Hi. I'm trying to figure out where the SELinux policy modules shipped with the system live, and how they work. The modules listed by 'semodule -l' are the same as those available in /etc/selinux/targeted/modules/active/modules, but those are not part of any package, and are presumably added and removed to this location as they are added and removed to the kernel. I later found these modules to live in /usr/share/selinux. If I create a policy module of my own, is this the place to put it to make sure that it is loaded when the system boots? Or do I also need to list it somewhere, such in a configuration file? The reason why I ask is because there are a few .pp files in this directory that are not visible in the list of loaded modules, and they are also not available in the /etc/selinux/.../modules directory above. I today tried to figure out what these precompiled policy packages contain, but that isn't exactly obvious. I found .if files in /usr/share/selinux/devel/include/... that correspond to the .pp files in /usr/share/selinux, but nothing else. The .if files only contain definitions, but don't these need to be used somewhere, such as in .te files? And what about the .fc files that the policy generation tool in system-config-selinux creates? Are such files not needed? Lots of questions, but the documentation on this subject isn't exactly stellar. :) Regards Ingemar