Using restorecon is easy. Just type restorecon, followed by the name of the file that you need to change. Once again, I’ve changed the context of the index.html file back to the home directory type. This time, though, I’m using restorecon to set the correct type:
$ ls -Z -rw-rw-r--. web web unconfined_u:object_r:user_home_t:s0 index.html
$ sudo restorecon index.html
$ ls -Z -rw-rw-r--. web web unconfined_u:object_r:httpd_sys_content_t:s0 index.html
And that’s all there is to it.
The restorecon command is a part of the policycoreutil package, so in order to use this command, this package should be installed on the system.
restorecon Command Examples
1. To restore files default SELinux security contexts:
# restorecon
2. To ignore the files that do not exists:
# restorecon -i
3. To specify the directory to be excluded:
# restorecon -e /var
4. To change the files and directories file labels recursuively:
# restorecon -r # restorecon -R
5. To not to change any file labels:
# restorecon -n
6. To save list of files with incorrect context in outfilename:
# restorecon -o /tmp/file
7. To show progress by printing * every 1000 files:
# restorecon -p
8. To show changes in file labels:
# restorecon -v
9. To show changes in file labels, with type, role, or user are changing:
# restorecon -vv
10. To force reset of context to match file_context for customizable files:
# restorecon -F
Conclusion
Using the restorecon command is the most popular and preferred way of modifying the SELinux context of a file or directory. As is visible from the name of the restorecon command, it is used to restore the default context of a file or directory by reading the default rules set in the SELinux policy. If the wrong context is applied, restorecon automatically corrects it from the policy of the filesystem.