49.7.2. Where is the Policy?
selinux-policy-<policyname>package and supplies the binary policy file.
selinux-policy-develpackage is installed.
220.127.116.11. Binary Tree Files
/etc/selinux/targeted/— this is the root directory for the targeted policy, and contains the binary tree.
/etc/selinux/targeted/policy/— this is the location of the binary policy file
policy.<xx>. In this guide, the variable
SELINUX_POLICYis used for this directory.
/etc/selinux/targeted/contexts/— this is the location of the security context information and configuration files, which are used during runtime by various applications.
/etc/selinux/targeted/contexts/files/— contains the default contexts for the entire file system. This is referenced by
restoreconwhen performing relabeling operations.
/etc/selinux/targeted/contexts/users/— in the targeted policy, only the
rootfile is in this directory. These files are used for determining context when a user logs in. For example, for the root user, the context is user_u:system_r:unconfined_t.
/etc/selinux/targeted/modules/active/booleans*— this is where the runtime Booleans are configured.
NoteThese files should never be manually changed. You should use the
semanagetools to manipulate runtime Booleans.