custom modules:
mkdir -p /root/selinux/modules 2> /dev/null
setenforce 0  # drop to permissive
load_policy   # create reset point to assist in isolation of avcs
cd /root/selinux/modules
# go through all motions to trigger all actions that need to be allowed
audit2allow -M $module_name -l -i /var/log/audit/audit.log # build module
setenforce 1  # restore enforcing
less $module_name.te # inspect the module, salt to taste
semodule -v -i $module_name.pp # load it