On 12/1/18 11:46 PM, amir.imen(a)gmail.com wrote: The order of policy rules will not effect access decisions, so it does not matter whether a constrain rule or allow rule comes first. If you build a policy using a policy.conf file and checkpolicy, then there is a particular order that all the rules must be in, but most people will not be building policy that way. The order of labeling rules such as portcon and file contexts can be important, but they are sorted automatically when using the normal policy tools to put the rules in a logical and consistent order. -- James Carter <jwcart2(a)tycho.nsa.gov&gt; National Security Agency