How do you display all SELinux context for a file and restore default contexts if needed?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Red Hat Certified Systems Admin Exam EX200. Enhance your skills with interactive quizzes, flashcards, and detailed explanations. Ace your certification exam today!

Multiple Choice

How do you display all SELinux context for a file and restore default contexts if needed?

Explanation:
You manage SELinux file contexts by showing the current context and then applying the policy’s default to the file. First, display the SELinux context for the file with ls -Z filename. This prints the security context currently assigned to that specific file, giving you a snapshot to verify. If you find it isn’t the correct default, restore it using restorecon -v filename. The restorecon command consults the SELinux policy and reapplies the default context for that path, and the -v option makes it show exactly what changes were made. This combination ensures you both verify and revert to the sanctioned context. Other approaches don’t fit as well: listing without a filename shows contexts for multiple items rather than a single file; changing the context with chcon sets a new, user-specified context rather than the policy’s default; getenforce only reports whether SELinux is enforcing; and using restorecon without -v would still restore correctly but wouldn’t provide visibility into the changes.

You manage SELinux file contexts by showing the current context and then applying the policy’s default to the file. First, display the SELinux context for the file with ls -Z filename. This prints the security context currently assigned to that specific file, giving you a snapshot to verify. If you find it isn’t the correct default, restore it using restorecon -v filename. The restorecon command consults the SELinux policy and reapplies the default context for that path, and the -v option makes it show exactly what changes were made. This combination ensures you both verify and revert to the sanctioned context.

Other approaches don’t fit as well: listing without a filename shows contexts for multiple items rather than a single file; changing the context with chcon sets a new, user-specified context rather than the policy’s default; getenforce only reports whether SELinux is enforcing; and using restorecon without -v would still restore correctly but wouldn’t provide visibility into the changes.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy