| After you modify a policy source file, you must recompile the policy sources and load the translated binary policy into the kernel. These and other common administrative functions are performed by using the SELinux Makefile , which typically resides in /etc/security/selinux/src/policy . Chapter 4 introduced the SELinux Makefile . Table 9-2 recaps the six operations the Makefile provides. Table 9-2. SELinux Makefile operations | Operation | Description | policy
| Compile the policy sources, but do not create a new policy binary. | install
| Compile the policy sources and create ”but do not load ”a new policy binary (default). | load
| Compile, create, and load a new binary policy. | reload
| Compile and create a new binary policy if the policy sources have been recently modified; load the new binary policy. | clean
| Delete temporary files created during policy compilation. | relabel
| Relabel filesystems. |
To perform an operation using the Makefile , move to the directory containing it. Then, issue the command: make operation
where operation is one of the six operations described in Table 9-2. For example, to compile, create, and load a new binary policy, issue the command: make load
To reload the current policy, issue the command: make reload
If the policy sources have been modified since the binary policy file was created, invoking make will also compile the policy sources and create a new binary policy file. |
