Display and Restore File and Directory Security Contexts with SELinux

1 hour
  • 2 Learning Objectives

About this Hands-on Lab

This learning activity will allow the student to practice troubleshooting and resolving SELinux filesystem context issues. Being able to discover and resolve SELinux context issues is a key concept when working with SELinux. At the end of this activity, the student will understand how to view and apply new security contexts to files and directories.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Check the Directory and Index File Security Context

Compare the SELinux Security Context of /var/www/html to the /var/www/html/web-api directory to determine if the context of the new directory and its contents need to be adjusted. This can be queried with the command:

ls -Z /var/www

and view the context, which should read something like:

drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html

and view the context of the web-api directory via:

ls -Z /var/www/html

and view the context, which will look different, something like:

drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 web-api

Note the ‘html’ directory appears to have a specific context for HTTPD access by the service itself.

Restore the Appropriate Security Context to the API Directory

Now that you know the security context is not appropriate for httpd, since it exists within the httpd directory, you can take advantage of the setting by just restoring the context of the files and directories in the web /var/www/html directory. Execute the following command from within the /var/www/html directory either as root or using ‘sudo’:

restorecon -R web-api

Additional Resources

Using the provided username and password credentials, access the server IP provisioned when this activity is started. Check the Activity Guide for specific instructions on what you are being asked to do.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?