Linux command
restorecond 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
Example
sudo restorecond
Example
sudo restorecond -v
Example
sudo restorecond -d
Example
sudo restorecond -f [restorecond_file]
Example
sudo systemctl status restorecond
Enable
sudo systemctl enable restorecond --now
说明
restorecond is an SELinux daemon that monitors file creation events using inotify and automatically restores proper SELinux security contexts to newly created files. This is useful for directories where files are frequently created with incorrect contexts by applications that don't set contexts properly. The daemon reads its configuration from /etc/selinux/restorecond.conf, which lists files and directories to watch. When a file matching the configuration is created or modified, restorecond applies the correct context based on SELinux policy.
参数
- -d
- Debug mode; run in foreground with verbose output
- -f _file_
- Use alternate configuration file instead of /etc/selinux/restorecond.conf
- -u
- Watch user home directory (~) for file creation
- -v
- Verbose mode; show restoration events
- -F
- Force mode; do not check device numbers
FAQ
What is the restorecond command used for?
restorecond is an SELinux daemon that monitors file creation events using inotify and automatically restores proper SELinux security contexts to newly created files. This is useful for directories where files are frequently created with incorrect contexts by applications that don't set contexts properly. The daemon reads its configuration from /etc/selinux/restorecond.conf, which lists files and directories to watch. When a file matching the configuration is created or modified, restorecond applies the correct context based on SELinux policy.
How do I run a basic restorecond example?
Run `sudo restorecond` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -d do in restorecond?
Debug mode; run in foreground with verbose output