SELinux fixfiles
SELinux fixfiles is a command-line tool that’s used to restore the SELinux file contexts of files and directories. SELinux uses file contexts to determine which processes and users can access specific files or directories on the system. When file contexts are changed or corrupted, it can cause issues with system functionality or security. The fixfiles command is used to restore the SELinux file contexts to their default values. This can be useful when you encounter issues with file access or SELinux-related errors. Here are some common ways to use the fixfiles command:
• Restore default file contexts for a directory: To restore the default file contexts for a specific directory, you can use the following command:

fixfiles restore /directory_to_fix

This will recursively restore the default file contexts for all files and directories within the specified directory.
• Restore default file contexts for the entire system: To restore the default file contexts for the entire system, run the following command:

fixfiles restore

This will restore the default file contexts for all files and directories on the system. Note that this can take some time to complete and may cause temporary disruptions to system functionality.
• Verify file contexts: You can use the following command to verify the file contexts for a specific file or directory:

matchpathcon /file_to_verify

This will display the expected file context for the specified file or directory. If the displayed context does not match the actual context, you can use the fixfiles command to restore the default context.
NOTE
If SELinux was disabled for any amount of time, these contexts would not have been set while it was not running. There is a shortcut to get SELinux to re-label the entire filesystem hierarchy: # touch /.autorelabel
Now reboot the machine. As SELinux starts, it will set all file and security contexts to the default for each type and location.

SELinux users
SELinux users are labels used to classify different types of users in a Linux system. SELinux users are an important part of SELinux security policies, as they are used to confine the actions of a user to a specific set of resources on the system.
There are several types of SELinux users:
• System users: System users are users that are defined by the system and are used to run system services or daemons. These users are typically assigned a unique SELinux user label, which is used to confine the actions of the user to a specific set of resources on the system.
• Login users: Login users are users that are defined by the system and are used to log into the system. These users are typically assigned a unique SELinux user label, which is used to confine the actions of the user to a specific set of resources on the system.
• Staff users: Staff users are users that are defined by the system and are used by staff members to perform their work. These users are typically assigned a unique SELinux user label, which is used to confine the actions of the user to a specific set of resources on the system.
• User-defined users: User-defined users are users that are defined by the system administrator. These users are typically assigned a unique SELinux user label, which is used to confine the actions of the user to a specific set of resources on the system.
Here are some of the commonly used SELinux user commands:
• semanage user: This command is used to manage SELinux users and their properties. For example, to create a new SELinux user, you can use the command semanage user -a -R “s0-s0:c0.c1023” -r s0 -L s0:c0.c1023 -P user -n username.
• semanage login: This command is used to manage SELinux login mappings, which map system users to SELinux users. For example, to create a new login mapping, you can use the command semanage login -a -s user_u -r s0 username.
• semanage staff: This command is used to manage SELinux staff mappings, which map staff users to SELinux users. For example, to create a new staff mapping, you can use the command semanage staff -a -s user_u -r s0 username.
• semanage sudo: This command is used to manage SELinux sudo mappings, which map sudoers to SELinux users. For example, to create a new sudo mapping, you can use the command semanage sudo -a -r s0 -R “s0-s0:c0.c1023” -L s0:c0.c1023 -U username.
• semanage port: This command is used to manage SELinux port mappings, which map ports to SELinux types. For example, to create a new port mapping, you can use the command semanage port -a -t http_port_t -p tcp 80.