On 7/17/20 4:09 PM, Deven Bowers wrote: > +config SECURITY_IPE_PERMISSIVE_SWITCH > + bool "Enable the ability to switch IPE to permissive mode" > + default y > + help > + This option enables two ways of switching IPE to permissive mode, > + a sysctl (if enabled), `ipe.enforce`, or a kernel command line > + parameter, `ipe.enforce`. If either of these are set to 0, files is set > + will be subject to IPE's policy, audit messages will be logged, but > + the policy will not be enforced. > + > + If unsure, answer Y. -- ~Randy