After you modify a policy source file, you must recompile the policy sources and load the translated binary policy into the kernel. These and other common administrative functions are performed by using the SELinux Makefile, which typically resides in /etc/security/selinux/src/policy. Chapter 4 introduced the SELinux Makefile. Table 9-2 recaps the six operations the Makefile provides.
Operation
Description
policy
Compile the policy sources, but do not create a new policy binary.
install
Compile the policy sources and createbut do not loada new policy binary (default).
load
Compile, create, and load a new binary policy.
reload
Compile and create a new binary policy if the policy sources have been recently modified; load the new binary policy.
clean
Delete temporary files created during policy compilation.
relabel
Relabel filesystems.
To perform an operation using the Makefile, move to the directory containing it. Then, issue the command:
make operation
where operation is one of the six operations described in Table 9-2. For example, to compile, create, and load a new binary policy, issue the command:
make load
To reload the current policy, issue the command:
make reload
If the policy sources have been modified since the binary policy file was created, invoking make will also compile the policy sources and create a new binary policy file.