275560b2a3
Introduce a new file /etc/selinux/fixfiles_exclude_dirs which contains a list of directories which should not be relabeled. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
81 lines
2.4 KiB
Groff
81 lines
2.4 KiB
Groff
.TH "fixfiles" "8" "2002031409" "" ""
|
|
.SH "NAME"
|
|
fixfiles \- fix file SELinux security contexts.
|
|
|
|
.SH "SYNOPSIS"
|
|
|
|
.B fixfiles
|
|
.I [-F] [-l logfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ]
|
|
|
|
.B fixfiles
|
|
.I [-F] [ -R rpmpackagename[,rpmpackagename...] ] [-l logfile ] { check | restore | verify }
|
|
|
|
.B fixfiles
|
|
.I [ -C PREVIOUS_FILECONTEXT ] [-l logfile ] { check | restore | verify }
|
|
|
|
.B fixfiles
|
|
.I onboot
|
|
|
|
.SH "DESCRIPTION"
|
|
This manual page describes the
|
|
.BR fixfiles
|
|
script.
|
|
.P
|
|
This script is primarily used to correct the security context
|
|
database (extended attributes) on filesystems.
|
|
.P
|
|
It can also be run at any time to relabel when adding support for
|
|
new policy, or just check whether the file contexts are all
|
|
as you expect. By default it will relabel all mounted ext2, ext3, xfs and
|
|
jfs file systems as long as they do not have a security context mount
|
|
option. You can use the -R flag to use rpmpackages as an alternative.
|
|
The file /etc/selinux/fixfiles_exclude_dirs can contain a list of directories
|
|
excluded from relabelling.
|
|
.P
|
|
.B fixfiles onboot
|
|
will setup the machine to relabel on the next reboot.
|
|
|
|
.SH "OPTIONS"
|
|
.TP
|
|
.B -l logfile
|
|
Save the output to the specified logfile
|
|
.TP
|
|
.B -F
|
|
Force reset of context to match file_context for customizable files
|
|
|
|
.TP
|
|
.B -f
|
|
Clear /tmp directory with out prompt for removal.
|
|
|
|
.TP
|
|
.B -R rpmpackagename[,rpmpackagename...]
|
|
Use the rpm database to discover all files within the specified packages and restore the file contexts. (-a will get all files in the RPM database).
|
|
.TP
|
|
.B -C PREVIOUS_FILECONTEXT
|
|
Run a diff on the PREVIOUS_FILECONTEXT file to the currently installed one, and restore the context of all affected files.
|
|
|
|
.SH "ARGUMENTS"
|
|
One of:
|
|
.TP
|
|
.B check
|
|
print any incorrect file context labels, showing old and new context, but do not change them.
|
|
.TP
|
|
.B restore
|
|
change any incorrect file context labels.
|
|
.TP
|
|
.B relabel
|
|
Prompt for removal of contents of /tmp directory and then change any incorrect file context labels to match the install file_contexts file.
|
|
.TP
|
|
.B verify
|
|
List out files with incorrect file context labels, but do not change them.
|
|
.TP
|
|
.B [[dir/file] ... ]
|
|
List of files or directories trees that you wish to check file context on.
|
|
|
|
.SH "AUTHOR"
|
|
This man page was written by Richard Hally <rhally@mindspring.com>.
|
|
The script was written by Dan Walsh <dwalsh@redhat.com>
|
|
|
|
.SH "SEE ALSO"
|
|
.BR setfiles (8), restorecon(8)
|
|
|