[CentOS] SELinux policy module sources

Mon May 5 17:00:57 UTC 2008
Jim Perrin <jperrin at gmail.com>

On Mon, May 5, 2008 at 12:42 PM, Ingemar Nilsson <init at kth.se> wrote:

>  Lots of questions, but the documentation on this subject isn't exactly
> stellar. :)

With CentOS 5, you don't really need the selinux module source
anymore. It's usually enough to clear the logs and in permissive mode,
run the offending application. Then 'grep yourapp
/var/log/audit/audit.log | audit2allow -M localmodname'. Check the
module for sanity and make sure it's not allowing god-knows-what, then
semodule -i localmodname.  It'll be there on reboot from now on. no
need (although it's a good idea) to keep the module file hanging

During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell