SELinux policy modules can contain file context definitions through their
.fc files. In these files, path expressions are used to point to the various locations that should match a particular file context, and class identifiers are used to differentiate file context definitions based on the file class (directories, regular files, symbolic links, and more).
In this recipe, we'll create a
mylogging SELinux module, which defines additional path specifications for logging-related contexts. We will use direct file paths as well as regular expressions, and take a look at the various class identifiers.
To define a file context through an SELinux policy module, use the following approach: