libselinux/man/man3/selinux_restorecon.3 - platform/external/selinux - Git at Google

 .TH "selinux_restorecon" "3" "20 Oct 2015" "Security Enhanced Linux" "SELinux API documentation"

 .SH "NAME"
 selinux_restorecon \- restore file(s) default SELinux security contexts
 .
 .SH "SYNOPSIS"
 .B #include <selinux/restorecon.h>
 .sp
 .BI "int selinux_restorecon(const char *" pathname ,
 .in +\w'int selinux_restorecon('u
 .br
 .BI "unsigned int " restorecon_flags ");"
 .in
 .
 .SH "DESCRIPTION"
 .BR selinux_restorecon ()
 restores file default security contexts on filesystems that support extended
 attributes (see
 .BR xattr (7)),
 based on:
 .sp
 .RS
 .IR pathname
 containing a directory or file to be relabeled.
 .br
 If this is a directory and the
 .IR restorecon_flags
 .B SELINUX_RESTORECON_RECURSE
 has been set (for decending through directories), then
 .BR selinux_restorecon ()
 will write an SHA1 digest of the combined specfiles (see the
 .B NOTES
 section for details) to an extended attribute of
 .IR security.restorecon_last
 once the relabeling has been completed successfully. This digest will be
 checked should
 .BR selinux_restorecon ()
 be rerun
 with the
 .IR restorecon_flags
 .B SELINUX_RESTORECON_RECURSE
 flag set. If any of the specfiles had been updated, the digest
 will also be updated. However if the digest is the same, no relabeling checks
 will take place (unless the
 .B SELINUX_RESTORECON_IGNORE_DIGEST
 flag is set).
 .sp
 .IR restorecon_flags
 contains the labeling option/rules as follows:
 .sp
 .RS
 .sp
 .B SELINUX_RESTORECON_IGNORE_DIGEST
 force the checking of labels even if the stored SHA1 digest matches the
 specfiles SHA1 digest. The specfiles digest will be written to the
 .IR security.restorecon_last
 extended attribute once relabeling has been completed successfully provided the
 .B SELINUX_RESTORECON_NOCHANGE
 flag has not been set.
 .sp
 .B SELINUX_RESTORECON_NOCHANGE
 don't change any file labels (passive check) or update the digest in the
 .IR security.restorecon_last
 extended attribute.
 .sp
 .B SELINUX_RESTORECON_SET_SPECFILE_CTX
 If set, reset the files label to match the default specfile context.
 If not set only reset the files "type" component of the context to match the
 default specfile context.
 .sp
 .B SELINUX_RESTORECON_RECURSE
 change file and directory labels recursively (descend directories)
 and if successful write an SHA1 digest of the combined specfiles to an
 extended attribute as described in the
 .B NOTES
 section.
 .sp
 .B SELINUX_RESTORECON_VERBOSE
 log file label changes.
 .RS
 Note that if
 .B SELINUX_RESTORECON_VERBOSE
 and
 .B SELINUX_RESTORECON_PROGRESS
 flags are set, then
 .B SELINUX_RESTORECON_PROGRESS
 will take precedence.
 .RE
 .sp
 .B SELINUX_RESTORECON_PROGRESS
 show progress by printing * to stdout every 1000 files unless relabeling the
 entire OS, that will then show the approximate percentage complete.
 .sp
 .B SELINUX_RESTORECON_REALPATH
 convert passed-in
 .I pathname
 to the canonical pathname using
 .BR realpath (3).
 .sp
 .B SELINUX_RESTORECON_XDEV
 prevent descending into directories that have a different device number than
 the
 .I pathname
 entry from which the descent began.
 .sp
 .B SELINUX_RESTORECON_ADD_ASSOC
 attempt to add an association between an inode and a specification. If there
 is already an association for the inode and it conflicts with the
 specification, then use the last matching specification.
 .sp
 .B SELINUX_RESTORECON_ABORT_ON_ERROR
 abort on errors during the file tree walk.
 .sp
 .B SELINUX_RESTORECON_SYSLOG_CHANGES
 log any label changes to
 .BR syslog (3).
 .sp
 .B SELINUX_RESTORECON_LOG_MATCHES
 log what specfile context matched each file.
 .sp
 .B SELINUX_RESTORECON_IGNORE_NOENTRY
 ignore files that do not exist.
 .sp
 .B SELINUX_RESTORECON_IGNORE_MOUNTS
 do not read
 .B /proc/mounts
 to obtain a list of non-seclabel mounts to be excluded from relabeling checks.
 .br
 Setting
 .B SELINUX_RESTORECON_IGNORE_MOUNTS
 is useful where there is a non-seclabel fs mounted with a seclabel fs mounted
 on a directory below this.
 .RE
 .sp
 The behavior regarding the checking and updating of the SHA1 digest described
 above is the default behavior. It is possible to change this by first calling
 .BR selabel_open (3)
 and not enabling the
 .B SELABEL_OPT_DIGEST
 option, then calling
 .BR selinux_restorecon_set_sehandle (3)
 to set the handle to be used by
 .BR selinux_restorecon (3).
 .sp
 If the
 .I pathname
 is a directory path, then it is possible to set directories to be excluded
 from the path by calling
 .BR selinux_restorecon_set_exclude_list (3)
 with a
 .B NULL
 terminated list before calling
 .BR selinux_restorecon (3).
 .sp
 By default
 .BR selinux_restorecon (3)
 reads
 .B /proc/mounts
 to obtain a list of non-seclabel mounts to be excluded from relabeling checks
 unless the
 .B SELINUX_RESTORECON_IGNORE_MOUNTS
 flag has been set.
 .RE
 .
 .SH "RETURN VALUE"
 On success, zero is returned.  On error, \-1 is returned and
 .I errno
 is set appropriately.
 .
 .SH "NOTES"
 .IP "1." 4
 To improve performance when relabeling file systems recursively (e.g. the
 .IR restorecon_flags
 .B SELINUX_RESTORECON_RECURSE
 flag is set)
 .BR selinux_restorecon ()
 will write an SHA1 digest of the specfiles that are processed by
 .BR selabel_open (3)
 to an extended attribute named
 .IR security.restorecon_last
 to the directory specified in the
 .IR pathname .
 .IP "2." 4
 To check the extended attribute entry use
 .BR getfattr (1) ,
 for example:
 .sp
 .RS
 .RS
 getfattr -e hex -n security.restorecon_last /
 .RE
 .RE
 .IP "3." 4
 The SHA1 digest is calculated by
 .BR selabel_open (3)
 concatenating the specfiles it reads during initialisation with the
 resulting digest and list of specfiles being retrieved by
 .BR selabel_digest (3).
 .IP "4." 4
 The specfiles consist of the mandatory
 .I file_contexts
 file plus any subs, subs_dist, local and homedir entries (text or binary versions)
 as determined by any
 .BR selabel_open (3)
 options e.g.
 .BR SELABEL_OPT_BASEONLY .
 .sp
 Should any of the specfiles have changed, then when
 .BR selinux_restorecon ()
 is run again with the
 .B SELINUX_RESTORECON_RECURSE
 flag set, a new SHA1 digest will be calculated and all files will be automatically
 relabeled depending on the settings of the
 .B SELINUX_RESTORECON_SET_SPECFILE_CTX
 flag (provided
 .B SELINUX_RESTORECON_NOCHANGE
 is not set).
 .IP "5." 4
 .B /sys
 and in-memory filesystems do not support the
 .IR security.restorecon_last
 extended attribute and are automatically excluded from any relabeling checks.
 .IP "6." 4
 By default
 .B stderr
 is used to log output messages and errors. This may be changed by calling
 .BR selinux_set_callback (3)
 with the
 .B SELINUX_CB_LOG
 .I type
 option.
 .
 .SH "SEE ALSO"
 .BR selinux_restorecon_set_sehandle (3),
 .br
 .BR selinux_restorecon_default_handle (3),
 .br
 .BR selinux_restorecon_set_exclude_list (3),
 .br
 .BR selinux_restorecon_set_alt_rootpath (3),
 .br
 .BR selinux_set_callback (3)
	.TH "selinux_restorecon" "3" "20 Oct 2015" "Security Enhanced Linux" "SELinux API documentation"

	.SH "NAME"
	selinux_restorecon \- restore file(s) default SELinux security contexts
	.
	.SH "SYNOPSIS"
	.B #include <selinux/restorecon.h>
	.sp
	.BI "int selinux_restorecon(const char *" pathname ,
	.in +\w'int selinux_restorecon('u
	.br
	.BI "unsigned int " restorecon_flags ");"
	.in
	.
	.SH "DESCRIPTION"
	.BR selinux_restorecon ()
	restores file default security contexts on filesystems that support extended
	attributes (see
	.BR xattr (7)),
	based on:
	.sp
	.RS
	.IR pathname
	containing a directory or file to be relabeled.
	.br
	If this is a directory and the
	.IR restorecon_flags
	.B SELINUX_RESTORECON_RECURSE
	has been set (for decending through directories), then
	.BR selinux_restorecon ()
	will write an SHA1 digest of the combined specfiles (see the
	.B NOTES
	section for details) to an extended attribute of
	.IR security.restorecon_last
	once the relabeling has been completed successfully. This digest will be
	checked should
	.BR selinux_restorecon ()
	be rerun
	with the
	.IR restorecon_flags
	.B SELINUX_RESTORECON_RECURSE
	flag set. If any of the specfiles had been updated, the digest
	will also be updated. However if the digest is the same, no relabeling checks
	will take place (unless the
	.B SELINUX_RESTORECON_IGNORE_DIGEST
	flag is set).
	.sp
	.IR restorecon_flags
	contains the labeling option/rules as follows:
	.sp
	.RS
	.sp
	.B SELINUX_RESTORECON_IGNORE_DIGEST
	force the checking of labels even if the stored SHA1 digest matches the
	specfiles SHA1 digest. The specfiles digest will be written to the
	.IR security.restorecon_last
	extended attribute once relabeling has been completed successfully provided the
	.B SELINUX_RESTORECON_NOCHANGE
	flag has not been set.
	.sp
	.B SELINUX_RESTORECON_NOCHANGE
	don't change any file labels (passive check) or update the digest in the
	.IR security.restorecon_last
	extended attribute.
	.sp
	.B SELINUX_RESTORECON_SET_SPECFILE_CTX
	If set, reset the files label to match the default specfile context.
	If not set only reset the files "type" component of the context to match the
	default specfile context.
	.sp
	.B SELINUX_RESTORECON_RECURSE
	change file and directory labels recursively (descend directories)
	and if successful write an SHA1 digest of the combined specfiles to an
	extended attribute as described in the
	.B NOTES
	section.
	.sp
	.B SELINUX_RESTORECON_VERBOSE
	log file label changes.
	.RS
	Note that if
	.B SELINUX_RESTORECON_VERBOSE
	and
	.B SELINUX_RESTORECON_PROGRESS
	flags are set, then
	.B SELINUX_RESTORECON_PROGRESS
	will take precedence.
	.RE
	.sp
	.B SELINUX_RESTORECON_PROGRESS
	show progress by printing * to stdout every 1000 files unless relabeling the
	entire OS, that will then show the approximate percentage complete.
	.sp
	.B SELINUX_RESTORECON_REALPATH
	convert passed-in
	.I pathname
	to the canonical pathname using
	.BR realpath (3).
	.sp
	.B SELINUX_RESTORECON_XDEV
	prevent descending into directories that have a different device number than
	the
	.I pathname
	entry from which the descent began.
	.sp
	.B SELINUX_RESTORECON_ADD_ASSOC
	attempt to add an association between an inode and a specification. If there
	is already an association for the inode and it conflicts with the
	specification, then use the last matching specification.
	.sp
	.B SELINUX_RESTORECON_ABORT_ON_ERROR
	abort on errors during the file tree walk.
	.sp
	.B SELINUX_RESTORECON_SYSLOG_CHANGES
	log any label changes to
	.BR syslog (3).
	.sp
	.B SELINUX_RESTORECON_LOG_MATCHES
	log what specfile context matched each file.
	.sp
	.B SELINUX_RESTORECON_IGNORE_NOENTRY
	ignore files that do not exist.
	.sp
	.B SELINUX_RESTORECON_IGNORE_MOUNTS
	do not read
	.B /proc/mounts
	to obtain a list of non-seclabel mounts to be excluded from relabeling checks.
	.br
	Setting
	.B SELINUX_RESTORECON_IGNORE_MOUNTS
	is useful where there is a non-seclabel fs mounted with a seclabel fs mounted
	on a directory below this.
	.RE
	.sp
	The behavior regarding the checking and updating of the SHA1 digest described
	above is the default behavior. It is possible to change this by first calling
	.BR selabel_open (3)
	and not enabling the
	.B SELABEL_OPT_DIGEST
	option, then calling
	.BR selinux_restorecon_set_sehandle (3)
	to set the handle to be used by
	.BR selinux_restorecon (3).
	.sp
	If the
	.I pathname
	is a directory path, then it is possible to set directories to be excluded
	from the path by calling
	.BR selinux_restorecon_set_exclude_list (3)
	with a
	.B NULL
	terminated list before calling
	.BR selinux_restorecon (3).
	.sp
	By default
	.BR selinux_restorecon (3)
	reads
	.B /proc/mounts
	to obtain a list of non-seclabel mounts to be excluded from relabeling checks
	unless the
	.B SELINUX_RESTORECON_IGNORE_MOUNTS
	flag has been set.
	.RE
	.
	.SH "RETURN VALUE"
	On success, zero is returned. On error, \-1 is returned and
	.I errno
	is set appropriately.
	.
	.SH "NOTES"
	.IP "1." 4
	To improve performance when relabeling file systems recursively (e.g. the
	.IR restorecon_flags
	.B SELINUX_RESTORECON_RECURSE
	flag is set)
	.BR selinux_restorecon ()
	will write an SHA1 digest of the specfiles that are processed by
	.BR selabel_open (3)
	to an extended attribute named
	.IR security.restorecon_last
	to the directory specified in the
	.IR pathname .
	.IP "2." 4
	To check the extended attribute entry use
	.BR getfattr (1) ,
	for example:
	.sp
	.RS
	.RS
	getfattr -e hex -n security.restorecon_last /
	.RE
	.RE
	.IP "3." 4
	The SHA1 digest is calculated by
	.BR selabel_open (3)
	concatenating the specfiles it reads during initialisation with the
	resulting digest and list of specfiles being retrieved by
	.BR selabel_digest (3).
	.IP "4." 4
	The specfiles consist of the mandatory
	.I file_contexts
	file plus any subs, subs_dist, local and homedir entries (text or binary versions)
	as determined by any
	.BR selabel_open (3)
	options e.g.
	.BR SELABEL_OPT_BASEONLY .
	.sp
	Should any of the specfiles have changed, then when
	.BR selinux_restorecon ()
	is run again with the
	.B SELINUX_RESTORECON_RECURSE
	flag set, a new SHA1 digest will be calculated and all files will be automatically
	relabeled depending on the settings of the
	.B SELINUX_RESTORECON_SET_SPECFILE_CTX
	flag (provided
	.B SELINUX_RESTORECON_NOCHANGE
	is not set).
	.IP "5." 4
	.B /sys
	and in-memory filesystems do not support the
	.IR security.restorecon_last
	extended attribute and are automatically excluded from any relabeling checks.
	.IP "6." 4
	By default
	.B stderr
	is used to log output messages and errors. This may be changed by calling
	.BR selinux_set_callback (3)
	with the
	.B SELINUX_CB_LOG
	.I type
	option.
	.
	.SH "SEE ALSO"
	.BR selinux_restorecon_set_sehandle (3),
	.br
	.BR selinux_restorecon_default_handle (3),
	.br
	.BR selinux_restorecon_set_exclude_list (3),
	.br
	.BR selinux_restorecon_set_alt_rootpath (3),
	.br
	.BR selinux_set_callback (3)