On Mon, May 5, 2008 at 12:42 PM, Ingemar Nilsson <init at kth.se> wrote: > Lots of questions, but the documentation on this subject isn't exactly > stellar. :) With CentOS 5, you don't really need the selinux module source anymore. It's usually enough to clear the logs and in permissive mode, run the offending application. Then 'grep yourapp /var/log/audit/audit.log | audit2allow -M localmodname'. Check the module for sanity and make sure it's not allowing god-knows-what, then semodule -i localmodname. It'll be there on reboot from now on. no need (although it's a good idea) to keep the module file hanging around. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell