Shulou(Shulou.com)06/01 Report--

This article mainly introduces the relevant knowledge of "how to use the restorecon command". The editor shows you the operation process through an actual case. The operation method is simple, fast and practical. I hope this article "how to use the restorecon command" can help you solve the problem.

The main purpose of the restorecon command is to restore the attributes of the SELinux file, that is, the security context of the file.

1. Restore the SELinux context of a file

In the following example, the index.html file has the "user_home_t" context type in the SELinux context. For this context type, the apache service will not be accessible.

[root@localhost] # ll-Z / var/www/html/index.html-rw-rw-r--. Root root unconfined_u:object_r:user_home_t:s0 13 Jan 7 11:14 / var/www/html/index.html

Note: the-Z option in the above ls command displays the SELinux context for a specific file. When we use the restorecon command, we don't really need to know the original security context of the file. Restorecon will automatically correct.

The following example restores the security context of index.html to the appropriate value. As shown below, it has reset the type of SELinux context to "httpd_sys_content_t", and apache will now be able to service the file without any errors.

[root@localhost ~] # restorecon / var/www/html/index.html [root@localhost ~] # ll-Z / var/www/html/index.html-rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 13 Jan 7 11:14 / var/www/html/index.html2. Output information when changing the security context

By default, when you execute the restorecon command, it does not prompt you whether the security context of the file has changed.

[root@localhost] # restorecon-v / var/www/html/index.htmlRelabeled / var/www/html/index.html from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s03. Use wildcards to handle multiple objects

The following example modifies the security context of all files under the directory.

[root@localhost] # restorecon-v / var/www/html/*4. Recursive processing of files and directories

You can also use the-R option to recursively reset the security context of the file.

[root@localhost] # restorecon-Rv / var/www/html/Relabeled / var/www/html/sales from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0Relabeled / var/www/html/sales/graph.html from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s05. Restore context based on input file

You can save the file or folder path that needs to restore the security context in a file and use the-f option to specify the file to restore. The default security context needs to be restored in the / var/www/html/testdir directory and the specified files below:

First create a file input.txt and fill in the full path of the directory or file that needs to restore the default security context.

[root@localhost ~] # vim input.txt [root@localhost ~] # cat input.txt/var/www/html/testdir/var/www/html/testdir/file1.txt/var/www/html/testdir/file3.txt/var/www/html/testdir/file5.txt/var/www/html/testdir/file7.txt/var/www/html/testdir/file9.txt

The following uses restorecon to restore:

[root@localhost] # restorecon-Rvf input.txtRelabeled / var/www/html/testdir from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0Relabeled / var/www/html/testdir/file1.txt from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0Relabeled / var/www/html/testdir/file2.txt from unconfined_u:object_ R:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0Relabeled / var/www/html/testdir/file3.txt from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0Relabeled / var/www/html/testdir/file4.txt from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0Relabeled / Var/www/html/testdir/file5.txt from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0Relabeled / var/www/html/testdir/file6.txt from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0Relabeled / var/www/html/testdir/file7.txt from unconfined_u:object_r:admin_home_t:s0 to Unconfined_u:object_r:httpd_sys_content_t:s0Relabeled / var/www/html/testdir/file8.txt from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0Relabeled / var/www/html/testdir/file9.txt from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0Relabeled / var/www/html/testdir/file10. Txt from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s06. Exclude a directory

You can also use the-e option to exclude directories that do not need to restore the security context. In the following example, we are working on all the files in the / var/www/html directory, but not the files in the / var/www/html/ sales subdirectory.

[root@localhost html] # restorecon-e / var/www/html/sales-Rv / var/www/html

You can also provide multiple-e options to exclude multiple files or folders.

This is the end of the introduction to "how to use the restorecon command". Thank you for reading. If you want to know more about the industry, you can follow the industry information channel. The editor will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.