getsebool -a | grep exec_content
semanage login -l

    guest_u: – no X windows, no sudo, and no networking
    xguest_u: – same as guest_u, but X is allowed and connectivity is allowed to web ports only (handy for kiosks)
    user_u: – same as xguest_u, but networking isn’t restricted
    staff_u: – same as user_u, but sudo is allowed (su isn’t allowed)
    unconfined_u: – full access (this is the default)


chcon -R -t httpd_sys_content_t /web/
sealert
sealert -a /var/log/audit/audit.log > /path/to/mylogfile.txt 

sealert -b
chcon -v --type=httpd_sys_content_t /html/index.html
chcon -v --type=httpd_sys_content_t /html
chcon -Rv --type=httpd_sys_content_t /html 
semanage fcontext -a -t httpd_sys_content_t "/html(/.*)?" 

restorecon -v /var/www/html/index.html 
restorecon -Rv /var/www/html 
restorecon -Rv -n /var/www/html 
# touch /.autorelabel
# reboot # touch /.autorelabel
# reboot 

# genhomedircon
# touch /.autorelabel
# reboot 
semanage port -a -t http_port_t -p tcp 81 
semanage  port -l