Selinux howto for the impatient

Submitted by sklav on Thu, 05/05/2011 - 00:27

But i find that in general when I setup a box I leave Selinux in permissive mode and then go threw the paces of connecting to every service i want running and all associated options so for example if you setup a website that makes use of scripts i would recommend you run them all and after completed and hopefully before you ever connect the box to the internet you run the steps below to create a policy module. I find that this has prevented me from having major issues and i get the benefits of Selinux.

To create a rule that pretty much allows all AVC denials:

audit2allow -M May022011 < /var/log/audit/audit.log

vim May022011.te

make sure all is as expected.

To Append to an existing rule that was previously created.

audit2allow >> May022011.te < /var/log/audit/audit.log

After the rules have been confirmed you need to insert the selinux module you created using the following command.

semodule -i May022011.pp

Alot more details can be found at the following link by . Dan Walsh