Restore Default File Contexts

General Information

Contexts are defined in a policy and then restored from policy to files.

Restore file's default selinux context

restorecon file.txt

Relabel everything on the filesystem on next boot

touch /.autorelabel
  • This restores security context for all directories and files system wide on boot

Method 1: Find a usable context type and create it.

Create a new context rule for a directory “/website”

semanage fcontext -a -t httpd_sys_content_t '/website(/.*)?'
  • The regular expression “(/.*)?” will include any sub-directories/files if they exist

Method 2: Copy the context type from an existing directory

Copy the source directory context to the target directory (make equal)

semanage fcontext -a -e /var/www/html /website
restorecon -rv /website

Once context label rules are defined, they need to be restored to the directory

Restore Defined Context Rule

restorecon -rv /website

Delete Defined Context Rule (if you made a mistake creating it)

semanage fcontext -d "/website(/.*)?"

  • linux_wiki/restore_default_file_contexts.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)