LabEx
Log InJoin Free

Restore Default File Contexts

Red Hat Enterprise LinuxBeginner
Practice Now

Introduction

In this challenge, you will learn how to restore the default SELinux file contexts on a Red Hat Enterprise Linux system. File contexts are a fundamental component of SELinux, defining the security properties of files and directories. Misconfigured contexts can lead to access denials and security vulnerabilities. Mastering the restorecon command is an essential skill for any system administrator working with SELinux-enabled systems.

This is a Challenge, which differs from a Guided Lab in that you need to try to complete the challenge task independently, rather than following the steps of a lab to learn. Challenges are usually a bit difficult. If you find it difficult, you can discuss with Labby or check the solution. Historical data shows that this is a beginner level challenge with a 100% pass rate. It has received a 100% positive review rate from learners.

Restore Default File Contexts

Your task is to identify a file with an incorrect SELinux context and use the appropriate command to restore it to the default policy-defined context. This is a common task when files are moved or created in a way that does not assign the correct security label.

Tasks

  • Check the current SELinux context of the file /home/labex/example.txt.
  • Use the restorecon command to fix the incorrect context.
  • Verify that the file's context has been restored to its default value.

Requirements

  • All operations must be performed on the file /home/labex/example.txt.
  • You must use the restorecon command to fix the context.
  • You may need sudo privileges to run restorecon.

Hints

  • Use the ls -Z command to view the SELinux context of a file.
  • The restorecon command may require sudo privileges. Adding the -v (verbose) option will show you which files have had their contexts changed.
  • If restorecon shows no output, it means the file already has the correct context according to the current SELinux policy.

Example

This example shows the expected change in the file context. Your goal is to achieve this result.

Before restoring the context, the file may have an incorrect type (such as httpd_exec_t):

[labex@host ~]$ ls -Z /home/labex/example.txt
unconfined_u:object_r:httpd_exec_t:s0 /home/labex/example.txt

After successfully restoring the context, the file should have the correct default type (typically user_home_t or user_home_file_t):

[labex@host ~]$ ls -Z /home/labex/example.txt
unconfined_u:object_r:user_home_t:s0 /home/labex/example.txt
✨ Check Solution and Practice

Summary

In this challenge, you have learned how to manage SELinux file security by restoring default file contexts. You practiced identifying a file with an incorrect context, using the restorecon command to correct it, and verifying the change. This is a crucial skill for maintaining system integrity and ensuring SELinux policies are correctly enforced on a Red Hat Enterprise Linux system.

Related Red Hat Enterprise Linux Courses
Red Hat System Administration (RH124) Certification Labs

Red Hat System Administration (RH124) Certification Labs

rhellinux
Red Hat System Administration (RH134) Certification Labs

Red Hat System Administration (RH134) Certification Labs

rhellinux
Red Hat Enterprise Linux Automation with Ansible (RH294) Certification Labs

Red Hat Enterprise Linux Automation with Ansible (RH294) Certification Labs

rhelansiblelinux