Modifying a policy
chcon -u system_u /etc/afile semanage fcontext -a -s system_u -t etc_t "/etc/afile"
Creating a policy from logs
Make the logs a little more human readable
sealert -a /var/log/audit/audit.log > /path/to/mylogfile.txt
Install the required application
yum install policycoreutils-python || dnf install policycoreutils-python-utils
Isolate what you’re trying to allow
grep ${SERVICE} /var/log/audit/audit.log
Use the above to create a Type Enforcement policy
grep ${SERVICE} /var/log/audit/audit.log | audit2allow -m ${MODULENAME} > ${MODULENAME}.te
Create the module file (no .pp extension)
grep ${SERVICE} /var/log/audit/audit.log | audit2allow -M ${MODULENAME}
Import the module
semodule -i ${MODULENAME}.pp