Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools


generate_selinux_policy

Generate SELinux policy

Tested on CentOS 7, Fedora 24

  • Install policycoreutils-python
    yum install policycoreutils-python
  • Create policy from audit log.
    cp /var/log/audit/audit.log /var/tmp
    cd /var/tmp
    audit2allow -M wfica < audit.log
  • Follow on screen directions.

If you need to edit the policy file

  • Edit the .te file.
  • Recompile and load the module. For example:
    checkmodule -M -m -o wfica.mod wfica.te
    semodule_package -o wfica.pp -m wfica.mod
    semodule -i wfica.pp
generate_selinux_policy.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1