Search

Security-enhanced Linux (SELinux) - Filesystem Relabeling

Security-enhanced Linux (SELinux) filesystem security context labels are associated with files and are stored as extended attributes. If the Security-enhanced Linux (SELinux) is disabled, the security context labels  will no more written as attribute and become out of sync.

To relabel part or all of the Linux filesystem without a reboot, the "fixfiles" and "restorecon" commands can be used.

The SELinux "restorecon" command

The SELinux "restorecon" command sets the security context of one or more files by marking the extended attributes with the appropriate file or security context.

Example:

[root@RHEL03 ~]# restorecon -F -R /ftp

The SELinux "fixfiles" command

The SELinux "fixfiles" command checks or corrects the security context database on the file system.

Example:

[root@RHEL04 /]# fixfiles -l /root/fixchek.txt relabel

How to relabel entire filesystem

To relabel entire filesystem, create “/.autorelabel” hidden file and restart the Linux computer. The automatic relabeling of the entire filesystem will take place during the boot process. Remember, you need to reboot the server to accomplish this.

Related Tutorials
• Basic Linux Commands
• Linux file permissions
• What is Security-enhanced Linux (SELinux), Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role-based Access Control (RBAC)?
• Security-enhanced Linux (SELinux) Security Contexts
• How Security-enhanced Linux (SELinux) works
• Security-enhanced Linux (SELinux) configuration-file (/etc/selinux/conf)
• Important Security-enhanced Linux (SELinux) commands