CentOS release 5.4 (Final) I run pppd on this system, it accepts dial-in connections, logs people in over ssh/sftp. I had selinux disabled on this system originally, but I recently enabled it, and selinux is blocking this pppd service. "audit2allow -M" has generated the following policy based on AVC denial messages: module fixdialinserver 1.0; require { type pppd_t; type shadow_t; type chkpwd_exec_t; class file { read execute }; class netlink_audit_socket create; } #============= pppd_t ============== allow pppd_t chkpwd_exec_t:file execute; allow pppd_t self:netlink_audit_socket create; allow pppd_t shadow_t:file read; However, I am unable to load this module due to conflict with another policy: # semodule -i fixdialinserver.pp libsepol.check_assertion_helper: assertion on line 0 violated by allow pppd_t shadow_t:file { read }; libsepol.check_assertions: 1 assertion violations occured libsemanage.semanage_expand_sandbox: Expand module failed semodule: Failed! # Is there an seboolean I can tweak to allow me to load this policy? Thanks, Aleksey