With the policy ready and loaded, it is time to start testing the application from a user's perspective, while keeping an eye on the audit logs (for denials) and application output.

Testing the application is an important phase of policy development and will also be the most time consuming task. During testing, several functional features of the application will be tried and the resulting permissions (SELinux-wise) will need to be added to the policy.

In previous recipes, such as Creating a skeleton policy, we enabled a set of permissions based on other policies and common sense. However, these permissions have not been validated and tested yet. In this recipe, we will assert that the permissions are truly needed, ...