Extending SELinux policies with additional rules is easy. As SELinux
uses a deny by default approach, all you need to do is to create a
that contains the additional (allow) rules, load that and you're all
set. But what if you want to remove some rules?
Well, sadly …