Ok, gents, I see it that creating the type worked, and I see dbus: avc: received policyload notice (seqno=988) after I applied the new type... but then I'm still seeing selinux avcs (it is in permissive mode), such as setroubleshoot: SELinux is preventing /usr/bin/sudo from search access on the directory /proc/<pid>/stat. and setroubleshoot: SELinux is preventing /usr/bin/sudo from open access on the file /var/log/sudo.log. Does apache have to be restarted for it to realize that the selinux file context has changed? mark -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux