Security
chcon
Change SELinux security context for files.
selinuxcontextsecurityfile
Additional Notes
chcon changes the SELinux security context of files and directories. Context labels affect what confined processes are allowed to access.
Use it for temporary label changes or testing. For persistent SELinux policy-based labeling, use semanage fcontext followed by restorecon.
Syntax
chcon [options] context file...
chcon [options] --reference=ref-file file...
Parameters
context: SELinux context or part of a context.file: File or directory to relabel.ref-file: File whose context should be copied.options: User, role, type, range, recursion, and reference controls.
Common Options
-t TYPE: Set SELinux type.-u USER: Set SELinux user.-r ROLE: Set SELinux role.-l RANGE: Set SELinux range.-R: Recurse into directories.--reference=FILE: Copy context from another file.
Examples
ls -Z index.html
View current SELinux context.
sudo chcon -t httpd_sys_content_t index.html
Set a web-content type temporarily.
sudo chcon --reference=/var/www/html/index.html ./index.html
Copy context from a reference file.
sudo restorecon -v index.html
Restore the default policy label.
Practical Notes
chconchanges can be overwritten byrestorecon.- Use
semanage fcontextfor persistent custom path labeling. - SELinux must be enabled for labels to affect access decisions.