorecon(8), setfiles(8)

                                           24 Sept 2016                       restorecon_xattr(8)