Chapter 8.
Customizing and Writing Policy
Warning
The commands and steps covered in this chapter may render your system inoperable or unable to
be supported.
Nothing in this chapter should be performed on a production system without having been thoroughly
tested in a development or sandbox environment first.
If you are going to compile and install a custom policy, be prepared to take the actions you need
to safeguard your data and installation. Proper backup procedures, change reversal plans, and an
informed methodology are key to your success.
This chapter discusses troubleshooting and customizing your SELinux policy and presents a method 
ology for writing policy. Specific cautions are discussed.
Note
Presenting a comprehensive guide to writing policy is not within the scope for this book. For more
information on writing policy, refer to the resources in Chapter 9 References.
For this reason, the policy writing guidelines presented here are generic. Generic ideas are easier to
apply to your unique environment.
If the resources and general methodologies are not sufficient for your policy writing needs, contact
Red Hat support or sales for information about policy writing services.
8.1. General Policy Troubleshooting Guidelines
When troubleshooting, use the kernel boot parameter selinux=0 as a last resort. If using
setenforce
during runtime is not sufficient, try booting with enforcing=0 to switch to
permissive mode. You still have SELinux checking enabled and
avc: denied
messages logged to
$AUDIT_LOG
, but the enforcing is disabled.
By troubleshooting with SELinux enabled, you can more easily identify and resolve problems. For
example, if SELinux is fully disabled, the
 Z
option is not available for finding the security context of
objects. You are not able to relabel a file or the file system with SELinux disabled. Finally, any new
files or directories you create have no SELinux security attributes, causing more problems when you
boot into SELinux.
Save selinux=0 and
SELINUX=disabled
in
/etc/sysconfig/selinux/
for longer term dis 
abling.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

adult web hosting

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved