Writing policy for confined SELinux users
The SELinux management environment (system-config-selinux) has been updated and includes the ability to build customized SELinux policy modules for the confinement of users.
Remember, this tool is just a wizard–it helps create a framework for building policy. You can then use tools like audit2allow or the package eclipse-slide for further editing of the policy. This will give you a good head start.
At Red Hat Magazine.
[ Read more ]