CompTIA Linux+ XK0-006 (V8) Practice Question

The correct command is restorecon -v /var/www/html/index.html. The restorecon command is used to restore the default SELinux security context for files and directories based on the system's SELinux policy. Since the index.html file was moved from a user's home directory, it retained its user_home_t context, which Apache is not allowed to access. Running restorecon resets the file's context to the appropriate httpd_sys_content_t type, which is defined in the policy for the /var/www/html/ directory, thereby resolving the access issue.

• chcon -t httpd_sys_content_t /var/www/html/index.html is incorrect because, while it changes the context, the change is not persistent and will be reverted if the filesystem is relabeled or if restorecon is run on the parent directory.
• semanage fcontext -a -t httpd_sys_content_t '/var/www/html/index.html' is incorrect because this command modifies the SELinux policy itself to define a default context. This step is not necessary if the policy already correctly defines the context for /var/www/html/ and is used to set new rules, not to fix a mislabeled file.
• setenforce 0 is incorrect as it would switch SELinux into Permissive mode, effectively disabling its protections. While this would make the site accessible, it does not fix the underlying context issue and significantly reduces the system's security.