SELinux: Own Policy

A very nice course was offered on the Czech Technical University this semester. One of the few where you are supposed to learn something useful. Something what does matter, something you may even need in your future. It was about Security of Information Systems (A4M33BIS): General, Encryption, Steganography and SELinux. In this post I will show my notes on the SELinux part. Especially how to create own policies. Just to not forget.

Creating scaffold

Do as root:

# mkdir [policy-name]
# cd [policy-name]
# touch local.te local.if local.fc


# mkdir [policy-name]
# cp /usr/share/selinux/devel/example.* [policy-name]
# and rename the example.* to [policy-name]

Edit the scaffold

In [policy-name].te edit:




Don’t forget to increase the version number each time you recompile the policy.

Making and installing the policy

# make -f /usr/share/selinux/devel/Makefile
# semodule -i [policy-name]

List of installed modules

# semodule -l

Leave a Reply

Your email address will not be published. Required fields are marked *