What are policy modules?
Prior to Fedora Core 5, SELinux policies were monolithic, meaning making a change required getting the entire policy source, modifying it, compiling it, and replacing the current policy with it. With Fedora Core 5, the policy is now modular. This means that third party developers can ship policy modules with their applications, and then they can be added to the policy without having to switch out the entire policy. The new module is then added to the module store, which results in a new policy binary that is a combination of the previous policy and the new module. This actually works by separating out compile and link steps in the policy build procedure. Policy modules are compiled from source, and linked when installed into the module store (see Managed Policy). This linked policy is then loaded into the kernel for enforcement. The primary command for dealing with modules is semodule, which lets you perform basic functions such as installing, upgrading, or removing modules.
Prior to Fedora Core 5, SELinux policies were monolithic, meaning making a change required getting the entire policy source, modifying it, compiling it, and replacing the current policy with it. With Fedora Core 5, the policy is now modular. This means that third party developers can ship policy modules with their applications, and then they can be added to the policy without having to switch out the entire policy. The new module is then added to the module store, which results in a new policy binary that is a combination of the previous policy and the new module. This actually works by separating out compile and link steps in the policy build procedure. Policy modules are compiled from source, and linked when installed into the module store (see Managed Policy). This linked policy is then loaded into the kernel for enforcement. The primary command for dealing with modules is semodule, which lets you perform basic functions such as installing, upgrading, or removing modules. Other usef
