I want to do custom SELinux with policies.

The first challenge I am facing is to check if the label is correct or not instead of using audit2allow first.

How do I know if labeling is correct in a denied message from /var/log/audit.log?

Thanks.

---henry