8.2.3. Evolving Rules and Broken Applications

Applications may be broken, causing SELinux to deny access. Also, SELinux rules are evolving – SELinux may not have seen an application running in a certain way, possibly causing it to deny access, even though the application is working as expected. For example, if a new version of PostgreSQL is released, it may perform actions the current policy has not seen before, causing access to be denied, even though access should be allowed.
For these situations, after access is denied, use audit2allow to create a custom policy module to allow access. Refer to Section 8.3.8, “Allowing Access: audit2allow” for information about using audit2allow.