Chapter 51. Customizing SELinux Policy
selinux-policy-targeted-sourcespackages and then to create a
local.tefile in the
/etc/selinux/targeted/src/policy/domains/miscdirectory. You could use the
audit2allowutility to translate the AVC messages into allow rules, and then rebuild and reload the policy.
selinux-policy-XYZ.src.rpm. A further package,
selinux-policy-devel, has also been added, which provides further customization functionality.
51.1.1. Modular Policy
semoduleis the tool used to manage SELinux policy modules, including installing, upgrading, listing and removing modules. You can also use
semoduleto force a rebuild of policy from the module store and/or to force a reload of policy without performing any other transaction.
semoduleacts on module packages created by
semodule_package. Conventionally, these files have a .pp suffix (policy package), although this is not mandated in any way.
188.8.131.52. Listing Policy Modules
semodule -lamavis 1.1.0 ccs 1.0.0 clamav 1.1.0 dcc 1.1.0 evolution 1.1.0 iscsid 1.0.0 mozilla 1.1.0 mplayer 1.1.0 nagios 1.1.0 oddjob 1.0.1 pcscd 1.0.0 pyzor 1.1.0 razor 1.1.0 ricci 1.0.0 smartmon 1.1.0
/usr/share/selinux/targeted/directory contains a number of policy package (*.pp) files. These files are included in the
selinux-policyrpm and are used to build the policy file.