Modifying file contexts
We now know how to set SELinux contexts, both directly through tools such as chcon as well as through the restorecon application, which queries the SELinux context list to know what context a file should have. But restorecon is not the only application that considers this context list.
Using setfiles, rlpkg, and fixfiles
Using semanage fcontext and restorecon is the preferred method for changing file contexts, but other tools exist that impact file contexts on a system.
The setfiles application is an older one, which requires the path to the context list file itself in order to reset contexts. Although it is often used under the hood of other applications, most administrators do not need to call setfiles directly anymore:
# setfiles /etc/selinux/targeted/contexts/files/file_contexts /srv/www
Another set of tools are the rlpkg (Gentoo) and fixfiles (RHEL) applications. Both these applications have a nice feature: they can be used to reset the contexts of the files of...
