There are two main directories for SELinux policy in /etc/selinux/:
It is possible to have more than one policy existing on the
system, although only one may be loaded at a time. The policy
binary files, and possibly source files, are located in /etc/selinux/<policyname>/, where <policyname> is the name of your policy,
such as targeted, strict, webhost, test, and so forth. The
configuration file /etc/selinux/config
defines which policy is used, for example SELINUXTYPE=targeted.
In this document, the convention of $DIRECTORY_TYPE is used instead of the full path to
assist in readability:
The variable directory $SELINUX_SRC/
is a substitute for the generic directory of /etc/selinux/<policyname>/src/policy/ and the
targeted policy source directory at /etc/selinux/targeted/src/policy/.
The variable directory $SELINUX_POLICY/ is a substitute for the generic
directory of /etc/selinux/<policyname>/policy/ and the binary
targeted policy directory at /etc/selinux/targeted/policy/.
An important file is the audit log file. In Red Hat Enterprise
Linux, $AUDIT_LOG by default is
/var/log/messages. However, this is
configurable via /etc/syslog.conf, and
future work on an audit daemon will handle kernel audit events and
log them into a separate file. Because of the variable nature of
where the audit logs are, the variable file $AUDIT_LOG is used as a substitute.
Other important files and directories include $SELINUX_POLICY/booleans and $SELINUX_POLICY/contexts/, which are both discussed
in Section 3.2 Files and
Directories of the Targeted Policy.
The most important file for SELinux is the binary policy file.
This file is located at /etc/selinux/targeted/policy/policy.<XY>. The <XY> represents the two digits of the
policy version. In the case of Red Hat Enterprise Linux 4, this
file is policy.18.