Greetings out there in Penguin-land! I'm going through the rather painful process of installing Bugzilla on an SELinux FC5 box. I'm almost there now, I think, however I'm trying to add a local policy to SELinux for allowing Apache to execute .cgi scripts, and have hit a brick wall. When I try to hit the Bugzilla page from a browser on the network I get this: tail -f /var/log/messages output: kernel: audit(1167911234.610:20): avc: denied { execute_no_trans } for pid=28833 comm="httpd" name=" index.cgi" dev=dm-0 ino=34931972 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file So, following the guide in the fedora docs <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">Here</a> I generated a local.te using audit2allow -m local -l -i /var/log/messages > local.te , compiled it using checkmodule -M -m -o local.mod local.te, packaged it using semodule_package -o local.pp -m local.mod, then attempted to add it to the current running policy using semodule -i local.pp . This point is where I get stuck. i'm seeing this output when I execute the command: tail -f /var/log/messages output: Jan 4 11:56:13 svn kernel: security: 3 users, 6 roles, 1481 types, 152 bools, 1 sens, 256 cats Jan 4 11:56:13 svn kernel: security: 58 classes, 43474 rules Jan 4 11:56:13 svn dbus: Can't send to audit system: USER_AVC avc: received policyload notice (seqno=7) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?) Jan 4 11:56:13 svn dbus: Can't send to audit system: USER_AVC avc: 0 AV entries and 0/512 buckets used, longest chain length 0 : exe="?" (sauid=81, hostname=?, addr=?, terminal=?) Jan 4 11:56:13 svn kernel: audit( 1167911773.820:21): policy loaded auid=4294967295 After looking around, I saw on this mailing list that this might be a bug in SELinux-Policy that was fixed in version 2.3.14-3. Yum doesn't seem to know about this newer version. Am I barking up the wrong tree?