Chapter 8 explained the syntax and operation of the statements that make up the SELinux policy language. This chapter explains how to customize SELinux policies. It begins by reviewing the structure of the SELinux policy source tree and the Makefile that's used to compile, build, and load an SELinux policy. The chapter then explains several typical policy customizations of the sort you're most likely to perform. Most often, you'll use customizations recommended by the Audit2allow program. However, you'll need to carefully review such recommendations rather than blindly implement them. Otherwise, you may extend an unnecessarily broad set of permissions, thereby compromising system security. The chapter concludes with descriptions of some policy management tools, along with hints and procedures for using them.
