Fixing the security context of the user file automatically


The user's home directory frequently changes with newly created files or directories. These files must have the correct security context in accordance with the security policy. The restorecond user service is responsible for watching file creation and setting the file security context to the default by policy

To see the effect of the service, we create two files: ~/normal.txt is the normal file and ~/.xscreensaver is the XScreenSaver configuration file. Without the service, both files would be of type user_home_t. The service fixes the file ~/.xscreensaver's context and sets the type to xscreensaver_config_t

Operation of the service is simple but important. If the file security context is not fixed, either the security policy is ineffective, or some tasks may be locked.

That's the new feature of selinux-2019.9.1 binary.


Currently unrated


There are currently no comments

New Comment


required (not published)



What is 10 + 1?