Hi Sam !
Restorecon is a symbolic link to setfiles.
Setfiles probably offers more options. Most notably, I think you can
choose the file contexts definitions (as far as I remember undocumented,
see belove).
I shall quote the code:
/*
* setfiles:
* Recursive descent,
* Does not expand paths via realpath,
* Aborts on errors during the file tree walk,
* Try to track inode associations for conflict detection,
* Does not follow mounts,
* Validates all file contexts at init time.
*/
/*
* restorecon:
* No recursive descent unless -r/-R,
* Expands paths via realpath,
* Do not abort on errors during the file tree walk,
* Do not try to track inode associations for conflict detection,
* Follows mounts,
* Does lazy validation of contexts upon use.
*/
Hope it helps. Please double-check for correctness.
Least but not last: there are a few undocumented options that I have
tried to document in a patch (see PATCH[1/2] and PATCH[2/2] that I
posted here on Sun, 20 Feb 2011 09:56:48 +0100).
Regards,
Guido
On Wed, 2011-04-27 at 15:59 -0700, Sam Gandhi wrote:
> Looking at man pages of sefiles and restorecon , both mention that
> they initialize security context database ( extended attributes) on
> one or more filesystems.
>
> There are certainly differences between command line arguments, but
> can these programs be used interchangeably as far as extended
> attributes they assign to files?
>
> -Sam
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
> the words "unsubscribe selinux" without quotes as the message.
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
