an easy way to edit security policies in fc6

Stephen Smalley sds at
Wed Feb 7 18:13:15 UTC 2007

On Wed, 2007-02-07 at 19:07 +0100, selinux at wrote:
> hi,
> i'm new to selinux and i need to know how can i easy modify
> a selinux targeted policy rule in fc6.
> my apache can't write in a /var subdir.
> my idea is to start looking in to logs and then edit the
> policy (or the files attributes) to avoid problems.

audit2allow will automatically turn audit logs into allow rules, but you
shouldn't blindly take its results.  In your particular case, if you
labeled the files in that /var subdirectory with an appropriate type,
then apache would be able to write to it.

> is there an easy tool for editing policy source?
> is there a complete how to (for fc6 targeted selinux)?

Read the Fedora SELinux FAQ and the Fedora SELinux wiki pages.

Stephen Smalley
National Security Agency

More information about the fedora-selinux-list mailing list