On Fri Apr 29 2016 11:05:47 GMT-0600 (MDT) Adam Williamson
On Fri, 2016-04-29 at 09:49 -0700, Rick Stevens wrote:
> As I understand it, permissive should allow all operations but give
> warnings while disabled means, well, disabled. However, I've seen
> permissive mode _block_ some operations and not issue any warnings
> about those blocked operations.
Does anything get logged when 'dontaudit' is disabled?
This is known, there are *some* special forms of SELinux filtering
can't be made 'permissive'. It works for most stuff, though. I think
Dan has a blog post on it somewhere.
Improving/refreshing SELinux knowledge is never a bad thing ;) so I did some
reading and have come across:
Is that it?