policycoreutils/setfiles/setfiles.8 - platform/external/selinux - Git at Google

 .TH "setfiles" "8" "2002031409" "" ""
 .SH "NAME"
 setfiles \- set SELinux file security contexts.

 .SH "SYNOPSIS"
 .B setfiles
 .I [\-c policy] [\-d] [\-l] [\-n] [\-e directory] [\-o filename] [\-p] [\-q] [\-s] [\-v] [\-W] [\-F] spec_file pathname...
 .SH "DESCRIPTION"
 This manual page describes the
 .BR setfiles
 program.
 .P
 This program is primarily used to initialize the security context
 fields (extended attributes) on one or more filesystems (or parts of
 them).  Usually it is initially run as part of the SELinux installation
 process (a step commonly known as labeling).
 .P
 It can also be run at any other time to correct inconsistent labels, to add
 support for newly-installed policy or, by using the \-n option, to passively
 check whether the file contexts are all set as specified by the active policy
 (default behavior) or by some other policy (see the \-c option).
 .P
 If a file object does not have a context, setfiles will write the default
 context to the file object's extended attributes. If a file object has a
 context, setfiles will only modify the type portion of the security context.
 The \-F option will force a replacement of the entire context.
 .SH "OPTIONS"
 .TP
 .B \-c
 check the validity of the contexts against the specified binary policy.
 .TP
 .B \-d
 show what specification matched each file (do not abort validation
 after ABORT_ON_ERRORS errors).
 .TP
 .B \-e directory
 directory to exclude (repeat option for more than one directory).
 .TP
 .B \-f
 take a list of files to be processed from an input file.
 .TP
 .B \-F
 Force reset of context to match file_context for customizable files, and the
 default file context, changing the user, role, range portion as well as the
 type.
 .TP
 .B \-h, \-?
 display usage information and exit.
 .TP
 .B \-i
 ignore files that do not exist.
 .TP
 .B \-l
 log changes in file labels to syslog.
 .TP
 .B \-n
 don't change any file labels (passive check).
 .TP
 .B \-o filename
 Deprecated, SELinux policy will probably block this access.  Use shell redirection to save list of files with incorrect context in filename.
 .TP
 .B \-p
 show progress by printing * every STAR_COUNT files.  (If you relabel the entire OS, this will show you the percentage complete.)
 .TP
 .B \-q
 suppress non-error output.
 .TP
 .B \-r rootpath
 use an alternate root path.
 .TP
 .B \-s
 take a list of files from standard input instead of using a pathname from the
 command line (equivalent to \-f \-).
 .TP
 .B \-v
 show changes in file labels.
 .TP
 .B \-W
 display warnings about entries that had no matching files.
 .TP
 .B \-0
 the separator for the input items is assumed to be the null character
 (instead of the white space).  The quotes and the backslash characters are
 also treated as normal characters that can form valid input.
 This option finally also disables the end of file string, which is treated
 like any other argument.  Useful when input items might contain white space,
 quote marks or backslashes.  The
 .B -print0
 option of GNU
 .B find
 produces input suitable for this mode.

 .SH "ARGUMENTS"
 .B spec_file
 The specification file which contains lines of the following form
 .br
 .B regexp [ \-type ] ( context | <<none>> )
 .br
 The regular expression is anchored at both ends.  The optional type field
 specifies the file type as shown in the mode field by the
 .B ls(1)
 program, e.g. \-\- to match only regular files or \-d to match only
 directories.  The context can be an ordinary security context or the
 string <<none>> to specify that the file is not to have its context
 changed.
 .br
 The last matching specification is used. If there are multiple hard
 links to a file that match different specifications and those
 specifications indicate different security contexts, then a warning is
 displayed but the file is still labeled based on the last matching
 specification other than <<none>>.
 .TP
 .B pathname...
 The pathname for the root directory of each file system to be relabeled
 or a specific directory within a filesystem that should be recursively
 descended and relabeled or the pathname of a file that should be
 relabeled.
 Not used if the
 .B \-f
 or the
 .B \-s
 option is used.

 .SH "AUTHOR"
 This man page was written by Russell Coker <russell@coker.com.au>.
 The program was written by Stephen Smalley <sds@epoch.ncsc.mil>

 .SH "SEE ALSO"
 .BR restorecon (8),
 .BR load_policy (8),
 .BR checkpolicy (8)
	.TH "setfiles" "8" "2002031409" "" ""
	.SH "NAME"
	setfiles \- set SELinux file security contexts.

	.SH "SYNOPSIS"
	.B setfiles
	.I [\-c policy] [\-d] [\-l] [\-n] [\-e directory] [\-o filename] [\-p] [\-q] [\-s] [\-v] [\-W] [\-F] spec_file pathname...
	.SH "DESCRIPTION"
	This manual page describes the
	.BR setfiles
	program.
	.P
	This program is primarily used to initialize the security context
	fields (extended attributes) on one or more filesystems (or parts of
	them). Usually it is initially run as part of the SELinux installation
	process (a step commonly known as labeling).
	.P
	It can also be run at any other time to correct inconsistent labels, to add
	support for newly-installed policy or, by using the \-n option, to passively
	check whether the file contexts are all set as specified by the active policy
	(default behavior) or by some other policy (see the \-c option).
	.P
	If a file object does not have a context, setfiles will write the default
	context to the file object's extended attributes. If a file object has a
	context, setfiles will only modify the type portion of the security context.
	The \-F option will force a replacement of the entire context.
	.SH "OPTIONS"
	.TP
	.B \-c
	check the validity of the contexts against the specified binary policy.
	.TP
	.B \-d
	show what specification matched each file (do not abort validation
	after ABORT_ON_ERRORS errors).
	.TP
	.B \-e directory
	directory to exclude (repeat option for more than one directory).
	.TP
	.B \-f
	take a list of files to be processed from an input file.
	.TP
	.B \-F
	Force reset of context to match file_context for customizable files, and the
	default file context, changing the user, role, range portion as well as the
	type.
	.TP
	.B \-h, \-?
	display usage information and exit.
	.TP
	.B \-i
	ignore files that do not exist.
	.TP
	.B \-l
	log changes in file labels to syslog.
	.TP
	.B \-n
	don't change any file labels (passive check).
	.TP
	.B \-o filename
	Deprecated, SELinux policy will probably block this access. Use shell redirection to save list of files with incorrect context in filename.
	.TP
	.B \-p
	show progress by printing * every STAR_COUNT files. (If you relabel the entire OS, this will show you the percentage complete.)
	.TP
	.B \-q
	suppress non-error output.
	.TP
	.B \-r rootpath
	use an alternate root path.
	.TP
	.B \-s
	take a list of files from standard input instead of using a pathname from the
	command line (equivalent to \-f \-).
	.TP
	.B \-v
	show changes in file labels.
	.TP
	.B \-W
	display warnings about entries that had no matching files.
	.TP
	.B \-0
	the separator for the input items is assumed to be the null character
	(instead of the white space). The quotes and the backslash characters are
	also treated as normal characters that can form valid input.
	This option finally also disables the end of file string, which is treated
	like any other argument. Useful when input items might contain white space,
	quote marks or backslashes. The
	.B -print0
	option of GNU
	.B find
	produces input suitable for this mode.

	.SH "ARGUMENTS"
	.B spec_file
	The specification file which contains lines of the following form
	.br
	.B regexp [ \-type ] ( context \| <<none>> )
	.br
	The regular expression is anchored at both ends. The optional type field
	specifies the file type as shown in the mode field by the
	.B ls(1)
	program, e.g. \-\- to match only regular files or \-d to match only
	directories. The context can be an ordinary security context or the
	string <<none>> to specify that the file is not to have its context
	changed.
	.br
	The last matching specification is used. If there are multiple hard
	links to a file that match different specifications and those
	specifications indicate different security contexts, then a warning is
	displayed but the file is still labeled based on the last matching
	specification other than <<none>>.
	.TP
	.B pathname...
	The pathname for the root directory of each file system to be relabeled
	or a specific directory within a filesystem that should be recursively
	descended and relabeled or the pathname of a file that should be
	relabeled.
	Not used if the
	.B \-f
	or the
	.B \-s
	option is used.

	.SH "AUTHOR"
	This man page was written by Russell Coker <russell@coker.com.au>.
	The program was written by Stephen Smalley <sds@epoch.ncsc.mil>

	.SH "SEE ALSO"
	.BR restorecon (8),
	.BR load_policy (8),
	.BR checkpolicy (8)