There are two main directories for SELinux policy in
/etc/selinux/:
It is possible to have more than one policy existing on the system, although
only one may be loaded at a time. The policy binary files, and possibly
source files, are located in
/etc/selinux/<policyname>/,
where <policyname> is the name of your
policy, such as targeted, strict, webhost, test, and so forth. The
configuration file /etc/selinux/config defines which
policy is used, for example SELINUXTYPE=targeted.
In this document, the convention of $DIRECTORY_TYPE is
used instead of the full path to assist in readability:
The variable directory $SELINUX_SRC/ is a substitute
for the generic directory of
/etc/selinux/<policyname>/src/policy/
and the targeted policy source directory at
/etc/selinux/targeted/src/policy/.
The variable directory $SELINUX_POLICY/ is a substitute
for the generic directory of
/etc/selinux/<policyname>/policy/
and the binary targeted policy directory at
/etc/selinux/targeted/policy/.
An important file is the audit log file. In Red Hat Enterprise Linux, $AUDIT_LOG by default
is /var/log/messages. However, this is configurable
via /etc/syslog.conf, and future work on an audit
daemon will handle kernel audit events and log them into a separate file.
Because of the variable nature of where the audit logs are, the variable
file $AUDIT_LOG is used as a substitute.
Other important files and directories include
$SELINUX_POLICY/booleans and
$SELINUX_POLICY/contexts/, which are both discussed in Section 3.2 Files and Directories of the Targeted Policy.
The most important file for SELinux is the binary policy file. This file is
located at
/etc/selinux/targeted/policy/policy.<XY>.
The <XY> represents the two digits of the
policy version. In the case of Red Hat Enterprise Linux 4, this file is
policy.18.
