restorecon 命令

常用示例

说明

restorecon restores SELinux security contexts on files and directories according to the persistent rules configured in the SELinux file context database. It is typically used after creating new files or when file contexts become incorrect. The tool looks up the correct context in **/etc/selinux/*/contexts/files/** and applies it to the specified files. This is essential for proper SELinux policy enforcement.

参数

-R, -r

Recursively change file labels in directories.

-v

Show changes in file labels.

-n

Don't change any file labels (dry run).

-p

Show progress by printing the number of files in 1k blocks.

-F

Force reset of context to match file_context for customizable files.

-e _directory_

Exclude a directory from recursive operations (repeatable, requires full path).

-f _infilename_

Read a list of files to process from infilename. Use - for stdin.

-T _nthreads_

Use up to nthreads threads for parallel processing.

-i

Ignore files that don't exist.

-x

Prevent restorecon from crossing file system boundaries.

-W

Display warnings about entries that had no matching files.