The
utility accepts a list of specification files as input and sets the MAC
labels on the specified file system hierarchies.
Path names specified will be visited in order as given on the command
line, and each tree will be traversed in pre-order.
(Generally, it will not be very useful to use relative paths instead of
absolute paths.)
Multiple entries matching a single file will be combined and applied in
a single transaction.
The following options are available:
-e
Treat any file systems encountered which do not support MAC labelling as
errors, instead of warning and skipping them.
-f specfile
Apply the specifications in
specfile
to the specified paths.
Bf -emphasis
NOTE: Only the first entry for each file is applied;
all others are disregarded and silently dropped.
Ef Multiple
-f
arguments may be specified to include multiple
specification files.
-h
When a symbolic link is encountered, change the label of the link rather
than the file the link points to.
-q
Do not print non-fatal warnings during execution.
-s specfile
Apply the specifications in
specfile
but assume the specification format is compatible with the SELinux
specfile
format.
Bf -emphasis
NOTE: Only the first entry for each file is applied;
all others are disregarded and silently dropped.
Ef The prefix
``sebsd/
''
will be automatically prepended to the labels in
specfile
Labels matching
``<<none>>
''
will be explicitly not relabeled.
This permits SEBSD to reuse existing SELinux policy specification files.
-v
Increase the degree of verbosity.
-x
Do not recurse into new file systems when traversing them.
This software was contributed to the
Fx Project by Network Associates Labs,
the Security Research Division of Network Associates
Inc.
under DARPA/SPAWAR contract N66001-01-C-8035
(``CBOSS''
)
as part of the DARPA CHATS research program.
