3. Conventions for SELinux Directories and Files

There are two main directories for SELinux policy in /etc/selinux/:

It is possible to have more than one policy existing on the system, although only one may be loaded at a time. The policy binary files, and possibly source files, are located in /etc/selinux/<policyname>/, where <policyname> is the name of your policy, such as targeted, strict, webhost, test, and so forth. The configuration file /etc/selinux/config defines which policy is used, for example SELINUXTYPE=targeted.

In this document, the convention of $DIRECTORY_TYPE is used instead of the full path to assist in readability:

An important file is the audit log file. In Red Hat Enterprise Linux, $AUDIT_LOG by default is /var/log/messages. However, this is configurable via /etc/syslog.conf, and future work on an audit daemon will handle kernel audit events and log them into a separate file. Because of the variable nature of where the audit logs are, the variable file $AUDIT_LOG is used as a substitute.

Other important files and directories include $SELINUX_POLICY/booleans and $SELINUX_POLICY/contexts/, which are both discussed in Section 3.2 Files and Directories of the Targeted Policy.

The most important file for SELinux is the binary policy file. This file is located at /etc/selinux/targeted/policy/policy.<XY>. The <XY> represents the two digits of the policy version. In the case of Red Hat Enterprise Linux 4, this file is policy.18.