SELinux file context expressions
When we think that the context of a file is wrong, we need to correct the context. SELinux offers several methods to do so, and some distributions even add in more. We can use tools such as chcon, restorecon (together with semanage), setfiles, rlpkg (Gentoo), and fixfiles (RHEL). Of course, we could also use the setfattr command, but that would be the least user-friendly approach for setting contexts.
Using context expressions
In the SELinux policy, there is a list of regular expressions that informs the SELinux utilities and libraries what the context of a file (or other file system resource) should be. Though this expression list is not enforced on the system, it is meant for administrators to see whether a context is correct, and for tools that need to reset contexts to what they are supposed to be. The list itself is stored on the file system in /etc/selinux/targeted/contexts/files in the file_contexts.* files.
As an administrator, we can query parts of...
