On Fri Apr 29 2016 11:05:47 GMT-0600 (MDT) Adam Williamson
<adamwill(a)fedoraproject.org> wrote:
On Fri, 2016-04-29 at 09:49 -0700, Rick Stevens wrote:
> As I understand it, permissive should allow all operations but give
> warnings while disabled means, well, disabled. However, I've seen
> permissive mode _block_ some operations and not issue any warnings
> about those blocked operations.
Does anything get logged when 'dontaudit' is disabled?
This is known, there are *some* special forms of SELinux filtering
that
can't be made 'permissive'. It works for most stuff, though. I think
Dan has a blog post on it somewhere.
Improving/refreshing SELinux knowledge is never a bad thing ;) so I did some
reading and have come across:
http://danwalsh.livejournal.com/67855.html
Is that it?
--
Viorel