Reading and changing file contexts
Let us immediately start off with an example here: a web server hosting dokuwiki, a popular PHP wiki site that uses files rather than a database as its backend system.
Getting context information
The application is hosted at /var/www/localhost/htdocs/dokuwiki and stores its wiki pages (user content) in subdirectories of the data/ directory. Getting the contexts of files can easily be accomplished using the -Z option to ls. Most utilities that are able to provide feedback on contexts will try to do so using the -Z option, as we saw already with the id and ps utilities. Let's look at the context of the dokuwiki directory itself:
# ls -lZ /var/www/localhost/htdocs drwxr-xr-x. 1 root root root:object_r:httpd_sys_content_t 45 May 9 20:05 dokuwiki
File and directory contexts are stored on the filesystem as extended attributes when the filesystem supports this. If not, the context of the files is usually defined by the mounted filesystem type or its mount options...
