> I'm now looking at audit2allow: > http://wiki.centos.org/HowTos/SELinux#head-faa96b3fdd922004cdb988c1989e56191c257c01 To follow up on this, audit2allow provided a satisfactory solution (comments on that kind of approach still welcome!): grep sendmail /var/log/audit/audit.log | audit2allow -m sendmaillocal > sendmaillocal.te # review and backup sendmaillocal.te checkmodule -M -m -o sendmaillocal.mod sendmaillocal.te semodule_package -o sendmaillocal.pp -m sendmaillocal.mod semodule -i sendmaillocal.pp Once again the CentOS Wiki proved to be an invaluable source of information.