{"id":13615,"date":"2025-12-30T11:14:15","date_gmt":"2025-12-30T05:44:15","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=13615"},"modified":"2025-12-30T11:14:17","modified_gmt":"2025-12-30T05:44:17","slug":"fix-selinux-on-linux-server","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/fix-selinux-on-linux-server","title":{"rendered":"How to Fix SELinux on Linux Server in 2026? &#8211; Easy Guide"},"content":{"rendered":"\n<p><strong>To fix SELinux on a Linux server<\/strong>, identify denials in audit logs, correct file labels with restorecon or semanage fcontext, adjust service booleans with setsebool, and only if necessary, create a minimal local policy using audit2allow. <\/p>\n\n\n\n<p>Validate in permissive mode, then switch back to enforcing for full protection. If you\u2019re wondering how to fix SELinux on Linux server environments without weakening security, this guide is for you. <\/p>\n\n\n\n<p>We\u2019ll walk through fast diagnostics, safe fixes, and real world examples that solve the most common SELinux problems on RHEL, CentOS, AlmaLinux, Rocky Linux, and Fedora systems.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-selinux-is-and-why-it-breaks-things-sometimes\"><strong>What SELinux is and Why it Breaks Things (Sometimes)<\/strong><\/h2>\n\n\n\n<p>SELinux is a mandatory access control (MAC) system that enforces policies on what processes can access which files, ports, and resources. <\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"533\" src=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-90.png\" alt=\"Fix SELinux on Linux Server\" class=\"wp-image-14178\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-90.png 800w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-90-150x100.png 150w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/figure>\n\n\n\n<p>When it blocks unexpected access, your app may show \u201cPermission denied\u201d even though Unix permissions look correct. The fix is to align labels, booleans, and policies with your workload.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"selinux-modes\"><strong>SELinux Modes<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enforcing:<\/strong> Policy is enforced, denials are logged.<\/li>\n\n\n\n<li><strong>Permissive:<\/strong> Policy is not enforced, denials are only logged (great for debugging).<\/li>\n\n\n\n<li><strong>Disabled:<\/strong> SELinux is off (avoid in production).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"labels-types-and-booleans-the-core-concepts\"><strong>Labels, Types, and Booleans (The Core Concepts)<\/strong><\/h3>\n\n\n\n<p>Every <a href=\"https:\/\/www.youstable.com\/blog\/what-is-ftp-on-linux-server\/\"><strong>file and process has a security<\/strong><\/a> context like user:role:type:level. The <em>type<\/em> is what matters most in \u201ctargeted\u201d policy. Services expect specific types (for example, Apache reads <code>httpd_sys_content_t<\/code>). Booleans are switches that allow broader actions (for example, letting Apache connect to the network).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"quick-diagnostic-checklist-5-minutes\"><strong>Quick Diagnostic Checklist (5 Minutes)<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"step-1-check-selinux-mode\"><strong>Step 1: Check SELinux Mode<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>getenforce\nsestatus<\/code><\/pre>\n\n\n\n<p>If you must debug quickly, switch to permissive (temporary), reproduce the error, then switch back.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># temporary (until reboot)\nsudo setenforce 0   # permissive\nsudo setenforce 1   # enforcing<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"step-2-find-the-denials\"><strong>Step 2: Find the Denials<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># show recent AVC denials (last hour)\nsudo ausearch -m avc -ts now-1h | aureport -a\n\n# or inspect audit log directly\nsudo grep -i \"avc\" \/var\/log\/audit\/audit.log | tail -n 50\n\n# if setroubleshoot is installed\nsudo sealert -a \/var\/log\/audit\/audit.log<\/code><\/pre>\n\n\n\n<p>Look for the denied <em>class<\/em> (file, dir, tcp_socket) and the <em>type<\/em> labels of the source (process) and target (file\/port).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"step-3-identify-the-affected-path-service\"><strong>Step 3: Identify the Affected Path\/Service<\/strong><\/h3>\n\n\n\n<p>Is it a file label issue, a port that isn\u2019t allowed, or a feature blocked by a boolean? The next sections map each symptom to a safe fix.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"how-to-fix-selinux-on-linux-server-step-by-step\"><strong>How to Fix SELinux on Linux Server<\/strong> &#8211; (<strong>Step-by-Step<\/strong>)<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"fix-1-mislabeled-files-or-directories\"><strong>Fix 1: Mislabeled Files or Directories<\/strong><\/h3>\n\n\n\n<p>Most breakages come from wrong labels. Restore default labels for known paths, or set persistent labels for custom directories.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># restore default labels for a path\nsudo restorecon -Rv \/var\/www\/html\n\n# define a persistent label for a custom app dir\nsudo semanage fcontext -a -t httpd_sys_content_t \"\/var\/www\/myapp(\/.*)?\"\nsudo restorecon -Rv \/var\/www\/myapp<\/code><\/pre>\n\n\n\n<p>If the entire system\u2019s labels are inconsistent (after a major move or filesystem restore), relabel on reboot.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo touch \/.autorelabel\nsudo reboot<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"fix-2-allow-services-to-use-custom-ports\"><strong>Fix 2: Allow Services to Use Custom Ports<\/strong><\/h3>\n\n\n\n<p>Services can only bind to ports of certain types. Map your custom port to the correct SELinux port type.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># example: allow Apache\/Nginx to bind TCP 8080\nsudo semanage port -a -t http_port_t -p tcp 8080\n\n# verify\nsudo semanage port -l | grep http_port_t<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"fix-3-enable-required-selinux-booleans\"><strong>Fix 3: Enable Required SELinux Booleans<\/strong><\/h3>\n\n\n\n<p>Booleans enable broader behaviors like network connections, NFS\/SMB access, or user directories. Make changes persistent with <code>-P<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># list all booleans\nsudo getsebool -a | less\n\n# common web-related booleans\nsudo setsebool -P httpd_can_network_connect on\nsudo setsebool -P httpd_enable_homedirs on\nsudo setsebool -P httpd_use_nfs on\nsudo setsebool -P httpd_use_cifs on<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"fix-4-generate-a-minimal-local-policy-last-resort\"><strong>Fix 4: Generate a Minimal Local Policy (Last Resort)<\/strong><\/h3>\n\n\n\n<p>When labels and booleans are correct but a legitimate access is still denied, create a small local policy from audited denials. Review carefully to avoid over-permissive rules.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># inspect and understand the denial\nsudo grep -i \"avc\" \/var\/log\/audit\/audit.log | audit2why | less\n\n# generate a local module for a specific service pattern\nsudo grep httpd \/var\/log\/audit\/audit.log | audit2allow -M myhttpd\nsudo semodule -i myhttpd.pp<\/code><\/pre>\n\n\n\n<p>Re-test immediately. If the module is too broad, remove it and refine.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># list and remove a custom module\nsudo semodule -l | grep myhttpd\nsudo semodule -r myhttpd<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"fix-5-containers-and-mounted-volumes-docker-podman\"><strong>Fix 5: Containers and Mounted Volumes (Docker\/Podman)<\/strong><\/h3>\n\n\n\n<p>Containers need correctly labeled volumes. Use <code>:Z<\/code> for a private relabel, <code>:z<\/code> for shared.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Docker\/Podman volume with SELinux relabel\ndocker run -v \/srv\/app:\/var\/www\/html:Z -p 8080:80 nginx\n# or\npodman run -v \/srv\/app:\/var\/www\/html:Z -p 8080:80 nginx<\/code><\/pre>\n\n\n\n<p>If you must share the same directory among multiple containers, use <code>:z<\/code>. Avoid disabling labels inside containers unless testing.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"fix-6-nfs-smb-shares\"><strong>Fix 6: NFS\/SMB Shares<\/strong><\/h3>\n\n\n\n<p>NFS and CIFS have special contexts and booleans. Ensure mounts use compatible options and your service is allowed to read them.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># allow web server to access NFS\/CIFS content\nsudo setsebool -P httpd_use_nfs on\nsudo setsebool -P httpd_use_cifs on\n\n# label the mount point appropriately\nsudo semanage fcontext -a -t httpd_sys_content_t \"\/mnt\/webdata(\/.*)?\"\nsudo restorecon -Rv \/mnt\/webdata<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"safe-workarounds-and-pitfalls\"><strong>Safe Workarounds and Pitfalls<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"use-permissive-mode-for-debugging-only\"><strong>Use Permissive Mode for Debugging Only<\/strong><\/h3>\n\n\n\n<p>Permissive mode helps you capture denials without breaking apps. Fix the root cause, then return to enforcing. Leaving a server permissive invites risk.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"avoid-disabling-selinux\"><strong>Avoid Disabling SELinux<\/strong><\/h3>\n\n\n\n<p>Disabling SELinux removes an entire layer of protection. If you must change mode permanently, edit the config and reboot\u2014but aim for enforcing in production.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo vi \/etc\/selinux\/config\n# SELINUX=enforcing|permissive|disabled\nsudo reboot<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"relabel-after-bulk-moves-or-restores\"><strong>Relabel After Bulk Moves or Restores<\/strong><\/h3>\n\n\n\n<p>If you\u2019ve restored from backup, changed filesystems, or used rsync without xattrs, contexts may be wrong. A full relabel ensures policy consistency system-wide.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"real-world-fix-examples\"><strong>Real World Fix Examples<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"apache-nginx-403-after-deploy\"><strong>Apache\/Nginx 403 After Deploy<\/strong><\/h3>\n\n\n\n<p><strong>Symptom:<\/strong> HTTP 403 or \u201cPermission denied\u201d in logs after moving a site to <code>\/var\/www\/myapp<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo semanage fcontext -a -t httpd_sys_content_t \"\/var\/www\/myapp(\/.*)?\"\nsudo restorecon -Rv \/var\/www\/myapp<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"web-app-needs-outbound-api-calls\"><strong>Web App Needs Outbound API Calls<\/strong><\/h3>\n\n\n\n<p>Symptom: PHP\/Python app cannot connect to external APIs.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo setsebool -P httpd_can_network_connect on<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"mariadb-on-a-custom-data-directory\"><strong>MariaDB on a Custom Data Directory<\/strong><\/h3>\n\n\n\n<p><strong>Symptom:<\/strong> MariaDB fails to start or read data on <code>\/data\/mysql<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo semanage fcontext -a -t mysqld_db_t \"\/data\/mysql(\/.*)?\"\nsudo restorecon -Rv \/data\/mysql<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"nginx-proxy-on-port-8080\"><strong>Nginx Proxy on Port 8080<\/strong><\/h3>\n\n\n\n<p><strong>Symptom:<\/strong> Nginx cannot bind to 8080 even though it\u2019s free.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo semanage port -a -t http_port_t -p tcp 8080\nsudo systemctl restart nginx<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"docker-volume-permission-denied\"><strong>Docker Volume Permission Denied<\/strong><\/h3>\n\n\n\n<p><strong>Symptom:<\/strong> Containerized app gets \u201cPermission denied\u201d with a bind mount.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker run -v \/srv\/app:\/var\/www\/html:Z image:tag<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"monitoring-logging-and-making-fixes-stick\"><strong>Monitoring, Logging, and Making Fixes Stick<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"use-the-right-tools\"><strong>Use the Right Tools<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>auditd<\/strong> and <code>\/var\/log\/audit\/audit.log<\/code> for authoritative denials.<\/li>\n\n\n\n<li><strong>setroubleshoot<\/strong> (<code>setroubleshoot-server<\/code>) to get human-readable advice with <code>sealert<\/code>.<\/li>\n\n\n\n<li><strong>policycoreutils<\/strong> for <code>semanage<\/code>, <code>restorecon<\/code>, <code>setsebool<\/code>, <code>semodule<\/code>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ensure-persistence-across-reboots\"><strong>Ensure Persistence Across Reboots<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <code>semanage fcontext<\/code> to persist file labels.<\/li>\n\n\n\n<li>Use <code>setsebool -P<\/code> for permanent boolean changes.<\/li>\n\n\n\n<li>Document custom policies (<code>semodule<\/code>) and keep them under version control.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"best-practices-for-teams-and-deployments\"><strong>Best Practices for Teams and Deployments<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Plan labels<\/strong> during app design: choose data directories aligned with default types when possible.<\/li>\n\n\n\n<li><strong>Automate<\/strong> with Ansible: use <code>sefcontext<\/code>, <code>seboolean<\/code>, and <code>seport<\/code> modules to enforce state.<\/li>\n\n\n\n<li><strong>Test in permissive<\/strong> in staging, capture denials, fix, then ship with enforcing in production.<\/li>\n\n\n\n<li><strong>Prefer booleans and labels<\/strong> over custom policies; keep local modules minimal and specific.<\/li>\n\n\n\n<li><strong>Verify after upgrades<\/strong>: policy updates can change expected behavior\u2014revalidate key services.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"when-to-get-help-and-how-youstable-can-assist\"><strong>When to Get Help (and How YouStable Can Assist)<\/strong><\/h2>\n\n\n\n<p>If SELinux issues keep recurring, consider a configuration review. At YouStable, our managed <a href=\"https:\/\/www.youstable.com\/blog\/configure-directadmin-on-linux\/\"><strong>Linux hosting and server<\/strong><\/a> experts pre-harden images, align SELinux policies with your stack, and monitor audit logs, so your apps stay secure and available\u2014without the trial-and-error. Need 24\/7 help? Our team is one ticket away.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs\"><strong>FAQ&#8217;s<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765884257440\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"1-how-do-i-check-if-selinux-is-blocking-something\">1. <strong>How do I check if SELinux is blocking something?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Use <code>ausearch -m avc -ts now-1h<\/code> or inspect <code>\/var\/log\/audit\/audit.log<\/code> for \u201cAVC\u201d entries. If <code>setroubleshoot<\/code> is installed, run <code>sealert -a \/var\/log\/audit\/audit.log<\/code> for readable guidance. The denial will show which process type tried to access which file\/port type and why it was blocked.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765884264433\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"2-is-it-safe-to-disable-selinux-in-production\">2. <strong>Is it safe to disable SELinux in production?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>No. SELinux significantly reduces breach impact by confining services. Use permissive mode temporarily for debugging, fix labels\/booleans, and return to enforcing. Disabling SELinux should be a last resort and typically indicates configuration debt that should be resolved.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765884274611\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"3-how-do-i-permanently-change-selinux-mode\">3. <strong>How do I permanently change SELinux mode?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Edit <code>\/etc\/selinux\/config<\/code> and set <code>SELINUX=enforcing<\/code> or <code>permissive<\/code>, then reboot. Avoid <code>disabled<\/code>. Changing with <code>setenforce<\/code> is temporary and resets at reboot. After switching from disabled to enforcing, run a full relabel (<code>\/.autorelabel<\/code>).<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765884281932\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"4-how-can-i-let-apache-use-a-custom-docroot-and-reach-a-remote-db\">4. <strong>How can I let Apache use a custom docroot and reach a remote DB?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Label the docroot and enable outbound network connections. For example: <code>semanage fcontext -a -t httpd_sys_content_t \"\/var\/www\/myapp(\/.*)?\"<\/code>, <code>restorecon -Rv \/var\/www\/myapp<\/code>, then <code>setsebool -P httpd_can_network_connect on<\/code>. If using NFS\/SMB, also enable <code>httpd_use_nfs<\/code> or <code>httpd_use_cifs<\/code>.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765884294248\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"5-how-do-i-fix-docker-permission-denied-on-mounted-volumes-with-selinux\">5. <strong>How do I fix Docker \u201cPermission denied\u201d on mounted volumes with SELinux?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Append <code>:Z<\/code> or <code>:z<\/code> to the volume mount so the host path is relabeled for container use: <code>-v \/host\/path:\/container\/path:Z<\/code>. This preserves SELinux confinement while granting the container the right labels to access the files safely.<\/p>\n<p>Mastering these steps will help you fix SELinux on Linux servers quickly and correctly\u2014keeping security intact. If you want this handled by experts, YouStable\u2019s managed server team can implement, monitor, and maintain SELinux policies tailored to your stack.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>To fix SELinux on a Linux server, identify denials in audit logs, correct file labels with restorecon or semanage fcontext, [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":16701,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350],"tags":[],"class_list":["post-13615","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/How-to-Fix-SELinux-on-Linux-Server.jpg","author_info":{"display_name":"Sanjeet Chauhan","author_link":"https:\/\/www.youstable.com\/blog\/author\/sanjeet"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13615","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=13615"}],"version-history":[{"count":5,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13615\/revisions"}],"predecessor-version":[{"id":16703,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13615\/revisions\/16703"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/16701"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=13615"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=13615"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=13615"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}