Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools


generate_selinux_policy

This is an old revision of the document!


Generate SELinux policy

Tested on CentOS 7, Fedora 24

  • Install policycoreutils-python
    yum install policycoreutils-python
  • Create policy from audit log.
    cp /var/log/audit/audit.log /var/tmp
    cd /var/tmp
    audit2allow -M rsync < audit.log
  • Follow on screen directions.

If you need to edit the policy file

  • Edit the .te file.
  • Recompile and load the module. For example:
    checkmodule -M -m -o wfica.mod wfica.te
    semodule_package -o wfica.pp -m wfica.mod
    semodule -i wfica.pp
generate_selinux_policy.1466516719.txt.gz · Last modified: 2016/06/21 13:45 by admin