SELinux file context expressions
When we think that the context of a file is wrong, we need to correct the context. SELinux offers several methods to do so, and some distributions even add in more. We can use tools such as chcon
, restorecon
(together with semanage
), setfiles
, rlpkg
(Gentoo), and fixfiles
(RHEL). Of course, we could also use the setfattr
command, but that would be the least user-friendly approach for setting contexts.
Using context expressions
In the SELinux policy, there is a list of regular expressions that informs the SELinux utilities and libraries what the context of a file (or other file system resource) should be. Though this expression list is not enforced on the system, it is meant for administrators to see whether a context ...
Get SELinux System Administration - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.