How to create a SELinux policy module with existing output from audit2allow? I know the standard way of creating a SELinux policy module, like cat <auditlog_file> | audit2allow -M <module_name> However, is there a way to create a policy module if all I have is the `why` output from audit2allow, e.g. cat <auditlog_file> | audit2allow Gives me: #============= httpd_t ============== allow httpd_t default_t:sock_file write; allow httpd_t unconfined_t:unix_stream_socket connectto; How do I create a policy if I have the above output and not the ability to cat the audit log file again and run it through `audit2allow -M`?

You can place the output in `.te` file. In addition you need a few more lines, `module` and `require` _statements_. You need to define module name and version with `module` statement and required types in `require` statement.


module my_module 1.0.0;

require {
class sock_file { write };
class unix_stream_socket { connectto };
type httpd_t, default_t, unconfined_t;
}


allow httpd_t default_t:sock_file write;
allow httpd_t unconfined_t:unix_stream_socket connectto;


You can then compile and build the policy module using `checkmodule` and `semodule_package` as described in `audit2allow` man page examples:


checkmodule -M -m -o my_module.mod my_module.te
semodule_package -o my_module.pp -m my_module.mod