There are others, but selinux should only log the AVCs in Permissive. Right? But the selinux system is actually doing denials.
Just for clarification, setroubleshoot will still report a denial in permissive mode because it is logged as a denial by the audit system, however the action should still be permitted.
There is an open bug report requesting the text in the setroubleshoot message to be modified when the system is in permissive mode to say "SELinux would have denied" instead of denied. We're going to be fixing that, it's not quite as trivial as it seems because all the messages have been translated into other languages so you can't just do a simple string substitution and retain correct grammar in another language, but we will be fixing this one way or another.
In theory if you're spam filtering is not working it shouldn't be because SELinux is actually denying anything because you're in permissive mode. I would first look elsewhere. I'm not saying it's impossible it's SELinux, but because you're in permissive mode it's very unlikely.
-- John Dennis <jdennis@xxxxxxxxxx> -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
