45.2.8. Changing the Policy

45.2.8. Changing the Policy

This section provides a brief introduction to using customized policies on your system. A full discussion of this topic is beyond the scope of this document.

To load a different policy on your system, change the following line in /etc/sysconfig/selinux:

SELINUXTYPE=<policyname>

where <policyname> is the policy name directory under /etc/selinux/. This assumes that you have the custom policy installed. After changing the SELINUXTYPE parameter, run the following commands:

touch /.autorelabel
reboot

Use the following procedure to load a different policy using the system-config-selinux utility:

Note

You need administrator privileges to perform this procedure.

  1. Ensure that the complete directory structure for the required policy exists under /etc/selinux.

  2. On the System menu, point to Administration and then click Security Level and Firewall to display the Security Level Configuration dialog box.

  3. Click the SELinux tab.

  4. In the Policy Type list, select the policy that you want to load, and then click OK. This list is only visible if more than one policy is installed.

  5. Restart the machine for the change to take effect.

Using the Security Level Configuration dialog box to load a custom policy.

Using the Security Level Configuration dialog box to load a custom policy.

Figure 45.2. Using the Security Level Configuration dialog box to load a custom policy.


Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.