I have been seeing something that looks like my add on policies aren't being
used after selinux updates in some cases. The modules show up in output
of semodule -l, but I get audit warnings for things allowed by them and some
services don't work as expected. (And the audit2allow output even notes
that they should be allowed by current policy.)
Is there a way I can check to see if semodule -l is telling me what's really
loaded into whatever is doing the enforcing?