4.3. File Contexts

File contexts are declared as part of the SELinux policy, and are saved in .fc files in the policy sources. The context for a file is declared as a regular expression matching the full path of the file or files, followed by a security context these files should be set to.

When relabeling the system, the files are set to this default context defined in the policy. It is advisable when changing a file's context using chcon to add the change to the policy source and recompile, otherwise a future relableing will undo the change you made, reverting the file back to the default label set in the policy.