49.7.2. Where is the Policy?
There are two components to the policy: the binary tree and the source tree. The binary tree is provided by the
selinux-policy-<policyname> package and supplies the binary policy file.
Alternatively, the binary policy can be built from source when the
selinux-policy-devel package is installed.
Note
Information on how to edit, write and compile policy is currently outside the scope of this document.
49.7.2.1. Binary Tree Files
/etc/selinux/targeted/— this is the root directory for the targeted policy, and contains the binary tree./etc/selinux/targeted/policy/— this is the location of the binary policy filepolicy.<xx>. In this guide, the variableSELINUX_POLICYis used for this directory./etc/selinux/targeted/contexts/— this is the location of the security context information and configuration files, which are used during runtime by various applications./etc/selinux/targeted/contexts/files/— contains the default contexts for the entire file system. This is referenced byrestoreconwhen performing relabeling operations./etc/selinux/targeted/contexts/users/— in the targeted policy, only therootfile is in this directory. These files are used for determining context when a user logs in. For example, for the root user, the context is user_u:system_r:unconfined_t./etc/selinux/targeted/modules/active/booleans*— this is where the runtime Booleans are configured.Note
These files should never be manually changed. You should use thegetsebool,setseboolandsemanagetools to manipulate runtime Booleans.
