On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote: > Quick’n’(really) dirty SELinux howto: Alternate process: 1: setenforce permissive 2: tail -f /var/log/audit/audit.log | grep AVC 3: use the service, exercise each function that's constrained by the existing policy 4: copy and paste the output from the terminal used for #2 into "audit2allow -M <modulename>" 5: setenforce enforcing This process is less iterative, which can save a *lot* of time building some policies.