Provided by: policycoreutils_2.2.5-1_amd64 bug


       restorecon - restore file(s) default SELinux security contexts.


       restorecon [-R] [-n] [-p] [-v] [-e directory] pathname...

       restorecon -f infilename [-e directory] [-R] [-n] [-p] [-v] [-F]


       This manual page describes the restorecon program.

       This program is primarily used to set the security context (extended attributes) on one or
       more files.

       It can also be run at any other time to correct inconsistent labels, to  add  support  for
       newly-installed  policy  or,  by  using the -n option, to passively check whether the file
       contexts are all set as specified by the active policy (default behavior).

       If a file object does not have a context, restorecon will write the default context to the
       file  object's  extended  attributes. If a file object has a context, restorecon will only
       modify the type portion of the security context.  The -F option will force  a  replacement
       of the entire context.

       It  is  the  same  executable  as  setfiles  but  operates  in a slightly different manner
       depending on it's argv[0].


       -e directory
              exclude a directory (repeat the option to exclude more than one directory, Requires
              full path).

       -f infilename
              infilename contains a list of files to be processed. Use - for stdin.

       -F     Force  reset  of  context  to  match  file_context  for customizable files, and the
              default file context, changing the user, role, range portion as well as the type.

       -h, -? display usage information and exit.

       -i     ignore files that do not exist.

       -n     don't change any file labels (passive check).  To display the  files  whose  labels
              would be changed, add -v.

       -o outfilename
              Deprecated,  SELinux policy will probably block this access.  Use shell redirection
              to save list of files with incorrect context in filename.

       -p     show progress by printing * every 1024 files.  (If you relabel the entire OS,  this
              will show you the percentage complete.)

       -R, -r change files and directories file labels recursively (descend directories).
              Note:  restorecon  reports  warnings on paths without default labels only if called
              non-recursively or in verbose mode.

       -v     show changes in file labels, if type or role are going to be changed.

       -0     the separator for the input items is assumed to be the null character  (instead  of
              the  white  space).   The  quotes  and the backslash characters are also treated as
              normal characters that can form valid input.  This option finally also disables the
              end  of  file  string, which is treated like any other argument.  Useful when input
              items might contain white space, quote marks or backslashes.  The -print0 option of
              GNU find produces input suitable for this mode.

              pathname...  The pathname for the file(s) to be relabeled.


       restorecon  does  not follow symbolic links and by default it does not operate recursively
       on directories.


       This man page was written by Dan Walsh <>.  Some of the content  of  this
       man   page   was   taken   from   the   setfiles   man   page  written  by  Russell  Coker
       <>.  The program was written by Dan Walsh <>.


       setfiles(8), load_policy(8), checkpolicy(8)

                                            2002031409                              restorecon(8)