linux_wiki:restore_default_file_contexts

Restore Default File Contexts

General Information

Contexts are defined in a policy and then restored from policy to files.

Restoring Labels

Restore file's default selinux context 

restorecon file.txt


Relabel everything on the filesystem on next boot 

touch /.autorelabel
  • This restores security context for all directories and files system wide on boot

Create Context Labels for New Directories

Method 1: Find a usable context type and create it.


Create a new context rule for a directory “/website” 

semanage fcontext -a -t httpd_sys_content_t '/website(/.*)?'
  • The regular expression “(/.*)?” will include any sub-directories/files if they exist


Method 2: Copy the context type from an existing directory


Copy the source directory context to the target directory (make equal) 

semanage fcontext -a -e /var/www/html /website
restorecon -rv /website


Once context label rules are defined, they need to be restored to the directory


Restore Defined Context Rule 

restorecon -rv /website


Delete Defined Context Rule (if you made a mistake creating it) 

semanage fcontext -d "/website(/.*)?"
  • linux_wiki/restore_default_file_contexts.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)