On Wed, 16 May 2007, Jiann-Ming Su wrote: > What is the equivelent "selinux-policy-targeted-sources" package in > CentOS 5? It was available in 4.4. Thanks for any help. Funny, I just asked myself that this morning. Reading the RHEL 5 manual (Chapter 45. Customizing SELinux Policy), I came the conclusion that semanage, semodule, and audit2allow are the newly blessed toolset. I needed to allow dhcpd to bind to a port (1820/1821 in my case) for failover, but that binding is verboten in the standard targeted policy. I took a look at the audit.log to see what entries were of interest (they all contained src=1820 or src=1821), and passed those entries to audit2allow, asking it to create a policy called "dhcpfailover." I looked at the resulting dhcpfailover.te file to make sure it looked something like I expected, and then used semodule to install and active the policy revision. I.e., grep src=182[01] /var/log/audit/audit.log | audit2allow -M dhcpfailover $PAGER dhcpfailover.te semodule -i dhcpfailover.pp -- Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/