Check if SELinux is enabled with getenforce or sestatus. Set it with setenforce enforcing or setenforcing 1. Disable with setenforce permissive or setenforcing 0. ===== Creating own module ===== Files used .te , Type Enforcement file .fc , File Context file ==== Method 1 ==== checkmodule -M -m -o mymodule.mod mymodule.te semodule_package -o mymodule.pp -m mymodule.mod sudo semodule -i mymodule.pp ==== Method 2 ==== .te file starts with "policy_module(my_module_name, 1.0.0)" make -f /usr/share/selinux/devel/Makefile mymodule.pp sudo semodule -i mymodule.pp Also see: https://wiki.gentoo.org/wiki/SELinux/Tutorials/Creating_your_own_policy_module_file sudo ausearch -m avc -ts today sudo sealert -a /var/log/audit/audit.log # "avc" is "access vector cache" #Log message example: type=AVC msg=audit(1348173901.081:298): avc: denied { write open } for pid=3426 comm="smartd" name="smartd.WDC_WD2500BEKT_75PVMT0-WD_WXC1A21E0454.ata.state" dev=sda6 ino=582390 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:var_lib_t tclass=file sudo restorecon -Rv /path/to/broken/file/or/directory sudo setsebool -P on sudo semanage port -l | grep sudo semanage port -a -t -p tcp