chcon program can change the context of a file; however, changes made
chcon are not preserved if the file is relabeled with
if the entire file system is relabeled using
touch /.autorelabel and then
semanage program can make persistent customizations to the
SELinux policy configuration.
semanage, you must be the Linux root user and in a role allowed to
semanage, such as sysadm_r or unconfined_r. The following example
semanage to set the myfile_t type for the “/path/to/myfile” file:
# semanage fcontext -a -t myfile_t /path/to/myfile
semanage command adds an entry in the system file contexts. This entry
will be persistent, even after the distribution policy is updated. If you
change policies, for example, from targeted to MLS, you must re-run the above
command to add the entry to the new policy. Run the restorecon command to
apply the changes added via
# restorecon /path/to/myfile # ls -Z /path/to/myfile system_u:object_r:myfile_t /path/to/myfile
semanage allows for policy
management. Specifically the
semanage fcontext can alter the default file
contexts in the policy for any given file or folder.
restorecon restores the default
SELinux file context for a file or folder.
chcon changes the file SELinux
Portions of this page's content are copied from this page for non-commercial, education purposes.