At the core of every SELinux system are the policies. These are the exact rules that define the access rights and relationships between all our objects. As we have learned earlier, all our system's objects have labels, and one of them is a type identifier that can then be used to enforce rules laid down by policies. In every SELinux enabled system, by default, all access to any object is prohibited unless a policy rule has been defined otherwise. Here, in this recipe, we will show you how we can query and customize SELinux policies. As you may notice, some of the commands have already been applied in other recipes in this book, such as for the
ftpd daemons. Here, you will find out how policies work.