We've learned how to create SELinux policies in the previous recipe. This recipe will show you how to apply your newly created SELinux policies.
In order to apply a policy, we need a policy package file (pp
). This can be obtained by parsing AVC denials to audit2allow
or compiling your own policy package file, as explained in the Create SELinux policies recipe.
Follow these steps:
Activate the policy (this can take quite a while, depending on the number of policies applied to your system) by running the following command:
~# semodule -i example_policy.pp ~#
Next, verify that the policy is actually activated via these commands:
~# semodule -l |grep example_policy example_policy 1.0 ~#