policycoreutils/scripts/fixfiles.8 - platform/external/selinux - Git at Google

 .TH "fixfiles" "8" "2002031409" "" ""
 .SH "NAME"
 fixfiles \- fix file SELinux security contexts.

 .SH "SYNOPSIS"
 .na

 .B fixfiles
 .I [\-v] [\-F] [\-f] relabel

 .B fixfiles
 .I [\-v] [\-F] { check | restore | verify } dir/file ...

 .B fixfiles
 .I [\-v] [\-F] [\-B | \-N time ] { check | restore | verify }

 .B fixfiles
 .I [\-v] [\-F] \-R rpmpackagename[,rpmpackagename...] { check | restore | verify }

 .B fixfiles
 .I [\-v] [\-F] \-C PREVIOUS_FILECONTEXT  { check | restore | verify }

 .B fixfiles
 .I [-F] [-B] onboot

 .ad

 .SH "DESCRIPTION"
 This manual page describes the
 .BR fixfiles
 script.
 .P
 This script is primarily used to correct the security context
 database (extended attributes) on filesystems.
 .P
 It can also be run at any time to relabel when adding support for
 new policy, or  just check whether the file contexts are all
 as you expect.  By default it will relabel all mounted ext2, ext3, xfs and
 jfs file systems as long as they do not have a security context mount
 option.  You can use the \-R flag to use rpmpackages as an alternative.
 The file /etc/selinux/fixfiles_exclude_dirs can contain a list of directories
 excluded from relabeling.
 .P
 .B fixfiles onboot
 will setup the machine to relabel on the next reboot.

 .SH "OPTIONS"
 .TP
 .B \-B
 If specified with onboot, this fixfiles will record the current date in the /.autorelabel file, so that it can be used later to speed up labeling. If used with restore, the restore will only affect files that were modified today.
 .TP
 .B \-F
 Force reset of context to match file_context for customizable files

 .TP
 .B \-f
 Clear /tmp directory with out prompt for removal.

 .TP
 .B \-R rpmpackagename[,rpmpackagename...]
 Use the rpm database to discover all files within the specified packages and restore the file contexts.
 .TP
 .B \-C PREVIOUS_FILECONTEXT
 Run a diff on  the PREVIOUS_FILECONTEXT file to the currently installed one, and restore the context of all affected files.

 .TP
 .B \-N time
 Only act on files created after the specified date.  Date must be specified in
 "YYYY\-MM\-DD HH:MM" format.  Date field will be passed to find \-\-newermt command.

 .TP
 .B -v
 Modify verbosity from progress to verbose. (Run restorecon with \-v instead of \-p)

 .SH "ARGUMENTS"
 One of:
 .TP
 .B check
 print any incorrect file context labels, showing old and new context, but do not change them.
 .TP
 .B restore
 change any incorrect file context labels.
 .TP
 .B relabel
 Prompt for removal of contents of /tmp directory and then change any incorrect file context labels to match the install file_contexts file.
 .TP
 .B verify
 List out files with incorrect file context labels, but do not change them.
 .TP
 .B [[dir/file] ... ]
 List of files or directories trees that you wish to check file context on.

 .SH "AUTHOR"
 This man page was written by Richard Hally <rhally@mindspring.com>.
 The script  was written by Dan Walsh <dwalsh@redhat.com>

 .SH "SEE ALSO"
 .BR setfiles (8),
 .BR restorecon (8)
	.TH "fixfiles" "8" "2002031409" "" ""
	.SH "NAME"
	fixfiles \- fix file SELinux security contexts.

	.SH "SYNOPSIS"
	.na

	.B fixfiles
	.I [\-v] [\-F] [\-f] relabel

	.B fixfiles
	.I [\-v] [\-F] { check \| restore \| verify } dir/file ...

	.B fixfiles
	.I [\-v] [\-F] [\-B \| \-N time ] { check \| restore \| verify }

	.B fixfiles
	.I [\-v] [\-F] \-R rpmpackagename[,rpmpackagename...] { check \| restore \| verify }

	.B fixfiles
	.I [\-v] [\-F] \-C PREVIOUS_FILECONTEXT { check \| restore \| verify }

	.B fixfiles
	.I [-F] [-B] onboot

	.ad

	.SH "DESCRIPTION"
	This manual page describes the
	.BR fixfiles
	script.
	.P
	This script is primarily used to correct the security context
	database (extended attributes) on filesystems.
	.P
	It can also be run at any time to relabel when adding support for
	new policy, or just check whether the file contexts are all
	as you expect. By default it will relabel all mounted ext2, ext3, xfs and
	jfs file systems as long as they do not have a security context mount
	option. You can use the \-R flag to use rpmpackages as an alternative.
	The file /etc/selinux/fixfiles_exclude_dirs can contain a list of directories
	excluded from relabeling.
	.P
	.B fixfiles onboot
	will setup the machine to relabel on the next reboot.

	.SH "OPTIONS"
	.TP
	.B \-B
	If specified with onboot, this fixfiles will record the current date in the /.autorelabel file, so that it can be used later to speed up labeling. If used with restore, the restore will only affect files that were modified today.
	.TP
	.B \-F
	Force reset of context to match file_context for customizable files

	.TP
	.B \-f
	Clear /tmp directory with out prompt for removal.

	.TP
	.B \-R rpmpackagename[,rpmpackagename...]
	Use the rpm database to discover all files within the specified packages and restore the file contexts.
	.TP
	.B \-C PREVIOUS_FILECONTEXT
	Run a diff on the PREVIOUS_FILECONTEXT file to the currently installed one, and restore the context of all affected files.

	.TP
	.B \-N time
	Only act on files created after the specified date. Date must be specified in
	"YYYY\-MM\-DD HH:MM" format. Date field will be passed to find \-\-newermt command.

	.TP
	.B -v
	Modify verbosity from progress to verbose. (Run restorecon with \-v instead of \-p)

	.SH "ARGUMENTS"
	One of:
	.TP
	.B check
	print any incorrect file context labels, showing old and new context, but do not change them.
	.TP
	.B restore
	change any incorrect file context labels.
	.TP
	.B relabel
	Prompt for removal of contents of /tmp directory and then change any incorrect file context labels to match the install file_contexts file.
	.TP
	.B verify
	List out files with incorrect file context labels, but do not change them.
	.TP
	.B [[dir/file] ... ]
	List of files or directories trees that you wish to check file context on.

	.SH "AUTHOR"
	This man page was written by Richard Hally <rhally@mindspring.com>.
	The script was written by Dan Walsh <dwalsh@redhat.com>

	.SH "SEE ALSO"
	.BR setfiles (8),
	.BR restorecon (8)