An application is being denied access to a file due to SELinux. Which command can be used to temporarily set the SELinux context of the file to match the expected type for the application?
Changes SELinux context to the specified type.
Why this answer
Option A is correct because the `chcon` command is used to temporarily change the SELinux context of a file without modifying the SELinux policy. By specifying `-t httpd_sys_content_t`, the file's type is set to the expected type for Apache (httpd) to access it, resolving the denial immediately. This change is not persistent across file system relabeling, making it ideal for temporary troubleshooting.
Exam trap
The trap here is that candidates confuse `chcon` (temporary, immediate change) with `restorecon` (reverts to policy default) or `semanage fcontext` (persistent policy rule that requires an extra step to apply), leading them to pick an option that either disables SELinux or does not immediately fix the file context.
How to eliminate wrong answers
Option B is wrong because `setenforce 0` disables SELinux entirely (sets it to permissive mode), which is a drastic measure that bypasses all SELinux protections rather than fixing the specific file context issue. Option C is wrong because `restorecon -v` restores the file's SELinux context to the default policy-defined type, which would only help if the current context is incorrect and the default matches the expected type; it does not set a custom type like `httpd_sys_content_t`. Option D is wrong because `semanage fcontext -a -t httpd_sys_content_t /var/www/html` adds a persistent rule to the SELinux policy for the file, but it does not immediately apply the context to the file; a subsequent `restorecon` or `touch` is required to activate the change, so it is not a temporary fix.