{"id":14234,"date":"2025-12-27T12:22:42","date_gmt":"2025-12-27T06:52:42","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=14234"},"modified":"2025-12-27T12:22:44","modified_gmt":"2025-12-27T06:52:44","slug":"create-selinux-on-linux-server","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/create-selinux-on-linux-server","title":{"rendered":"How to Create SELinux on Linux Server in Enforcing Mode"},"content":{"rendered":"\n<p><strong>To create and enable SELinux on a Linux server<\/strong>, install the SELinux packages, set the mode to \u201cenforcing\u201d in \/etc\/selinux\/config, trigger a file-system relabel, and reboot. On RHEL-based systems use dnf\/yum; on Ubuntu\/Debian install selinux basics and setenforce. <\/p>\n\n\n\n<p>Verify with getenforce and fix denials using restorecon, semanage, and booleans. In this guide, you\u2019ll learn exactly how to create, enable, and configure SELinux on a Linux server step-by-step. <\/p>\n\n\n\n<p>We\u2019ll cover RHEL, AlmaLinux, Rocky Linux, CentOS Stream, and Ubuntu\/Debian, explain SELinux modes, contexts, booleans, and show you how to troubleshoot with audit logs and audit2allow. Whether you run a web server or databases, this tutorial keeps \u201cSELinux on Linux server\u201d practical and beginner friendly.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-selinux-and-why-should-you-use-it\"><strong>What is SELinux and Why Should You Use it?<\/strong><\/h2>\n\n\n\n<div class=\"wp-block-media-text has-media-on-the-right is-stacked-on-mobile\"><div class=\"wp-block-media-text__content\">\n<p>SELinux (Security-Enhanced Linux) is a Mandatory Access Control (MAC) framework in the Linux kernel. Instead of trusting users and applications, SELinux enforces system-wide policies that restrict what processes can read, write, or execute\u2014dramatically reducing the blast radius of zero-days, misconfigurations, and privilege escalation attempts.<\/p>\n<\/div><figure class=\"wp-block-media-text__media\"><img loading=\"lazy\" decoding=\"async\" width=\"1168\" height=\"784\" src=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-Is-SELinux-and-Why-Should-You-Use-It.png\" alt=\"\" class=\"wp-image-14629 size-full\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-Is-SELinux-and-Why-Should-You-Use-It.png 1168w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-Is-SELinux-and-Why-Should-You-Use-It-150x101.png 150w\" sizes=\"auto, (max-width: 1168px) 100vw, 1168px\" \/><\/figure><\/div>\n\n\n\n<p>For hosting and cloud servers, SELinux adds a defense-in-depth layer: if Nginx, PHP-FPM, MySQL, or a container is compromised, SELinux can stop it from touching files, sockets, or ports it shouldn\u2019t. That\u2019s why enterprise distributions ship with SELinux by default.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"prerequisites-and-supported-distributions\"><strong>Prerequisites and Supported Distributions<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Root or sudo access<\/li>\n\n\n\n<li>RHEL 8\/9, AlmaLinux 8\/9, Rocky Linux 8\/9, CentOS Stream (SELinux native)<\/li>\n\n\n\n<li>Ubuntu 20.04\/22.04\/24.04 and Debian 11\/12 (SELinux available but not default; AppArmor is default)<\/li>\n\n\n\n<li>Maintenance window for first-time relabel (can take several minutes)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"check-your-current-selinux-status\"><strong>Check Your Current SELinux Status<\/strong><\/h2>\n\n\n\n<p>Confirm whether SELinux is installed and which mode it\u2019s in.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>getenforce\nsestatus\ncat \/etc\/selinux\/config<\/code><\/pre>\n\n\n\n<p>Expected output: Enforcing, Permissive, or Disabled. If disabled or command not found, follow the installation steps next.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"install-and-enable-selinux-on-rhel-almalinux-rocky-linux-centos-stream\"><strong>Install and Enable SELinux on RHEL, AlmaLinux, Rocky Linux, CentOS Stream<\/strong><\/h2>\n\n\n\n<p>These distributions include SELinux by default. If components are missing or SELinux is disabled, install core tools and enable enforcing mode.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo dnf install -y selinux-policy selinux-policy-targeted policycoreutils policycoreutils-python-utils setools setools-console\n# For older CentOS\/RHEL: use 'yum' instead of 'dnf'<\/code><\/pre>\n\n\n\n<p>Set default mode to enforcing and trigger an automatic relabel on next boot (required when enabling SELinux from disabled state).<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo sed -i 's\/^SELINUX=.*\/SELINUX=enforcing\/' \/etc\/selinux\/config\nsudo sed -i 's\/^SELINUXTYPE=.*\/SELINUXTYPE=targeted\/' \/etc\/selinux\/config\nsudo touch \/.autorelabel\nsudo reboot<\/code><\/pre>\n\n\n\n<p><strong>After reboot, verify:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>getenforce\nsestatus<\/code><\/pre>\n\n\n\n<p>If it shows \u201cEnforcing\u201d, SELinux is active. If services fail, temporarily switch to permissive to investigate without turning protection off:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo setenforce 0   # permissive for this boot\nsudo setenforce 1   # back to enforcing<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"install-and-enable-selinux-on-ubuntu-and-debian\"><strong>Install and Enable SELinux on Ubuntu and Debian<\/strong><\/h2>\n\n\n\n<p>Ubuntu\/Debian ship with AppArmor by default. You can use SELinux instead, but avoid running both simultaneously. Consider this for advanced hardening or consistency with RHEL-based fleets.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update\nsudo apt install -y selinux-basics selinux-policy-default auditd policycoreutils selinux-utils setools\n\n# Optional helper to configure base settings:\nsudo selinux-activate    # Accept prompts to enable SELinux at boot<\/code><\/pre>\n\n\n\n<p><strong>If selinux-activate isn\u2019t available or you prefer manual steps:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Ensure the kernel cmdline enables SELinux (GRUB)\n# Add or ensure: selinux=1 security=selinux\n\nsudo sed -i 's\/^SELINUX=.*\/SELINUX=enforcing\/' \/etc\/selinux\/config\nsudo touch \/.autorelabel\nsudo reboot<\/code><\/pre>\n\n\n\n<p>After reboot, confirm with getenforce. If it still shows \u201cDisabled\u201d, check GRUB options and that packages are installed.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"understand-selinux-modes-enforcing-permissive-disabled\"><strong>Understand SELinux Modes: Enforcing, Permissive, Disabled<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enforcing: <\/strong>SELinux policy is applied; violations are blocked and logged.<\/li>\n\n\n\n<li><strong>Permissive: <\/strong>Violations are allowed but logged. Ideal for troubleshooting.<\/li>\n\n\n\n<li><strong>Disabled:<\/strong> SELinux off. Avoid in production unless necessary.<\/li>\n<\/ul>\n\n\n\n<p><strong>Change runtime mode without reboot:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo setenforce 1   # enforcing\nsudo setenforce 0   # permissive<\/code><\/pre>\n\n\n\n<p><strong>Make it persistent across reboots:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo nano \/etc\/selinux\/config\n# SELINUX=enforcing | permissive | disabled<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"selinux-contexts-and-labels-the-basics\"><strong>SELinux Contexts and Labels: The Basics<\/strong><\/h2>\n\n\n\n<p>Every file, directory, process, and port gets a label (context) like user:role:type:level. The \u201ctype\u201d is the key for targeted policy. Common web types include httpd_t (process) and httpd_sys_content_t (files).<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>List contexts:<\/strong> ls -Z, ps -eZ, netstat\/ss with labels<\/li>\n\n\n\n<li><strong>Restore default labels:<\/strong> restorecon<\/li>\n\n\n\n<li><strong>Set custom persistent mapping: <\/strong>semanage fcontext + restorecon<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Inspect contexts\nls -Z \/var\/www\/html\nps -eZ | grep httpd\n\n# Restore default contexts recursively\nsudo restorecon -Rv \/var\/www\/html\n\n# Persistently label a custom webroot\nsudo semanage fcontext -a -t httpd_sys_content_t '\/srv\/www(\/.*)?'\nsudo restorecon -Rv \/srv\/www<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"open-ports-and-manage-network-access-with-semanage\"><strong>Open Ports and Manage Network Access with semanage<\/strong><\/h2>\n\n\n\n<p>By default, services may be restricted to known ports. Use semanage to add allowed ports for a service type.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Allow Nginx\/Apache (http_port_t) to bind to 8080\nsudo semanage port -a -t http_port_t -p tcp 8080\nsudo semanage port -l | grep http_port_t<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"booleans-feature-toggles-for-common-use-cases\"><strong>Booleans: Feature Toggles for Common Use Cases<\/strong><\/h2>\n\n\n\n<p>Booleans are pre-built switches that allow specific behaviors without writing policy. Make permanent with -P.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Allow web apps to make outbound connections (APIs, SMTP): httpd_can_network_connect<\/li>\n\n\n\n<li>Allow web apps to <a href=\"https:\/\/www.youstable.com\/blog\/fix-error-establishing-database-connection\/\">connect to databases:<\/a> httpd_can_network_connect_db<\/li>\n\n\n\n<li>Allow web content to be writable (uploads, cache): httpd_unified or use specific types like httpd_sys_rw_content_t<\/li>\n\n\n\n<li><strong>Serving home dirs: <\/strong>httpd_enable_homedirs<\/li>\n\n\n\n<li>NFS\/remote FS for web content: httpd_use_nfs<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># View booleans affecting httpd\nsudo getsebool -a | grep httpd\n\n# Enable outbound network from httpd\nsudo setsebool -P httpd_can_network_connect on\n\n# Allow DB connections\nsudo setsebool -P httpd_can_network_connect_db on<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"real-world-examples-web-db-nfs-containers-kvm\"><strong>Real-World Examples: Web, DB, NFS, Containers, KVM<\/strong><\/h2>\n\n\n\n<p><strong>Web servers with custom docroot:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Custom webroot at \/srv\/www\nsudo semanage fcontext -a -t httpd_sys_content_t '\/srv\/www(\/.*)?'\nsudo restorecon -Rv \/srv\/www\n\n# Writable uploads (WordPress, cache dirs)\nsudo semanage fcontext -a -t httpd_sys_rw_content_t '\/srv\/www\/example.com\/wp-content\/uploads(\/.*)?'\nsudo restorecon -Rv \/srv\/www\/example.com\/wp-content\/uploads\n\n# Outbound network for API calls\nsudo setsebool -P httpd_can_network_connect on<\/code><\/pre>\n\n\n\n<p><strong>Databases and sockets:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># If PHP-FPM connects to a local Unix socket\nls -Z \/var\/run\/mysqld\/mysqld.sock\n# Ensure correct types; if needed, relabel:\nsudo restorecon -v \/var\/run\/mysqld\/mysqld.sock<\/code><\/pre>\n\n\n\n<p><strong>NFS-backed web content:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Mount options must include context, or use types and boolean:\nsudo setsebool -P httpd_use_nfs on\nsudo semanage fcontext -a -t httpd_sys_content_t '\/mnt\/webshare(\/.*)?'\nsudo restorecon -Rv \/mnt\/webshare<\/code><\/pre>\n\n\n\n<p><strong>Containers (Podman\/Docker):<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Use :Z or :z on volume mounts to set proper labels\npodman run -v \/srv\/app-data:\/data:Z ...\ndocker run -v \/srv\/app-data:\/data:Z ...<\/code><\/pre>\n\n\n\n<p><strong>KVM\/libvirt (virtual machines):<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Default libvirt storage is pre-labeled\n# For custom images:\nsudo semanage fcontext -a -t virt_image_t '\/vmstore(\/.*)?'\nsudo restorecon -Rv \/vmstore<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"troubleshooting-selinux-logs-alerts-and-custom-policy\"><strong>Troubleshooting SELinux: Logs, Alerts, and Custom Policy<\/strong><\/h2>\n\n\n\n<p>When something fails under enforcing mode, check the audit logs to see the exact denial and recommended fix.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># View recent denials\nsudo ausearch -m AVC -ts recent\n# Or\nsudo journalctl -t setroubleshoot --since \"1 hour ago\"\n\n# Human-friendly suggestions (install setroubleshoot-server on RHEL-family)\nsudo sealert -a \/var\/log\/audit\/audit.log<\/code><\/pre>\n\n\n\n<p>If there\u2019s no boolean or labeling fix available, generate a minimal custom policy module from a known-good denial sample. Use sparingly and review carefully.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo grep AVC \/var\/log\/audit\/audit.log | tail -n 50 | audit2allow -M mylocal\nsudo semodule -i mylocal.pp<\/code><\/pre>\n\n\n\n<p>Best practice: First try restorecon and semanage fcontext, then booleans, then ports, and only then consider audit2allow.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"performance-and-best-practices\"><strong>Performance and Best Practices<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable SELinux in enforcing mode on production; use permissive only during controlled troubleshooting.<\/li>\n\n\n\n<li>Relabel after first enable or when moving data between servers: touch \/.autorelabel and reboot.<\/li>\n\n\n\n<li><strong>Keep policies updated:<\/strong> selinux-policy and policycoreutils packages.<\/li>\n\n\n\n<li>Use semanage for persistent changes; avoid chcon for long-term unless necessary.<\/li>\n\n\n\n<li>Document all booleans and custom modules for audits and compliance (PCI DSS, HIPAA, ISO 27001).<\/li>\n\n\n\n<li>Overhead is typically low (single-digit percent) and acceptable for most workloads.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"automate-selinux-configuration-with-ansible-optional\"><strong>Automate SELinux Configuration with Ansible (Optional)<\/strong><\/h2>\n\n\n\n<p>Use <a href=\"https:\/\/www.youstable.com\/blog\/configure-selinux-on-linux\/\">configuration management to standardize SELinux<\/a> across fleets.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>---\n- hosts: web\n  become: yes\n  tasks:\n    - name: Install SELinux packages\n      package:\n        name:\n          - selinux-policy\n          - selinux-policy-targeted\n          - policycoreutils\n          - policycoreutils-python-utils\n        state: present\n\n    - name: Set SELinux enforcing\n      selinux:\n        policy: targeted\n        state: enforcing\n\n    - name: Ensure httpd can make outbound connections\n      seboolean:\n        name: httpd_can_network_connect\n        state: true\n        persistent: true\n\n    - name: Label custom webroot\n      command: semanage fcontext -a -t httpd_sys_content_t '\/srv\/www(\/.*)?'\n      args:\n        creates: \/etc\/selinux\/targeted\/contexts\/files\/file_contexts.local\n\n    - name: Restore contexts\n      command: restorecon -Rv \/srv\/www<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"when-to-use-permissive-or-disable-selinux\"><strong>When to Use Permissive or Disable SELinux<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Permissive: <\/strong>Short-term while migrating apps, labeling data, or gathering AVC logs. Plan to return to enforcing.<\/li>\n\n\n\n<li><strong>Disabled: <\/strong>Rarely recommended. Consider only for legacy, unsupported apps after exhaustive attempts to comply with policy.<\/li>\n<\/ul>\n\n\n\n<p>In modern stacks, you can almost always run enforcing with correct labels, booleans, and port mappings.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"youstable-tip-managed-servers-with-selinux-hardened\"><strong>YouStable Tip: Managed Servers with SELinux Hardened<\/strong><\/h2>\n\n\n\n<p>If you\u2019d rather not spend hours decoding AVC logs, YouStable\u2019s managed VPS and dedicated servers arrive hardened with SELinux in enforcing mode, sane defaults for web\/database stacks, and policy tuning for your applications\u2014so you get enterprise-grade protection without the learning curve.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs\"><strong>FAQs<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765960949915\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"is-selinux-better-than-a-firewall\"><strong>Is SELinux better than a firewall?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>They solve different problems. Firewalls control network traffic; SELinux controls process capabilities and file\/port access on the host. Use both: firewall for ingress\/egress, SELinux for least-privilege at the OS level.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765960979797\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-fix-permission-denied-when-selinux-is-enforcing\"><strong>How do I fix \u201cPermission denied\u201d when SELinux is enforcing?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Check audit logs, then apply the least-privilege fix: restorecon to fix labels, semanage fcontext for persistent labeling, setsebool for toggles, or semanage port for non-standard ports. Use audit2allow only if no policy\/boolean exists.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765960994413\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"can-i-run-selinux-on-ubuntu-alongside-apparmor\"><strong>Can I run SELinux on Ubuntu alongside AppArmor?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>It\u2019s possible but not recommended for most users. Choose one LSM for simplicity. If adopting SELinux, disable AppArmor and ensure the kernel boots with selinux=1 security=selinux.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765961007782\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"whats-the-difference-between-chcon-and-semanage-fcontext\"><strong>What\u2019s the difference between chcon and semanage fcontext?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>chcon changes labels immediately but is not persistent\u2014relabelling or restorecon can revert it. semanage fcontext writes persistent rules so future restorecon operations reapply the intended labels automatically.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765961021004\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"will-selinux-break-my-wordpress-site\"><strong>Will SELinux break my WordPress site?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Not if configured correctly. Label the webroot as httpd_sys_content_t, mark upload\/cache directories as httpd_sys_rw_content_t, and enable httpd_can_network_connect for outbound APIs. Most issues come from missing labels, not SELinux itself.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>To create and enable SELinux on a Linux server, install the SELinux packages, set the mode to \u201cenforcing\u201d in \/etc\/selinux\/config, [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":16370,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350],"tags":[],"class_list":["post-14234","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/How-to-Create-SELinux-on-Linux-Server-in-Enforcing-Mode.jpg","author_info":{"display_name":"Sanjeet Chauhan","author_link":"https:\/\/www.youstable.com\/blog\/author\/sanjeet"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/14234","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=14234"}],"version-history":[{"count":6,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/14234\/revisions"}],"predecessor-version":[{"id":16371,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/14234\/revisions\/16371"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/16370"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=14234"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=14234"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=14234"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}