setfiles 命令

常用示例

说明

setfiles initializes and corrects SELinux security context labels on filesystems based on pattern-to-context mappings in a specification file. It is the primary tool for relabeling files after SELinux policy changes or system installation. The specification file (typically /etc/selinux/targeted/contexts/files/file_contexts) contains regular expressions matched against file paths to determine appropriate security contexts. Unlike restorecon, setfiles requires an explicit specification file argument.

参数

-c _policy_

Validate contexts against the specified binary policy file

-d

Show which specification matched each file (debug)

-e _directory_

Exclude directory from labeling (can be repeated)

-f _infilename_

Read list of files to process from a file

-F

Force complete context replacement including user, role, and range

-n

Dry run; show what would be changed without modifying

-p

Show progress as percentage or 1024-block increments

-r _rootpath_

Use alternate root path for context matching

-s

Log changes to syslog instead of stdout

-v

Verbose; show files whose labels are changed

-T _nthreads_

Number of threads to use (0 = number of CPU cores)

-I

Ignore stored directory digests; force label checking

-D

Set or update directory SHA1 digests in extended attributes

-W

Display warnings about entries that have no matching specification

-l

Log changes to the file named by the SETFILES_PROGRESS environment variable at 10-second intervals