Provided by: policycoreutils_3.3-1build1_amd64 bug


       fixfiles - fix file SELinux security contexts.


       fixfiles [-v] [-F] [-M] [-f] relabel

       fixfiles [-v] [-F] { check | restore | verify } dir/file ...

       fixfiles [-v] [-F] [-B | -N time ] { check | restore | verify }

       fixfiles [-v] [-F] -R rpmpackagename[,rpmpackagename...] { check | restore | verify }

       fixfiles [-v] [-F] -C PREVIOUS_FILECONTEXT { check | restore | verify }

       fixfiles [-F] [-M] [-B] onboot


       This manual page describes the fixfiles script.

       This  script  is  primarily  used  to  correct  the  security  context  database (extended
       attributes) on filesystems.

       It can also be run at any time to relabel when adding support for  new  policy,  or   just
       check  whether  the  file  contexts are all as you expect.  By default it will relabel all
       mounted ext2, ext3, ext4, gfs2, xfs, jfs and btrfs file systems as long  as  they  do  not
       have  a  security  context mount option.  You can use the -R flag to use rpmpackages as an
       alternative.   The  file  /etc/selinux/fixfiles_exclude_dirs  can  contain   a   list   of
       directories excluded from relabeling.

       fixfiles onboot will setup the machine to relabel on the next reboot.


       -B     If  specified  with  onboot,  this  fixfiles  will  record  the current date in the
              /.autorelabel file, so that it can be used later to speed up labeling. If used with
              restore, the restore will only affect files that were modified today.

       -F     Force reset of context to match file_context for customizable files

       -f     Clear /tmp directory with out prompt for removal.

       -R rpmpackagename[,rpmpackagename...]
              Use  the  rpm  database  to  discover  all  files within the specified packages and
              restore the file contexts.

              Run a diff on  the PREVIOUS_FILECONTEXT file to the currently  installed  one,  and
              restore the context of all affected files.

       -N time
              Only  act  on  files  created  after the specified date.  Date must be specified in
              "YYYY-MM-DD HH:MM" format.  Date field will be passed to find --newermt command.

       -M     Bind mount filesystems before relabeling them, this allows fixing  the  context  of
              files or directories that have been mounted over.

       -v     Modify verbosity from progress to verbose. (Run restorecon with -v instead of -p)


       One of:

       check | verify
              print  any  incorrect  file context labels, showing old and new context, but do not
              change them.

              change any incorrect file context labels.

              Prompt for removal of contents of /tmp directory and then change any incorrect file
              context labels to match the install file_contexts file.

       [[dir/file] ... ]
              List of files or directories trees that you wish to check file context on.


       This  man  page  was  written  by  Richard Hally <>.  The script  was
       written by Dan Walsh <>


       setfiles(8), restorecon(8)

                                            2002031409                                fixfiles(8)