Until now, we have been working with an existing SELinux policy by tuning our system to deal with the proper SELinux contexts and assigning the right labels to files, directories, and even network ports. In this chapter, we will:
Manipulate conditional SELinux policy rules through booleans
Learn to create new custom SELinux policy modules
Develop user and application domains
Replace existing policies with new, custom ones
We'll end the chapter with a few examples of custom policies that augment our SELinux experience and fine-tune the policy to match the security requirements that the administrator has in mind.