Two of the main tools that we can use to help manage SELinux are chcon and restorecon. The chcon command helps to change the SELinux context or TYPE of what will most often be a single or perhaps sometimes a few files that can be referenced easily together with some form of wildcard. The restorecon command can be used to reset a file or directory and its contents to their default SELinux context. These default settings for directories are stored in the /etc/selinux/targeted/contexts/files/file-context file.

With grep, we can search for httpd_sys_content_t, whereas in the output, we should see the default label for files under /var/www. This is the directory were we would expect to find web server content:

# grep httpd_sys_content_t \ 
/etc/selinux/targeted/contexts/files/file_contexts

The output of the preceding command is as follows:

/var/www(/.*)? system_u:object_r:httpd_sys_content_t:s0

We can now try to break the system...