In the scenario I've just presented, either chcon or restorecon will suit your needs just fine. The active SELinux policy mandates what the security contexts in certain directories are supposed to look like. As long as you're using chcon or restorecon within directories that are defined in the active SELinux policy, you're good. But let's say that you've created a directory elsewhere that you want to use for serving out web content files. You would need to set the httpd_sys_content_t type on that directory and all of the files within it. However, if you use chcon or restorecon for that, the change won't survive a system reboot. To make the change permanent, you'll need to use semanage.

For some strange reason, let's say that ...