49.7.2. Where is the Policy?
There are two components to the policy: the binary tree and the source tree. The binary tree is provided by the
selinux-policy-<policyname> package and supplies the binary policy file.
Alternatively, the binary policy can be built from source when the
selinux-policy-devel package is installed.
Information on how to edit, write and compile policy is currently outside the scope of this document.
22.214.171.124. Binary Tree Files
/etc/selinux/targeted/— this is the root directory for the targeted policy, and contains the binary tree.
/etc/selinux/targeted/policy/— this is the location of the binary policy file
policy.<xx>. In this guide, the variable
SELINUX_POLICYis used for this directory.
/etc/selinux/targeted/contexts/— this is the location of the security context information and configuration files, which are used during runtime by various applications.
/etc/selinux/targeted/contexts/files/— contains the default contexts for the entire file system. This is referenced by
restoreconwhen performing relabeling operations.
/etc/selinux/targeted/contexts/users/— in the targeted policy, only the
rootfile is in this directory. These files are used for determining context when a user logs in. For example, for the root user, the context is user_u:system_r:unconfined_t.
/etc/selinux/targeted/modules/active/booleans*— this is where the runtime Booleans are configured.
NoteThese files should never be manually changed. You should use the
semanagetools to manipulate runtime Booleans.