{"id":13252,"date":"2025-12-20T11:12:59","date_gmt":"2025-12-20T05:42:59","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=13252"},"modified":"2025-12-24T16:18:00","modified_gmt":"2025-12-24T10:48:00","slug":"use-selinux-on-linux","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/use-selinux-on-linux","title":{"rendered":"How to Use SELinux on Linux Server? Fix Denials and AVC Errors"},"content":{"rendered":"\n<p>SELinux <strong>(Security-Enhanced Linux)<\/strong> is a kernel-level Mandatory Access Control system that labels processes and files and enforces policy rules. To use SELinux on a Linux server: keep it in Enforcing mode, label files correctly, enable safe SELinux booleans, and troubleshoot denials with audit logs, restorecon, and minimal custom policy modules.<\/p>\n\n\n\n<p>Learning how to use SELinux on Linux server environments is one of the most impactful steps you can take to harden infrastructure. <\/p>\n\n\n\n<p>This beginner-friendly guide breaks down SELinux modes, policies, labels, and the exact commands you\u2019ll use daily\u2014plus practical web server examples, troubleshooting tips, and best practices from real-world hosting.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-selinux-and-why-it-matters\"><strong>What is SELinux and Why it Matters<\/strong>?<\/h2>\n\n\n\n<div class=\"wp-block-media-text has-media-on-the-right is-stacked-on-mobile\"><div class=\"wp-block-media-text__content\">\n<p>SELinux adds Mandatory Access Control (MAC) to Linux. Instead of relying only on Unix permissions and sudo, SELinux labels processes and objects (files, ports, sockets, etc.) and enforces a policy describing precisely what each domain (type) can do. If a process tries to do something outside that policy, the kernel denies it and logs an AVC (Access Vector Cache) message.<\/p>\n<\/div><figure class=\"wp-block-media-text__media\"><img loading=\"lazy\" decoding=\"async\" width=\"1168\" height=\"784\" src=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-Is-SELinux-and-Why-It-Matters.png\" alt=\"What Is SELinux and Why It Matters\" class=\"wp-image-13592 size-full\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-Is-SELinux-and-Why-It-Matters.png 1168w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-Is-SELinux-and-Why-It-Matters-150x101.png 150w\" sizes=\"auto, (max-width: 1168px) 100vw, 1168px\" \/><\/figure><\/div>\n\n\n\n<p>On enterprise distributions\u2014RHEL, CentOS Stream, AlmaLinux, Rocky Linux, and Fedora\u2014SELinux is first-class and supported out of the box. Ubuntu and Debian favor AppArmor by default, though SELinux can be installed with extra steps. In hosting, SELinux helps contain compromises so a single vulnerable service doesn\u2019t become a full-system breach.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"selinux-modes-and-policies\"><strong>SELinux Modes and Policies<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"selinux-modes\"><strong>SELinux Modes<\/strong><\/h3>\n\n\n\n<p>Mode controls how the policy is applied:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enforcing<\/strong>: Blocks violations and logs AVC denials (recommended for production).<\/li>\n\n\n\n<li><strong>Permissive<\/strong>: Doesn\u2019t block; only logs what would have been denied (useful for troubleshooting).<\/li>\n\n\n\n<li><strong>Disabled<\/strong>: SELinux is off and provides no protection (avoid except for rare, temporary cases).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"selinux-policies\"><strong>SELinux Policies<\/strong><\/h3>\n\n\n\n<p>Policy defines the rules. Most servers use:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>targeted<\/strong>: Default. Confines network-facing services like httpd, named, sshd.<\/li>\n\n\n\n<li><strong>mls<\/strong>: Multi-Level Security for highly classified environments.<\/li>\n\n\n\n<li><strong>minimum<\/strong>: Smaller subset for compact systems.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"when-to-use-each\"><strong>When to Use Each<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Production servers:<\/strong> Enforcing + targeted.<\/li>\n\n\n\n<li><strong>Troubleshooting: <\/strong>Temporarily switch to Permissive.<\/li>\n\n\n\n<li><strong>Special compliance: <\/strong>Consider mls with careful planning.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"quick-start-enable-and-verify-selinux\"><strong>Quick Start: Enable and Verify SELinux<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"check-current-status\"><strong>Check Current Status<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>getenforce\nsestatus<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"temporarily-switch-modes\"><strong>Temporarily Switch Modes<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Enforce for this boot only:\nsudo setenforce 1\n\n# Permissive for this boot only:\nsudo setenforce 0<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"enable-enforcing-mode-permanently-rhel-centos-alma-rocky-fedora\"><strong>Enable Enforcing Mode Permanently (RHEL\/CentOS\/Alma\/Rocky\/Fedora)<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo sed -i 's\/^SELINUX=.*\/SELINUX=enforcing\/' \/etc\/selinux\/config\nsudo sed -i 's\/^SELINUXTYPE=.*\/SELINUXTYPE=targeted\/' \/etc\/selinux\/config\nsudo reboot<\/code><\/pre>\n\n\n\n<p>After reboot, verify with <code>sestatus<\/code>. If you\u2019re migrating from <code>disabled<\/code>, the system may relabel on boot (expect a longer first reboot). This ensures default contexts are applied correctly.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"note-for-ubuntu-debian-users\"><strong>Note for Ubuntu\/Debian Users<\/strong><\/h3>\n\n\n\n<p>Ubuntu and Debian use AppArmor by default. You can <a href=\"https:\/\/www.youstable.com\/blog\/install-selinux-on-linux\/\">install SELinux<\/a>, but it\u2019s more complex and less documented on those platforms. For most users, stick with AppArmor there, or choose a RHEL-compatible distro for first-class SELinux support.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"core-selinux-concepts-youll-actually-use\"><strong>Core SELinux Concepts You\u2019ll Actually Use<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"labels-contexts-and-types\"><strong>Labels (Contexts) and Types<\/strong><\/h3>\n\n\n\n<p>Every process and object has a context like <code>system_u:object_r:httpd_sys_content_t:s0<\/code>. The type (e.g., <code>httpd_t<\/code> for the Apache process and <code>httpd_sys_content_t<\/code> for web files) is what policy rules use to allow or deny actions.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># View file contexts\nls -Z \/var\/www\/html\n\n# View process contexts\nps -eZ | grep httpd<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"booleans-feature-toggles\"><strong>Booleans (Feature Toggles)<\/strong><\/h3>\n\n\n\n<p>Booleans safely toggle optional capabilities without custom policy. For example, let Apache connect to the network or read user content.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># List all booleans\ngetsebool -a | less\n\n# Enable httpd network connections (persistent)\nsudo setsebool -P httpd_can_network_connect on<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"managing-ports-with-semanage\"><strong>Managing Ports with semanage<\/strong><\/h3>\n\n\n\n<p>SELinux maps services to allowed ports. If you run a service on a non-standard port, register it with <code>semanage port<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Allow httpd to listen on TCP 8080\nsudo semanage port -a -t http_port_t -p tcp 8080\n\n# Verify mapping\nsudo semanage port -l | grep http_port_t<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"common-admin-tasks-with-selinux-step-by-step\"><strong>Common Admin Tasks with SELinux (Step by Step)<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"serve-web-content-from-a-custom-directory\"><strong>Serve Web Content from a Custom Directory<\/strong><\/h3>\n\n\n\n<p>Goal: Serve content from <code>\/srv\/www<\/code> with Apache or NGINX under SELinux.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># 1) Define default file contexts for the path\nsudo semanage fcontext -a -t httpd_sys_content_t \"\/srv\/www(\/.*)?\"\n\n# 2) Apply labels on disk\nsudo restorecon -R -v \/srv\/www\n\n# 3) If the service must write to that path, use a writeable type:\n#    (Or better, keep writes to a separate directory)\nsudo semanage fcontext -a -t httpd_sys_rw_content_t \"\/srv\/www\/uploads(\/.*)?\"\nsudo restorecon -R -v \/srv\/www\/uploads<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"allow-web-server-to-reach-backends-apis-dbs\"><strong>Allow Web Server to Reach Backends (APIs\/DBs)<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Permit outbound network connections from httpd\nsudo setsebool -P httpd_can_network_connect on\n\n# If <a href=\"https:\/\/www.youstable.com\/blog\/error-establishing-database-connection\/\">connecting to databases<\/a> via TCP sockets, no special file labels are needed.\n# For local Unix sockets, ensure the socket path has a suitable type the httpd_t domain can use.<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"run-a-service-on-a-non-standard-port\"><strong>Run a Service on a Non-Standard Port<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Example: move SSH to 2222 (after updating sshd_config)\nsudo semanage port -a -t ssh_port_t -p tcp 2222\nsudo systemctl restart sshd<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"fix-mislabeled-files-after-a-restore-or-migration\"><strong>Fix Mislabeled Files After a Restore or Migration<\/strong><\/h3>\n\n\n\n<p>When files are copied or restored, labels can break. Reset them to the policy defaults:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Recursively restore default labels under \/var\/www\/html\nsudo restorecon -RFvv \/var\/www\/html\n\n# If defaults don't exist, define them first with semanage fcontext (then restorecon).<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"troubleshooting-selinux-denials-the-right-way\"><strong>Troubleshooting SELinux Denials the Right Way<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"where-to-look\"><strong>Where to Look<\/strong><\/h3>\n\n\n\n<p>AVC denials are logged to <code>\/var\/log\/audit\/audit.log<\/code> (auditd) or sometimes <code>\/var\/log\/messages<\/code>\/<code>journalctl<\/code>. Start here:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ausearch -m avc -ts recent\nsudo tail -f \/var\/log\/audit\/audit.log\nsudo journalctl -t setroubleshoot --since \"1 hour ago\"<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"understand-and-fix-with-audit2why-and-audit2allow\"><strong>Understand and Fix with audit2why and audit2allow<\/strong><\/h2>\n\n\n\n<p>These tools translate denials and build minimal allow rules. Prefer booleans and correct labeling before custom modules.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Explain why it was denied\nsudo ausearch -m avc -ts recent | audit2why\n\n# If needed, generate a small policy module\nsudo ausearch -m avc -ts recent | audit2allow -M mypolicy\nsudo semodule -i mypolicy.pp<\/code><\/pre>\n\n\n\n<p>Review the generated rules carefully; avoid broad permissions. In most hosting cases, correcting file contexts (restorecon) or flipping a boolean solves the issue without custom policy.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"best-practices-for-running-selinux-in-production\"><strong>Best Practices for Running SELinux in Production<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keep SELinux in <strong>Enforcing<\/strong>. Use <strong>Permissive<\/strong> only while diagnosing, then switch back.<\/li>\n\n\n\n<li>Prefer <strong>semanage fcontext<\/strong> + <strong>restorecon<\/strong> over ad-hoc <code>chcon<\/code> so labels persist across relabels.<\/li>\n\n\n\n<li>Use <strong>booleans<\/strong> (e.g., <code>httpd_can_network_connect<\/code>) before writing custom policy.<\/li>\n\n\n\n<li>Track changes in configuration management (Ansible, Terraform) for repeatability.<\/li>\n\n\n\n<li>Monitor AVC denials routinely; build alerts for spikes.<\/li>\n\n\n\n<li>Document any non-standard ports with <code>semanage port<\/code> for services.<\/li>\n\n\n\n<li>Test in staging with SELinux Enforcing to catch issues before production.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"selinux-vs-apparmor-quick-comparison\"><strong>SELinux vs. AppArmor (Quick Comparison)<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Model<\/strong>: SELinux uses labels and fine-grained type enforcement; AppArmor profiles paths and capabilities.<\/li>\n\n\n\n<li><strong>Distributions<\/strong>: SELinux is native on RHEL-family and Fedora; AppArmor is default on Ubuntu\/Debian.<\/li>\n\n\n\n<li><strong>Granularity<\/strong>: SELinux offers very granular, system-wide policy; AppArmor is simpler to start with but path-centric.<\/li>\n\n\n\n<li><strong>Hosting tip<\/strong>: Choose the model your distro supports best; don\u2019t mix without a strong reason.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"real-world-use-cases-from-hosting\"><strong>Real-World Use Cases from Hosting<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>LAMP\/LEMP servers<\/strong>: Protect httpd\/nginx and PHP-FPM from reading or writing outside defined paths.<\/li>\n\n\n\n<li><strong>Mail servers<\/strong>: Constrain postfix\/dovecot to mail queues and sockets only.<\/li>\n\n\n\n<li><strong>DNS<\/strong>: Bind\/named runs confined, limiting zone <a href=\"https:\/\/www.youstable.com\/blog\/access-file-manager-in-cpanel\/\">file access<\/a>.<\/li>\n\n\n\n<li><strong>Containers<\/strong>: Podman\/CRIU use SELinux labels (MCS) to isolate containers on the same host.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"selinux-command-cheat-sheet\"><strong>SELinux Command Cheat Sheet<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code># Status and mode\nsestatus\ngetenforce\nsudo setenforce 1|0\n\n# Labels and relabeling\nls -Z FILE\nps -eZ\nsudo restorecon -R -v PATH\nsudo semanage fcontext -a -t TYPE \"REGEX\"\n\n# Booleans\ngetsebool -a\nsudo setsebool -P BOOLEAN on|off\n\n# Ports\nsudo semanage port -l\nsudo semanage port -a -t TYPE -p tcp PORT\n\n# Troubleshooting\nsudo ausearch -m avc -ts recent | audit2why\nsudo ausearch -m avc -ts recent | audit2allow -M NAME\nsudo semodule -i NAME.pp<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"soft-tip-managed-servers-with-selinux-done-right\"><strong>Soft Tip: Managed Servers with SELinux Done Right<\/strong><\/h2>\n\n\n\n<p>At YouStable, our managed VPS and Dedicated Servers ship with hardened, SELinux-enabled images on RHEL-compatible platforms. We configure booleans, labels, and policies to fit your stack, monitor AVC denials, and help you stay in Enforcing mode\u2014so you get security without friction.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs-how-to-use-selinux-on-linux-server\"><strong>FAQs: How to Use SELinux on Linux Server<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765794859413\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"is-selinux-necessary-on-a-server\"><strong>Is SELinux necessary on a server?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>For internet-facing servers, yes. SELinux adds an extra layer that limits what a compromised process can touch. It\u2019s a proven control across enterprise environments, with minimal overhead when configured correctly.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765794875247\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-permanently-disable-selinux\"><strong>How do I permanently disable SELinux?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Edit <code>\/etc\/selinux\/config<\/code> and set <code>SELINUX=disabled<\/code>, then reboot. However, disabling removes protection and is rarely necessary. Prefer Permissive mode temporarily while fixing labels or toggling booleans, then return to Enforcing.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765794889831\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"does-selinux-affect-performance\"><strong>Does SELinux affect performance?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Overhead is typically very low (a few percent or less) and negligible compared to the security benefits. Most high-traffic sites and enterprises run with SELinux Enforcing without measurable impact.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765794900793\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"whats-the-difference-between-permissive-and-disabled\"><strong>What\u2019s the difference between Permissive and Disabled?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Permissive logs but doesn\u2019t block policy violations\u2014great for diagnostics. Disabled turns SELinux off entirely; there are no labels or logs. Use Permissive for troubleshooting, not Disabled.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765794918080\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-reset-file-contexts-to-defaults\"><strong>How do I reset file contexts to defaults?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Use <code>restorecon<\/code>. If the path isn\u2019t covered by default policy, define it first:<br \/>sudo semanage fcontext -a -t httpd_sys_content_t &#8220;\/srv\/www(\/.*)?&#8221;<br \/>sudo restorecon -R -v \/srv\/www<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>SELinux (Security-Enhanced Linux) is a kernel-level Mandatory Access Control system that labels processes and files and enforces policy rules. To [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":15534,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350],"tags":[],"class_list":["post-13252","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/How-to-Use-SELinux-on-Linux-Server.jpg","author_info":{"display_name":"Sanjeet Chauhan","author_link":"https:\/\/www.youstable.com\/blog\/author\/sanjeet"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13252","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=13252"}],"version-history":[{"count":6,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13252\/revisions"}],"predecessor-version":[{"id":15535,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13252\/revisions\/15535"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/15534"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=13252"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=13252"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=13252"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}