====== Restore Default File Contexts ======

**General Information**

Contexts are defined in a policy and then restored from policy to files. 

----

===== Restoring Labels =====

Restore file's default selinux context
<code bash>
restorecon file.txt
</code>

\\
Relabel everything on the filesystem on next boot
<code bash>
touch /.autorelabel
</code>
  * This restores security context for all directories and files system wide on boot

----

===== Create Context Labels for New Directories =====

**Method 1**: Find a usable context type and create it.

\\
Create a new context rule for a directory "/website"
<code bash>
semanage fcontext -a -t httpd_sys_content_t '/website(/.*)?'
</code>
  * The regular expression "(/.*)?" will include any sub-directories/files if they exist

\\
**Method 2**: Copy the context type from an existing directory

\\
Copy the source directory context to the target directory (make equal)
<code bash>
semanage fcontext -a -e /var/www/html /website
restorecon -rv /website
</code>

\\
**Once context label rules are defined, they need to be restored to the directory**

\\
Restore Defined Context Rule
<code bash>
restorecon -rv /website
</code>

\\
Delete Defined Context Rule (if you made a mistake creating it)
<code bash>
semanage fcontext -d "/website(/.*)?"
</code>

----