Changing the Policy

This section provides a brief introduction to using customized policies on your system. A full discussion of this topic is beyond the scope of this document.

To load a different policy on your system, change the following line in /etc/sysconfig/selinux:

SELINUXTYPE=<policyname>

where <policyname> is the policy name directory under /etc/selinux/. This assumes that you have the custom policy installed. After changing the SELINUXTYPE parameter, run the following commands:

touch /.autorelabel
reboot

Use the following procedure to load a different policy using the system-config-selinux utility:

You need administrator privileges to perform this procedure.

Ensure that the complete directory structure for the required policy exists under /etc/selinux.

On the System menu, point to Administration and then click Security Level and Firewall to display the Security Level Configuration dialog box.
Click the SELinux tab.
In the Policy Type list, select the policy that you want to load, and then click OK. This list is only visible if more than one policy is installed.
Restart the machine for the change to take effect.

Using the Security Level Configuration dialog box to load a custom policy.

Figure 48.2. Using the Security Level Configuration dialog box to load a custom policy.

Figure 48.2. Using the Security Level Configuration dialog box to load a custom policy.