SELinux Policy Workshop

Workshop Description

Writing your own SELinux policies doesn’t have to be a terrifying prospect! This workshop will walk you through the process of creating a custom policy for a source-compiled application, using the advanced tooling present in Red Hat Enterprise Linux.

Who should attend

  • Architects

  • Developers

  • Technical Leads

  • Operations Engineers

What you will learn

  • Where to find SELinux reference information

  • How to create a new policy framework

  • How to analyze AVC messages generated by SELinux

  • When to use and not use audit2allow

  • How to use system userspace tools to assist in troubleshooting SELinux


The SELinux policy workshop is meant for anyone who needs to create application policies for applications that lack them. Some previous experience with SELinux is expected, but you don’t have to be a master. Also, knowledge of RHEL and general Linux functionality is required. We are going to start with a short overview and then we’ll get into the lab as soon as possible. That is where we will spend most of our time.

Your Responsibilities

Have a Discussion. This will be boring if it’s just us, up here talking for over 4 hours.

Participate. We are going to cut you loose with SELinux, in just a little while. Have questions. Have opinions.

Bring a laptop. It doesn’t matter what OS it runs, but you will need either the Firefox or Chrome web browser installed. If, for some reason, you don’t have a laptop, let your instructor know, or try to find someone to share with.

When we want you to type something in, we’ll use a frame like this:

cat /etc/hosts

When we want to show you the output from a command, we’ll use a different frame, like this one:   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6


Workshop Details

Student ID