it's just a case of modifying your selinux rules to allow your changes. Obviously you need to pay as much attention to the selinux errors as possible to ensure that they are suitable to avoid (as opposed to other actions like using chcon to change the context of an incorrectly created config file etc...)
so you'd use the audit2allow command to inspect the dmesg buffer and provide you with rules to get around what is listed as denied in there.
first ensure you have the targeted policy sources installed:
Code:
yum -y install selinux-policy-targeted-sources
cd /etc/selinux/targeted/src/policy/
then update the policy to allow the denied avc:
Code:
audit2allow -d # show knew rules
audit2allow -d -o /etc/selinux/targeted/src/policy/domains/misc/local.te # add new rules to user policy
make reload # build rules.
The last part may need to be done a number of times as everything will stop at a given denial, and once that is permitted others behind it can then be hit. but as log as you pay attention to the rules and can keep seeing additional rules that make sense and are new you'll be fine.
SELinux blocks my changes in rsyslog.conf
