policycoreutils/setfiles/restorecon_xattr.8 - manifest_repos/selinux - Git at Google

 .TH "restorecon_xattr" "8" "24 Sept 2016" "" "SELinux User Command"
 .SH "NAME"
 restorecon_xattr \- manage
 .I security.sehash
 extended attribute entries added by
 .BR setfiles (8)
 or
 .BR restorecon (8).

 .SH "SYNOPSIS"
 .B restorecon_xattr
 .RB [ \-d ]
 .RB [ \-D ]
 .RB [ \-m ]
 .RB [ \-n ]
 .RB [ \-r ]
 .RB [ \-v ]
 .RB [ \-e
 .IR directory ]
 .RB [ \-f
 .IR specfile ]
 .I pathname

 .SH "DESCRIPTION"
 .B restorecon_xattr
 will display the SHA1 digests added to extended attributes
 .I security.sehash
 or delete the attribute completely. These attributes are set by
 .BR restorecon (8)
 or
 .BR setfiles (8)
 to specified directories when relabeling recursively.
 .sp
 .B restorecon_xattr
 is useful for managing the extended attribute entries particularly when
 users forget what directories they ran
 .BR restorecon (8)
 or
 .BR setfiles (8)
 from.
 .sp
 .B RAMFS
 and
 .B TMPFS
 filesystems do not support the
 .I security.sehash
 extended attribute and are automatically excluded from searches.
 .sp
 By default
 .B restorecon_xattr
 will display the SHA1 digests with "Match" appended if they match the default
 specfile set or the
 .I specfile
 set used with the
 .B \-f
 option. Non-matching SHA1 digests will be displayed with "No Match" appended.
 This feature can be disabled by the
 .B \-n
 option.

 .SH "OPTIONS"
 .TP
 .B \-d
 delete all non-matching
 .I security.sehash
 directory digest entries.
 .TP
 .B \-D
 delete all
 .I security.sehash
 directory digest entries.
 .TP
 .B \-m
 do not read
 .B /proc/mounts
 to obtain a list of non-seclabel mounts to be excluded from relabeling checks.
 .br
 Setting
 .B \-m
 is useful where there is a non-seclabel fs mounted with a seclabel fs mounted
 on a directory below this.
 .TP
 .B \-n
 Do not append "Match" or "No Match" to displayed digests.
 .TP
 .B \-r
 recursively descend directories.
 .TP
 .B \-v
 display SHA1 digest generated by specfile set (Note that this digest is not
 used to match the
 .I security.sehash
 directory digest entries, and is shown for reference only).
 .TP
 .B \-e
 .I directory
 .br
 directory to exclude (repeat option for more than one directory).
 .TP
 .B \-f
 .I specfile
 .br
 an optional
 .I specfile
 containing file context entries as described in
 .BR file_contexts (5).
 If the option is not specified, then the default file_contexts will be used.

 .SH "ARGUMENTS"
 .TP
 .I pathname
 .br
 the pathname of the directory tree to be searched.

 .SH "SEE ALSO"
 .BR restorecon (8),
 .BR setfiles (8)
	.TH "restorecon_xattr" "8" "24 Sept 2016" "" "SELinux User Command"
	.SH "NAME"
	restorecon_xattr \- manage
	.I security.sehash
	extended attribute entries added by
	.BR setfiles (8)
	or
	.BR restorecon (8).

	.SH "SYNOPSIS"
	.B restorecon_xattr
	.RB [ \-d ]
	.RB [ \-D ]
	.RB [ \-m ]
	.RB [ \-n ]
	.RB [ \-r ]
	.RB [ \-v ]
	.RB [ \-e
	.IR directory ]
	.RB [ \-f
	.IR specfile ]
	.I pathname

	.SH "DESCRIPTION"
	.B restorecon_xattr
	will display the SHA1 digests added to extended attributes
	.I security.sehash
	or delete the attribute completely. These attributes are set by
	.BR restorecon (8)
	or
	.BR setfiles (8)
	to specified directories when relabeling recursively.
	.sp
	.B restorecon_xattr
	is useful for managing the extended attribute entries particularly when
	users forget what directories they ran
	.BR restorecon (8)
	or
	.BR setfiles (8)
	from.
	.sp
	.B RAMFS
	and
	.B TMPFS
	filesystems do not support the
	.I security.sehash
	extended attribute and are automatically excluded from searches.
	.sp
	By default
	.B restorecon_xattr
	will display the SHA1 digests with "Match" appended if they match the default
	specfile set or the
	.I specfile
	set used with the
	.B \-f
	option. Non-matching SHA1 digests will be displayed with "No Match" appended.
	This feature can be disabled by the
	.B \-n
	option.

	.SH "OPTIONS"
	.TP
	.B \-d
	delete all non-matching
	.I security.sehash
	directory digest entries.
	.TP
	.B \-D
	delete all
	.I security.sehash
	directory digest entries.
	.TP
	.B \-m
	do not read
	.B /proc/mounts
	to obtain a list of non-seclabel mounts to be excluded from relabeling checks.
	.br
	Setting
	.B \-m
	is useful where there is a non-seclabel fs mounted with a seclabel fs mounted
	on a directory below this.
	.TP
	.B \-n
	Do not append "Match" or "No Match" to displayed digests.
	.TP
	.B \-r
	recursively descend directories.
	.TP
	.B \-v
	display SHA1 digest generated by specfile set (Note that this digest is not
	used to match the
	.I security.sehash
	directory digest entries, and is shown for reference only).
	.TP
	.B \-e
	.I directory
	.br
	directory to exclude (repeat option for more than one directory).
	.TP
	.B \-f
	.I specfile
	.br
	an optional
	.I specfile
	containing file context entries as described in
	.BR file_contexts (5).
	If the option is not specified, then the default file_contexts will be used.

	.SH "ARGUMENTS"
	.TP
	.I pathname
	.br
	the pathname of the directory tree to be searched.

	.SH "SEE ALSO"
	.BR restorecon (8),
	.BR setfiles (8)