Provided by: policycoreutils_3.4-1_amd64 bug

NAME

       restorecon_xattr  - manage security.sehash extended attribute entries added by setfiles(8)
       or restorecon(8).

SYNOPSIS

       restorecon_xattr [-d] [-D] [-m] [-n] [-r] [-v] [-e directory] [-f specfile] pathname

DESCRIPTION

       restorecon_xattr  will  display  the   SHA1   digests   added   to   extended   attributes
       security.sehash   or  delete  the  attribute  completely.  These  attributes  are  set  by
       restorecon(8) or setfiles(8) to specified directories when relabeling recursively.

       restorecon_xattr is useful for managing the extended attribute entries  particularly  when
       users forget what directories they ran restorecon(8) or setfiles(8) from.

       RAMFS  and TMPFS filesystems do not support the security.sehash extended attribute and are
       automatically excluded from searches.

       By default restorecon_xattr will display the SHA1 digests with "Match"  appended  if  they
       match  the  default specfile set or the specfile set used with the -f option. Non-matching
       SHA1 digests will be displayed with "No Match" appended.  This feature can be disabled  by
       the -n option.

OPTIONS

       -d     delete all non-matching security.sehash directory digest entries.

       -D     delete all security.sehash directory digest entries.

       -m     do  not  read  /proc/mounts  to obtain a list of non-seclabel mounts to be excluded
              from relabeling checks.
              Setting -m is useful where there is a non-seclabel fs mounted with  a  seclabel  fs
              mounted on a directory below this.

       -n     Do not append "Match" or "No Match" to displayed digests.

       -r     recursively descend directories.

       -v     display SHA1 digest generated by specfile set (Note that this digest is not used to
              match the security.sehash directory digest entries,  and  is  shown  for  reference
              only).

       -e     directory
              directory to exclude (repeat option for more than one directory).

       -f     specfile
              an   optional   specfile   containing   file   context   entries  as  described  in
              file_contexts(5).  If the option is not specified, then the  default  file_contexts
              will be used.

ARGUMENTS

       pathname
              the pathname of the directory tree to be searched.

SEE ALSO

       restorecon(8), setfiles(8)

                                           24 Sept 2016                       restorecon_xattr(8)