SELinux Restore Default File Context
Q: I’ve accidentally modified the SELinux context for a file or directory and now my application is not working any more how canI restore the default context?
A: As you probably know SELinux is enabled in Enforcing mode by default on RHEL and Fedora systems and while it helps keep your system secure, of course it is not the panacea to all security risks just one the bricks for a better protection, sometimes it can get in the “middle” of normal operations.
In a system protected by SELinux every file and/or directory has a default context assigned to it which is usually defined by the path under which the object is created and is defined under the /etc/selinux/targeted/contexts/files path in the file_contexts file, I encourage you to open up the file with your favorite editor and have a look at it.
If you changed the context of a file or directory with the chcon command and realize that this disrupted the normal operations of the system you can use the following basic command to restore the default SELinux context :
restorecon -v $FILENAME
That’s is, SELinux will try to match the file path with he default context and will eventually assign it again to the file or directory restoring the original context and hopefully solving the malfunction of the system.
SELinux is a fascinating and really powerful tool which I encourage you to know and use, many administrators simply disable its control, for this reason I will write again about SELinux implementations and its troubleshooting.
Cheers Lethe.