This program is primarily used to initialise the security context
database (extended attributes) on one or more filesystems. This
program is initially run as part of the SE Linux installation process.
It can also be run at any time to correct errors, to add support for
new policy, or with the -n option it can just check whether the file
contexts are all as you expect.
It is the same executable as
but operates in a slightly different manner depending on it's argv.
check the validity of the contexts against the specified binary policy.
show what specification matched each file.
log changes in file labels to syslog.
don't change any file labels.
suppress non-error output.
use an alternate root path
directory to exclude (repeat option for more than one directory.)
Force reset of context to match file_context for customizable files
save list of files with incorrect context in filename.
take a list of files from standard input instead of using a pathname on the
show changes in file labels, if type or role are changing.
show changes in file labels, if type, role, or user are changing.
show a progress indication in the form of one dot per 1000 files.
display warnings about entries that had no matching files.
Input items are terminated by a null character instead of by whitespace, and the quotes and backslash are not special (every character is taken literally). Disables the end of file string, which is treated like any other argument. Useful when input items might contain white space, quote marks, or backslashes.The GNU find -print0 option produces input suitable for this mode.
The specification file which contains lines of the following form
regexp [ -type ] ( context | <<none>> )
The regular expression is anchored at both ends. The optional type field
specifies the file type as shown in the mode field by the
program, e.g. -- to match only regular files or -d to match only
directories. The context can be an ordinary security context or the
string <<none>> to specify that the file is not to have its context
The last matching specification is used. If there are multiple hard
links to a file that match different specifications and those
specifications indicate different security contexts, then a warning is
displayed but the file is still labeled based on the last matching
specification other than <<none>>.
The pathname for the root directory of each file system to be relabeled.
Not used if the
option is used.