From 863862f78039c320ee9f7feca36c1b6c7d47813d Mon Sep 17 00:00:00 2001
From: cyqsimon <28627918+cyqsimon@users.noreply.github.com>
Date: Thu, 17 Aug 2023 21:34:15 +0800
Subject: [PATCH] semanage-fcontext, restorecon: add page (#10550)

---
 pages/linux/restorecon.md        | 25 +++++++++++++++++++++++++
 pages/linux/semanage-fcontext.md | 25 +++++++++++++++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 pages/linux/restorecon.md
 create mode 100644 pages/linux/semanage-fcontext.md

diff --git a/pages/linux/restorecon.md b/pages/linux/restorecon.md
new file mode 100644
index 000000000..466ca08b2
--- /dev/null
+++ b/pages/linux/restorecon.md
@@ -0,0 +1,25 @@
+# restorecon
+
+> Restore SELinux security context on files/directories according to persistent rules.
+> See also: `semanage-fcontext`.
+> More information: <https://manned.org/restorecon>.
+
+- View the current security context of a file or directory:
+
+`ls -dlZ {{path/to/file_or_directory}}`
+
+- Restore the security context of a file or directory:
+
+`restorecon {{path/to/file_or_directory}}`
+
+- Restore the security context of a directory recursively, and show all changed labels:
+
+`restorecon -R -v {{path/to/directory}}`
+
+- Restore the security context of a directory recursively, using all available threads, and show progress:
+
+`restorecon -R -T {{0}} -p {{path/to/directory}}`
+
+- Preview the label changes that would happen without applying them:
+
+`restorecon -R -n -v {{path/to/directory}}`
diff --git a/pages/linux/semanage-fcontext.md b/pages/linux/semanage-fcontext.md
new file mode 100644
index 000000000..72647e1f1
--- /dev/null
+++ b/pages/linux/semanage-fcontext.md
@@ -0,0 +1,25 @@
+# semanage fcontext
+
+> Manage persistent SELinux security context rules on files/directories.
+> See also: `semanage`, `restorecon`.
+> More information: <https://manned.org/semanage-fcontext>.
+
+- List all file labelling rules:
+
+`sudo semanage fcontext --list`
+
+- List all user-defined file labelling rules without headings:
+
+`sudo semanage fcontext --list --locallist --noheading`
+
+- Add a user-defined rule that labels any path which matches a PCRE regex:
+
+`sudo semanage fcontext --add --type {{samba_share_t}} {{'/mnt/share(/.*)?'}}`
+
+- Delete a user-defined rule using its PCRE regex:
+
+`sudo semanage fcontext --delete {{'/mnt/share(/.*)?'}}`
+
+- Relabel a directory recursively by applying the new rules:
+
+`restorecon -R -v {{path/to/directory}}`