Home > Package & System Management > restorecon

restorecon: Restore SELinux Security Contexts

The restorecon command is used to restore the SELinux security contexts of files and directories on the filesystem to their system policy-defined defaults. This is essential for resolving access denial issues that can occur when files have incorrect contexts, particularly useful after moving, copying, or creating files where the context might not have been set correctly.

Overview

restorecon restores the SELinux security context of files or directories to the default defined in the policy on systems with SELinux enabled. It is primarily used to resolve permission issues that may arise after moving, copying, or manually changing files.

Key Features

  • Restores SELinux security contexts
  • Resolves access issues caused by incorrect contexts
  • Can process directories recursively

Key Options

The main options for the restorecon command help in fine-grained control over how contexts are restored.

Operation Modes

Output and Testing

Generated command:

Try combining the commands.

Description:

`restorecon` Executes the command.

Combine the above options to virtually execute commands with AI.

Usage Examples

Learn how to effectively manage SELinux contexts through various usage examples of the restorecon command.

Restore Context of a Single File

sudo restorecon /path/to/your/file.txt

Restores the SELinux security context of a specific file to its default value.

Recursively Restore Directory and Sub-files

sudo restorecon -R /var/www/html

Recursively restores the contexts of a specified directory and all files and directories within it.

Preview Changes (Dry Run)

sudo restorecon -Rv -n /etc/httpd

Check which file contexts will be changed before applying actual modifications.

Force Restore All Contexts

sudo restorecon -RFv /var/log/audit

Forces the restoration of all contexts in the specified path, including files that already have the correct context.

Installation

The restorecon command is typically included as part of the `policycoreutils` package on systems with SELinux enabled. If the command is not found, you can install it using the following methods.

CentOS/RHEL/Fedora

sudo yum install policycoreutils
# Or for newer versions:
sudo dnf install policycoreutils

Installs the `policycoreutils` package on Red Hat-based Linux distributions.

Debian/Ubuntu (if SELinux is enabled)

sudo apt update
sudo apt install selinux-utils

Installs the `selinux-utils` package if you are using SELinux on Debian/Ubuntu.

Tips & Precautions

Consider the following tips and precautions when using restorecon to maintain system stability.

Important Tips

  • Always check the changes first with the `-n` (dry run) option.
  • Understanding SELinux policies is crucial. You can check default context rules with the `semanage fcontext -l` command.
  • Contexts may not be preserved when moving files, so it's recommended to run restorecon after moving them.

Precautions

  • Use the `-F` (force) option with caution. Unnecessary context changes can affect system performance, and incorrect usage can lead to system instability.
  • Restoring incorrect contexts can lead to service interruptions. Always consider backing up or testing on a staging environment before applying to critical system files.

Same category commands

acl

ACL: Access Control List Management

anacron

anacron: Run periodic commands when the system is not running

ansible

ansible: Remote Server Management and Automation

apropos

apropos: Search Manual Pages

apt

APT (Advanced Package Tool) Command Guide