Simplicity is a form of art...

Overriding the default SELinux policies
by Sven Vermeulen, post on Wed 15 May 2013

Extending SELinux policies with additional rules is easy. As SELinux uses a deny by default approach, all you need to do is to create a policy module that contains the additional (allow) rules, load that and you're all set. But what if you want to remove some rules?

Well, sadly …