{"id":12729,"date":"2025-12-16T10:11:39","date_gmt":"2025-12-16T04:41:39","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=12729"},"modified":"2025-12-16T10:11:41","modified_gmt":"2025-12-16T04:41:41","slug":"what-is-selinux-on-linux-server","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/what-is-selinux-on-linux-server","title":{"rendered":"What is SELinux on Linux Server? &#8211; Easy Guide in 2026"},"content":{"rendered":"\n<p><strong>SELinux on a Linux server<\/strong> is a mandatory access control system that labels every process and file, then enforces policy rules to confine services and prevent unauthorized access. <\/p>\n\n\n\n<p>In Enforcing mode, it blocks violations; in Permissive, it only logs them; Disabled turns it off. Properly configured, SELinux dramatically reduces breach impact.<\/p>\n\n\n\n<p><strong>If you manage Linux servers<\/strong>, understanding SELinux on Linux server environments is essential for secure hosting. This guide explains how SELinux works, when to use each mode, how to troubleshoot denials, and the exact commands you\u2019ll need. <\/p>\n\n\n\n<p>You\u2019ll learn to configure Apache\/Nginx, open ports, set file labels, and use booleans with practical, real world examples.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-selinux-and-why-it-matters\"><strong>What is SELinux and Why it Matters<\/strong>?<\/h2>\n\n\n\n<p>Security Enhanced Linux <strong>(SELinux)<\/strong> is a kernel level framework developed by the <strong>NSA<\/strong> and open source community to implement Mandatory Access Control <strong>(MAC)<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1536\" height=\"1024\" src=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-63.png\" alt=\"SELinux on Linux Server\" class=\"wp-image-12877\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-63.png 1536w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-63-150x100.png 150w\" sizes=\"auto, (max-width: 1536px) 100vw, 1536px\" \/><\/figure>\n\n\n\n<p>Unlike traditional UNIX permissions <strong>(DAC)<\/strong>, SELinux enforces policy decisions based on labels (security contexts), keeping services like web servers, databases, and mail daemons strictly confined even if an application is exploited.<\/p>\n\n\n\n<p>SELinux ships by default on RHEL, Rocky Linux, AlmaLinux, Fedora, and can be enabled on others. <strong>Ubuntu and Debian typically prefer<\/strong> AppArmor, but SELinux can be used there with extra steps. For <a href=\"https:\/\/www.youstable.com\/blog\/reseller-web-hosting-business\/\">web hosting<\/a>, correctly configured SELinux is one of the strongest layers against lateral movement and privilege escalation.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"how-selinux-works-labels-types-and-policy\"><strong>How SELinux Works (Labels, Types, and Policy)<\/strong><\/h2>\n\n\n\n<p><strong>At the core of SELinux are labels and policy:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Labels (Security Contexts)<\/strong>: Every file, process, and port has a context like <code>system_u:object_r:httpd_sys_content_t:s0<\/code>. The important piece for admins is the <strong>type<\/strong> (e.g., <code>httpd_t<\/code> for Apache, <code>httpd_sys_content_t<\/code> for static web content).<\/li>\n\n\n\n<li><strong>Type Enforcement (TE)<\/strong>: Rules define which types can access others (e.g., <code>httpd_t<\/code> can read <code>httpd_sys_content_t<\/code> but not <code>user_home_t<\/code>).<\/li>\n\n\n\n<li><strong>Booleans<\/strong>: Toggle specific, audited capabilities (e.g., allow Apache to make outbound connections or read user content).<\/li>\n\n\n\n<li><strong>RBAC\/MLS (Advanced)<\/strong>: Role-Based Access Control and Multi-Level Security exist for specialized <a href=\"https:\/\/www.youstable.com\/blog\/create-a-custom-hosting-environment-with-a-dedicated-server\/\">environments but are not required for typical hosting<\/a> setups.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"selinux-modes-explained\"><strong>SELinux Modes Explained<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enforcing<\/strong>: Actively blocks violations, logs AVC denials. Recommended for production after validation.<\/li>\n\n\n\n<li><strong>Permissive<\/strong>: Does not block; only logs denials. Ideal for testing and troubleshooting.<\/li>\n\n\n\n<li><strong>Disabled<\/strong>: SELinux is off. Only use temporarily or if using a distro\/panel that cannot support SELinux.<\/li>\n<\/ul>\n\n\n\n<p><strong>Check and change mode quickly:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>getenforce\nsetenforce 0   # Permissive (runtime)\nsetenforce 1   # Enforcing (runtime)\n\n# Persistent mode (edit and reboot)\nsudo vi \/etc\/selinux\/config\nSELINUX=enforcing    # or permissive\/disabled<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"quick-command-reference-youll-use-daily\"><strong>Quick Command Reference You\u2019ll Use Daily<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>View context of files<\/strong>: <code>ls -Z<\/code><\/li>\n\n\n\n<li><strong>View process context<\/strong>: <code>ps -eZ | grep httpd<\/code><\/li>\n\n\n\n<li><strong>Relabel files to default<\/strong>: <code>restorecon -Rv \/path<\/code><\/li>\n\n\n\n<li><strong>Set persistent file context rule<\/strong>: <code>semanage fcontext -a -t TYPE '\/path(\/.*)?'<\/code><\/li>\n\n\n\n<li><strong>Apply labeling to files<\/strong>: <code>restorecon -Rv \/path<\/code><\/li>\n\n\n\n<li><strong>List\/modify booleans<\/strong>: <code>getsebool -a<\/code>, <code>setsebool -P boolean_name 1<\/code><\/li>\n\n\n\n<li><strong>Manage SELinux ports<\/strong>: <code>semanage port -l<\/code>, <code>semanage port -a -t TYPE -p tcp 8080<\/code><\/li>\n\n\n\n<li><strong>Inspect denials<\/strong>: <code>ausearch -m AVC -ts recent<\/code>, <code>journalctl -t setroubleshoot<\/code><\/li>\n\n\n\n<li><strong>Explain denials<\/strong>: <code>audit2why &lt; \/var\/log\/audit\/audit.log<\/code><\/li>\n\n\n\n<li><strong>Generate allow module<\/strong>: <code>audit2allow -M mymodule &lt; \/var\/log\/audit\/audit.log &amp;&amp; semodule -i mymodule.pp<\/code><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"common-hosting-scenarios-with-fixes\"><strong>Common Hosting Scenarios (With Fixes)<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"1-apache-nginx-serving-content-from-a-custom-directory\"><strong>1. Apache\/Nginx serving content from a custom directory<\/strong><\/h3>\n\n\n\n<p>By default, web content should have httpd_sys_content_t (read-only) or httpd_sys_rw_content_t (read\/write) if the app <a href=\"https:\/\/www.youstable.com\/blog\/upload-files-on-wordpress\/\">uploads files<\/a>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Read-only content\nsudo semanage fcontext -a -t httpd_sys_content_t '\/srv\/www\/site(\/.*)?'\nsudo restorecon -Rv \/srv\/www\/site\n\n# Writable uploads directory\nsudo semanage fcontext -a -t httpd_sys_rw_content_t '\/srv\/www\/site\/uploads(\/.*)?'\nsudo restorecon -Rv \/srv\/www\/site\/uploads<\/code><\/pre>\n\n\n\n<p>Never rely on <code>chcon<\/code> for long-term fixes; it\u2019s non-persistent across relabels. Use <code>semanage fcontext<\/code> plus <code>restorecon<\/code>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"2-web-server-needs-outbound-network-access-apis-payment-gateways\"><strong>2. Web server needs outbound network access (APIs, payment gateways)<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Allow Apache\/Nginx to initiate network connections\nsudo setsebool -P httpd_can_network_connect 1<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"3-listening-on-a-non-standard-port-e-g-8080\"><strong>3. Listening on a non-standard port (e.g., 8080)<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Label TCP 8080 as an HTTP port\nsudo semanage port -a -t http_port_t -p tcp 8080<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"4-databases-and-sockets\"><strong>4. Databases and sockets<\/strong><\/h3>\n\n\n\n<p>Place MySQL\/PostgreSQL data where their default contexts apply, or add explicit rules. For app sockets, label the directory correctly (e.g., <code>httpd_var_run_t<\/code> for web app sockets in <code>\/var\/run<\/code> or <code>\/run<\/code>).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"troubleshooting-selinux-denials-step-by-step\"><strong>Troubleshooting SELinux Denials (Step-by-Step)<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>1. Reproduce the issue<\/strong>: Hit the endpoint or action that fails (e.g., file upload, API call).<\/li>\n\n\n\n<li><strong>2. Check denial logs<\/strong>: Use <code>ausearch -m AVC -ts recent<\/code> or open <code>\/var\/log\/audit\/audit.log<\/code>.<\/li>\n\n\n\n<li><strong>3. Get a human explanation<\/strong>: <code>audit2why &lt; \/var\/log\/audit\/audit.log<\/code> to understand the reason.<\/li>\n\n\n\n<li><strong>4. Fix the root cause<\/strong>: Commonly missing file contexts, wrong booleans, or unlisted ports.<\/li>\n\n\n\n<li><strong>5. Validate in Enforcing<\/strong>: Switch to <code>setenforce 1<\/code>, retest, and ensure no new AVC denials are logged.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Example: see latest AVC denials for httpd\nsudo ausearch -m AVC -c httpd -ts recent | aureport -avc -i\nsudo cat \/var\/log\/audit\/audit.log | audit2why\n# If policy change is truly needed:\nsudo cat \/var\/log\/audit\/audit.log | audit2allow -M myhttpdfix\nsudo semodule -i myhttpdfix.pp<\/code><\/pre>\n\n\n\n<p><strong>Tip:<\/strong> Avoid generating broad \u201callow all\u201d modules. Prefer fixing labels, ports, or booleans first. Only craft a custom policy when you fully understand the implication of each allow rule.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"booleans-youll-actually-use\"><strong>Booleans You\u2019ll Actually Use<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><code>httpd_can_network_connect<\/code>: <\/strong>Allow web server outbound connections.<\/li>\n\n\n\n<li><strong><code>httpd_read_user_content<\/code>:<\/strong> Allow reading content in users\u2019 home directories.<\/li>\n\n\n\n<li><strong><code>httpd_can_sendmail<\/code>:<\/strong> Permit sending emails via local MTA.<\/li>\n\n\n\n<li><strong><code>httpd_enable_homedirs<\/code>:<\/strong> Serve content from <code>~\/public_html<\/code>.<\/li>\n\n\n\n<li><strong><code>ftpd_anon_write<\/code>, <code>ftpd_full_access<\/code>:<\/strong> Control FTP behaviors.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Discover relevant booleans\ngetsebool -a | grep httpd\n# Enable persistently\nsetsebool -P httpd_enable_homedirs 1<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"best-practices-for-running-selinux-in-production\"><strong>Best Practices for Running SELinux in Production<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Keep Enforcing in production<\/strong> after validating in staging or Permissive mode.<\/li>\n\n\n\n<li><strong>Use default paths<\/strong> for services (e.g., <code>\/var\/www<\/code>, <code>\/var\/lib\/mysql<\/code>) to inherit correct contexts.<\/li>\n\n\n\n<li><strong>Prefer semanage + restorecon<\/strong> over <code>chcon<\/code> for persistent, predictable labeling.<\/li>\n\n\n\n<li><strong>Document customizations<\/strong> (fcontext rules, booleans, ports, modules) and version-control them.<\/li>\n\n\n\n<li><strong>Monitor denials<\/strong> regularly; recurring AVCs are a signal to fix configuration, not disable SELinux.<\/li>\n\n\n\n<li><strong>Container awareness: <\/strong>On container hosts, ensure <code>container-selinux<\/code> is installed; use proper volume labels like <code>:z<\/code> or <code>:Z<\/code> with Docker\/Podman.<\/li>\n\n\n\n<li><strong>Don\u2019t over-permit:<\/strong> Avoid broad policies that weaken isolation. Start least privilege and grow narrowly.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"performance-impact-and-stability\"><strong>Performance Impact and Stability<\/strong><\/h2>\n\n\n\n<p>Modern SELinux introduces a minimal overhead (typically low single-digit percentages) in exchange for significant risk reduction. On RHEL-compatible systems it\u2019s mature and stable. Issues usually stem from mislabeling or missing policy rather than SELinux itself.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"selinux-vs-apparmor-quick-comparison\"><strong>SELinux vs AppArmor (Quick Comparison)<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Policy model:<\/strong> SELinux uses label-based Type Enforcement; AppArmor uses path-based profiles.<\/li>\n\n\n\n<li><strong>Distro defaults:<\/strong> SELinux on RHEL\/Rocky\/Alma\/Fedora; AppArmor on Ubuntu\/Debian.<\/li>\n\n\n\n<li><strong>Granularity<\/strong>: SELinux often provides deeper, system-wide confinement; AppArmor can be simpler to author per-app.<\/li>\n\n\n\n<li><strong>Hosting takeaway:<\/strong> If you\u2019re on RHEL-like servers, SELinux is the native, well-supported choice. Stick with the distro default for consistency and tooling.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"when-should-you-disable-selinux\"><strong>When Should You Disable SELinux?<\/strong><\/h2>\n\n\n\n<p>Rarely. Prefer Permissive mode to troubleshoot and fix root causes. Consider disabling only if an essential vendor stack or <a href=\"https:\/\/www.youstable.com\/blog\/control-panel\/\">control panel<\/a> is incompatible and no supported SELinux policy exists. Even then, document the risk and isolate the workload with other controls (network segmentation, strong firewall, WAF).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"real-world-example-fix-a-permission-denied-for-file-uploads\"><strong>Real World Example: Fix a \u201cPermission Denied\u201d for File Uploads<\/strong><\/h2>\n\n\n\n<p>Symptom: Web app can\u2019t write to <code>\/var\/www\/html\/uploads<\/code>; errors show \u201cPermission denied\u201d and an AVC denial in audit logs.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Correct the directory to be writable by the web server\nsudo semanage fcontext -a -t httpd_sys_rw_content_t '\/var\/www\/html\/uploads(\/.*)?'\nsudo restorecon -Rv \/var\/www\/html\/uploads\n\n# If the app needs outbound network calls (e.g., S3, API)\nsudo setsebool -P httpd_can_network_connect 1\n\n# Validate\nsudo ausearch -m AVC -ts recent | audit2why<\/code><\/pre>\n\n\n\n<p>If denials persist, re-check ownership\/UNIX permissions, SELinux context, and required booleans. Avoid turning SELinux off; it\u2019s rarely necessary.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"youstables-take-managed-servers-with-selinux-done-right\"><strong>YouStable\u2019s Take: Managed Servers with SELinux Done Right<\/strong><\/h2>\n\n\n\n<p>At YouStable, we harden RHEL-compatible servers with SELinux in Enforcing mode, pre-tune policies for common stacks (LAMP\/LEMP, PHP-FPM, Node.js), and monitor AVCs so your apps stay secure without surprises. If you prefer to focus on development rather than policy tuning, our managed hosting keeps SELinux working for you.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"action-checklist-to-configure-selinux-safely\"><strong>Action Checklist to Configure SELinux Safely<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Confirm mode:<\/strong> <code>getenforce<\/code>; plan to run Enforcing in production.<\/li>\n\n\n\n<li><strong>Audit current denials:<\/strong> <code>ausearch -m AVC -ts today<\/code>.<\/li>\n\n\n\n<li>Label custom directories with <code>semanage fcontext<\/code> and <code>restorecon<\/code>.<\/li>\n\n\n\n<li>Enable only necessary booleans for your stack.<\/li>\n\n\n\n<li>Map non-standard ports with <code>semanage port<\/code>.<\/li>\n\n\n\n<li>Retest under Enforcing; ensure zero critical AVCs.<\/li>\n\n\n\n<li>Document every SELinux change in your infrastructure repo.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs-about-selinux-on-linux-server\"><strong>FAQ&#8217;s About SELinux on Linux Server<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765604205876\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"is-selinux-necessary-for-a-web-server\"><strong>Is SELinux necessary for a web server?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes\u2014especially on Internet-facing servers. SELinux confines services so a compromised app can\u2019t freely access the system. It\u2019s a critical defense-in-depth control on RHEL-like distributions and adds minimal overhead when correctly configured.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765604215143\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-allow-apache-to-serve-files-from-a-custom-path\"><strong>How do I allow Apache to serve files from a custom path?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p><strong>Assign the correct SELinux type and restore the context:<br \/><\/strong><br \/><code>sudo semanage fcontext -a -t httpd_sys_content_t '\/srv\/www\/site(\/.*)?' sudo restorecon -Rv \/srv\/www\/site<\/code><\/p>\n<p>If uploads are needed, use <code>httpd_sys_rw_content_t<\/code> for the writable directory.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765604263330\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"whats-the-difference-between-permissive-and-enforcing\"><strong>What\u2019s the difference between Permissive and Enforcing?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Permissive logs policy violations but does not block them\u2014useful for testing and diagnosing. Enforcing blocks violations and logs them\u2014use this in production after validation.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765604272768\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-open-a-non-standard-port-with-selinux\"><strong>How do I open a non-standard port with SELinux?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p><strong>Map the port to the correct type:<\/strong><\/p>\n<p><code>sudo semanage port -a -t http_port_t -p tcp 8080<\/code><\/p>\n<p>Ensure your firewall (e.g., firewalld, iptables) also allows the port.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765604295914\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"should-i-disable-selinux-if-an-app-breaks\"><strong>Should I disable SELinux if an app breaks?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>No. Switch to Permissive, reproduce the issue, review AVC logs, and fix contexts\/booleans\/ports. Disabling removes a vital security layer and should be a last resort only when a vendor explicitly doesn\u2019t support SELinux and no policy exists.<\/p>\n<p>Mastering SELinux on Linux servers unlocks stronger isolation, safer deployments, and fewer late-night incidents. With the right habits\u2014label properly, toggle precise booleans, and monitor denials\u2014you can run Enforcing confidently in production. If you need expert help, YouStable can manage this entire layer for you.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>SELinux on a Linux server is a mandatory access control system that labels every process and file, then enforces policy [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":13696,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350,1195],"tags":[],"class_list":["post-12729","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase","category-blogging"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-is-SELinux-on-Linux-Server.jpg","author_info":{"display_name":"Sanjeet Chauhan","author_link":"https:\/\/www.youstable.com\/blog\/author\/sanjeet"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12729","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=12729"}],"version-history":[{"count":7,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12729\/revisions"}],"predecessor-version":[{"id":13698,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12729\/revisions\/13698"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/13696"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=12729"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=12729"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=12729"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}