On Sun, 2005-01-30 at 12:14, Sitsofe Wheeler wrote: > Hello, > > In a similar way to the way that selinux can be turned on or off for a > single service like apache, is there anyway to selectively have > permissive mode on just one service and enforcing on all the rest? Not presently. It would however be straightforward to add a macro the policy that includes both the allow rules from unconfined_domain and a corresponding auditallow rule for each such allow rule, so that when you apply that macro to a domain, it will be allowed to do everything but all of its accesses will be audited. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
