restorecon(8)restorecon(8)NAMErestorecon - restore file(s) default SELinux security contexts.
SYNOPSISrestorecon [-o outfilename ] [-R] [-n] [-p] [-v] [-e directory ] path‐
name...
restorecon-f infilename [-o outfilename ] [-e directory ] [-R] [-n]
[-p] [-v] [-F]
DESCRIPTION
This manual page describes the restorecon program.
This program is primarily used to reset the security context (type)
(extended attributes) on one or more files.
It can be run at any time to correct errors, to add support for new
policy, or with the -n option it can just check whether the file con‐
texts are all as you expect.
If a file object does not have a context, restorecon will write the
default context to the file object's extended attributes. If a file
object has a context, restorecon will only modify the type portion of
the security context. The -F option will force a replacement of the
entire context.
OPTIONS-i ignore files that do not exist
-f infilename
infilename contains a list of files to be processed by applica‐
tion. Use - for stdin.
-e directory
directory to exclude (repeat option for more than one direc‐
tory.)
-R -r change files and directories file labels recursively
-n don't change any file labels.
-o outfilename
save list of files with incorrect context in outfilename.
-p show progress by printing * every 1000 files.
-v show changes in file labels.
-F Force reset of context to match file_context for customizable
files, and the default file context, changing the user, role,
range portion as well as the type.
ARGUMENTS
pathname... The pathname for the file(s) to be relabeled.
NOTErestorecon does not follow symbolic links.
AUTHOR
This man page was written by Dan Walsh <dwalsh@redhat.com>. Some of
the content of this man page was taken from the setfiles man page writ‐
ten by Russell Coker <russell@coker.com.au>. The program was written
by Dan Walsh <dwalsh@redhat.com>.
SEE ALSOload_policy(8), checkpolicy(8)setfiles(8)
2002031409 restorecon(8)