I just created a custom policy and did the semodule -i test.te.
I reran all my tests after a few days and I noticed there were additional AVC denials in the audit.log.
I want to add the new stuff to my existing test.te file so that I won't have multiple policies. I just want to have one policy and just keep adding to it, is that possible and how?
Thanks in advance.
Best Answer
All the procedure is very well documented in the manpages of
audit2allow(1)
,checkmodule(8)
andsemodule(8)
.An example workflow would be (all taken from the mentioned manpages):
If your modules are versioned, you might find interesting to use
semodule(8)
-u
switch: